Automakers are increasingly jam packing modern vehicles with connected systems that can present serious cyber security risks. According to a recent report from the New York Times, automakers and electronic system suppliers around the world are taking steps to protect vehicles from hackers.
“To take control of a vehicle’s direction and speed: This is what everyone in the industry is worried about,” Ami Dotan, Karamba Security’s chief executive, told the paper. “And everyone is aware this could happen.”
Today’s vehicles contain about 150 electronic controls and about 100 million lines of code, a number that could triple by the end of the decade, according to the consulting firm McKinsey & Company. In comparison, a passenger jet contains 15 million lines of code.
The challenges of securing modern vehicles are numerous and complex. Examples include SIM cards containing malicious code; hackers feigning over-the-air software updates and using smartphones to send malicious code to vehicles; bad actors manipulating roadway signs and other infrastructure to fool a vehicle’s sensors; and even infotainment systems can be used as backdoors to break into a car’s operating systems.
While regular over-the-air software updates can help keep vehicles secure from attacks, the automotive industry hopes to go further by ensuring electronic systems are protected before they even leave the assembly line.
Vehicle Makers and System Suppliers Are Getting Cyber Ready
Automakers and electronic systems suppliers are starting to be proactive about cyber security. Some suppliers are designing systems that can set off alarms if a system is receiving communications from an unfamiliar system. Other manufactures are designing systems that lock down during suspected hacking attempts.
General Motors and Volkswagen both follow a practice called “defense in depth”. Through this process, they eliminate unnecessary software and establish rules that only let vehicle systems communicate with each other when necessary.
Continental, a top electronic parts supplier, uses an intrusion detection and prevention system that deflects hackers.
“If the throttle position sensor is talking to the airbag, that is not planned,” Ronen Smoly, chief of Argus Cyber Security, a division of Continental, told the Times. “We can stop this, but we wouldn’t do so while the vehicle was moving.”
Additionally, software and hardware suppliers who make vehicle infotainment systems are starting to integrate firewalls that can thwart hacking attempts.
Global Vehicle Regulations and Standards for Cyber Security Are Rising
Even when individual vehicle makers and electronic systems suppliers take precautions to protect vehicles, in the absence of international standards and regulations that require security across the board, vehicles are still vulnerable. Slowly but surely, global cyber security standards and regulations for vehicles are starting to take shape.
In Europe, the United Nations vehicle cybersecurity regulations (WP.29) came into force earlier this year. It will take effect for all vehicles sold in Europe starting July 2024 and in South Korea and Japan in 2022. Though the U.S. is not one of the 54 signatories, American automakers are likely to comply nonetheless.
“The U.N. regulation is a global standard, and we have to meet global standards,” Kevin Tierney, General Motors’ vice president for global cybersecurity, told The Times.
The U.S. doesn’t currently have any specific regulations in regards to vehicle cyber security, but the country recently updated its Cybersecurity Best Practices for the Safety of Modern Vehicles guidelines, which it originally released five years ago. Although it’s not a mandatory regulation, it does offer guidance on automotive cyber security best practices.
While vehicle cyber security regulations are still in their infancy, they will need to evolve—especially as vehicles become more connected. Vehicle makers and suppliers who are proactive about cyber security are more likely to stay ahead of the curve.
Focusing on Security and Safety
Prepare your organization to better comprehend the security aspects of the automotive industry. An online five-course program, Automotive Cyber Security: Protecting the Vehicular Network aims to foster the discussion on automotive cyber security solutions and requirements for both intelligent vehicles and the infrastructure of intelligent transportation systems.
Taub, Eric A. (18 March 2021). Carmakers Strive to Stay Ahead of Hackers. The New York Times.