As modern vehicles grow increasingly connected, they are becoming a boon to cyber criminals in the process. According to the AV-TEST Institute, cyber attacks targeting vehicles increased to about 1.1 billion by the end of 2020, compared to roughly 65 million a decade ago.
A number of new standards, regulations, and best practices aim to help curb these attacks. Among these include 29 regulations from the United Nations Economic Commission for Europe (UNECE), the National Highway Traffic Safety Administration (NHTSA) best practices report, the SAE J3101 standard (which outlines hardware-protected security requirements for applications in ground vehicles), and the ISO/SAE 21434 standard, which is designed to safeguard vehicles from security risks across their lifetime. According to Security Boulevard, the new ISO/SAE 21434 standard specifies “various engineering requirements and recommendations for risk management in the concept, product development, production, operation, maintenance, and decommissioning of electrical and electronic systems in vehicles, components and interfaces.” This automotive cyber security standard is significant as it will spur automakers, suppliers, and product developers to adopt a vigorous cyber security culture.
What Will This Cultural Shift Entail?
The auto industry’s cyber security cultural evolution will consist of transformations that are both human and technical, according to Automotive World.
Human: Every employee will need a basic understanding of cyber security and techniques for reducing risks. This means that employees involved in vehicle design will have to undergo regular training. Select experts will need to oversee cyber security in various organizational divisions, special budgets for security will need to be developed, and new functions and features will need to undergo testing.
“Security has to be part of the thought process, but this is going to be quite a difficult transition for many organisations as it is a fairly new topic for the auto industry,” Dr. Dennis Kengo Oka, Principal Automotive Security Strategist at global software company Synopsys, told Automotive World. “This will require a cultural change to promote cyber security from the top down.”
Technical: New technical solutions will help safeguard vehicles from cyber criminals, along with services that help original equipment manufacturers and suppliers make more secure products. However, there will still be security challenges. For example, open-source software has saved time and money for the auto industry, but it also increases the chances of errors that create doorways for hackers. For this reason, it is essential to bring in services that specialize in automating open-source software management that can help identify potential issues.
“Large automotive organisations cannot develop everything on their own, and in many cases those open-source software components are very beneficial,” said Oka. “The challenge in using open-source software is managing it; you need to know which components and versions are being used in your products and systems, and if there are any vulnerabilities associated with those versions.”
As hackers grow more sophisticated, so will the challenge of securing modern vehicles. By creating a sound cyber security culture across the automotive industry from the ground-up, automakers and suppliers can ensure their vehicles and products are trustworthy and safe.
Understanding Automotive Cyber Security
Prepare your organization to better comprehend the security aspects of the automotive industry. An online five-course program, Automotive Cyber Security: Protecting the Vehicular Network aims to foster the discussion on automotive cyber security solutions and requirements for both intelligent vehicles and the infrastructure of intelligent transportation systems.
Contact an IEEE Content Specialist today to learn more about getting access to these courses for your organization.
Interested in the course for yourself? Visit the IEEE Learning Network.
Neustadter, Dana. (5 August 2021). Protecting Automotive Socs Starts With Secure Ip. Semiconductor Engineering.
Oka, Dennis Kengo. (19 July 2021). Practical solutions for a secure automotive software development process following ISO/SAE 21434. Security Boulevard.
Holmes, Freddie. (14 July 2021). Automakers must champion cyber security. Automotive World.