In recent years, the automotive sector has undergone several rapid changes, including connected and autonomous vehicles, advanced driver assistance systems, and smart transportation. Although they have increased driver comfort and safety, these innovations are also associated with technological challenges—especially in the areas of data privacy and cyber security. According to The Business Research Company, the automotive cyber security market size is expected to reach US$4.16 billion by 2026, growing at a rate of over 19%. The good news is that automakers are adding hardware and software for better cyber defenses. The bad news is that criminal hackers are gaining more advanced capabilities. Furthermore, there are now more attack surfaces to hack and exploit.

It is important not to undersell the scale of this potential cyber attack problem. In 2021, only 32% of all American cars were “connected,” sending and receiving data on a regular basis. By 2025, that number may top 50%. Then in another ten years, the percentage of new US vehicles that will be connected is predicted to hit 95%. This expands the cyber attack playing field from just under a third of all new vehicles to almost all new vehicles.

Types of Attacks

One clear trend is the growth of remote hacks, which includes both web-based and nearby wireless attacks such as key-fob hacks. Remote hacks make up the majority, now accounting for about 85% of attacks. Upstream, a cyber security and data management platform, revealed that cyber attacks on cars have soared 225% in the last three years. They found that the most common automotive cyber attacks saw a data or privacy breach, followed by car theft or a break-in via the car’s wireless key fob mechanism.

“Without effective cyber security, everything from the infotainment system to the engine control unit is at risk. The issue is that the move toward connected, autonomous vehicles is outpacing automotive cyber security measures and regulations,” explained Charles Griffiths, Head of Technology and Innovation at IT of website AAG. Once carjackers enter a car with a cloned key, they can hack the engine control unit to turn the engine on and drive away. For cars in motion, hackers can tamper with settings like the auto brake or steering, potentially causing a serious accident.

Upgraded Technology Comes with New Threats 

The push towards more sophisticated levels of autonomy in the automotive sector is a challenge for security. Adding data-exchange and GPS signal-guidance to vehicles benefited drivers, but the extra technology increases the potential for significant cyber attack. Signals and data are weaknesses that we have intentionally introduced into vehicles in the last 20 years in favor of end-user benefits. And so far, these benefits have massively outweighed the risks.

Signal attack vectors are predicted to narrow over the next 20 years—making it harder for attackers and safer for drivers. Data interchange density problems and security weaknesses still exist, making vehicles the next version of the email hack (where there is unsecured data, there is money to be made from stealing that data). Currently, the responsibility for ensuring any such hack is unsuccessful is split between the individual vehicle component manufacturers, the overall vehicle manufacturer, and the seller of the vehicle. With the responsibility net unclear, unhardened security, and a vast array of potential data-targets, you have near perfect conditions for hackers.

Changing How We See Vehicles

Many technology-savvy people are very protective of their data. They’ll install the most impressive data security they can afford on their computer system, monitor their credit cards for fraud, and take other security measures. However, historically, people haven’t needed to think of their cars as a data-risk. As such, there isn’t a huge demand for ruggedized data security in vehicles. The connected car changes the very nature of what a car is, and mitigation of data-theft from connected cars has yet to mature. Until it does, high security is likely to remain a paid-for add-on for the foreseeable future.

Focus on Automotive Cyber Security

As the automotive industry continues to produce connected and autonomous vehicles, there is a need to better understand the safety and security of this technology. Automotive Cyber Security: Protecting the Vehicular Network is a five-course program that aims to foster the discussion on automotive cyber security solutions.

Contact an IEEE Content Specialist today to learn more about getting access to these courses for your organization.

Interested in the course for yourself? Visit the IEEE Learning Network.

 

Resources:

Bradley, Tim. (28 June 2022). Cyber attacks on cars up 225 percent: how hackers could be targeting your vehicle. Express.

Fyler, Tony. (21 July 2022). Cyber-Attack Vectors in the Automotive Sector – Part 1: Signal Attacks. TechHQ.

Fyler, Tony. (21 July 2022). Cyber-Attack Vectors in the Automotive Sector – Part 2: Data Attacks. TechHQ.

FWM. (August 2022). Evolution of the automotive sector – data privacy and cyber security. Financier Worldwide Magazine.

Juliussen, Egil. (29 June 2022). Automotive Cybersecurity: More Than In-Vehicle and Cloud. EE Times Europe.

Liao, Rita. (25 July 2022). Real Driverless Cars Legal in China’s Shenzhen. TechCrunch.

MRH. (27 July 2022). Smart Transportation Market Segments, Opportunity, Growth and Forecast by End-use Industry 2022-2030. This Is Ardee.

Straits Research. (25 July 2022). Advanced Driver Assistance System Market Size is projected to reach USD 57.90 Billion by 2030, growing at a CAGR of 18.3%. GlobeNewswire.

TBRC Business Research Pvt Ltd. (20 July 2022). Automotive Cybersecurity Global Market to Grow at Rate Of 19% Through 2026. EIN Newswires.

As modern vehicles grow increasingly connected, they are becoming a boon to cyber criminals in the process. According to the AV-TEST Institute, cyber attacks targeting vehicles increased to about 1.1 billion by the end of 2020. This is a significant rise compared to roughly 65 million a decade ago. 

A number of new standards, regulations, and best practices aim to help curb these attacks. Among these include 29 regulations from the United Nations Economic Commission for Europe (UNECE). In addition, there is the National Highway Traffic Safety Administration (NHTSA) best practices report. The SAE J3101 standard outlines hardware-protected security requirements for applications in ground vehicles. Moreover, the ISO/SAE 21434 standard is designed to safeguard vehicles from security risks across their lifetime. According to Security Boulevard, the new ISO/SAE 21434 standard specifies “various engineering requirements and recommendations.” It covers risk management in the concept, product development, production, operation, maintenance, and decommissioning of electrical and electronic systems in vehicles, components, and interfaces. This automotive cyber security standard is significant. It will spur automakers, suppliers, and product developers to adopt a vigorous cyber security culture.

What Will This Cultural Shift Entail?

The auto industry’s cyber security cultural evolution will consist of transformations that are both human and technical, according to Automotive World. 

Human:

Every employee will need a basic understanding of cyber security and techniques for reducing risks. This means that employees involved in vehicle design will have to undergo regular training. Select experts will need to oversee cyber security in various organizational divisions. Furthermore, special budgets for security will need to be developed, and new functions and features will need to undergo testing.

“Security has to be part of the thought process, but this is going to be quite a difficult transition for many organisations as it is a fairly new topic for the auto industry,” Dr. Dennis Kengo Oka, Principal Automotive Security Strategist at global software company Synopsys, told Automotive World. “This will require a cultural change to promote cyber security from the top down.”

Technical:

New technical solutions will help safeguard vehicles from cyber criminals. Additionally, there are services that help original equipment manufacturers and suppliers make more secure products. However, there will still be security challenges. For example, open-source software has saved time and money for the auto industry, but it also increases the chances of errors. These errors create doorways for hackers. For this reason, it is essential to bring in services that specialize in automating open-source software management that can help identify potential issues.

“Large automotive organisations cannot develop everything on their own, and in many cases those open-source software components are very beneficial,” said Oka. “The challenge in using open-source software is managing it; you need to know which components and versions are being used in your products and systems. Also, you must identify if there are any vulnerabilities associated with those versions.”

As hackers grow more sophisticated, so will the challenge of securing modern vehicles. By creating a sound cyber security culture across the automotive industry from the ground-up, automakers and suppliers can ensure their vehicles and products are trustworthy and safe.

Understanding Automotive Cyber Security

Prepare your organization to better comprehend the security aspects of the automotive industry. An online five-course program, Automotive Cyber Security: Protecting the Vehicular Network aims to foster the discussion on automotive cyber security solutions and requirements. This is important for both intelligent vehicles and the infrastructure of intelligent transportation systems.

Contact an IEEE Content Specialist today to learn more about getting access to these courses for your organization.

Interested in the course for yourself? Visit the IEEE Learning Network.

Resources

Neustadter, Dana. (5 August 2021). Protecting Automotive Socs Starts With Secure Ip. Semiconductor Engineering. 

Oka, Dennis Kengo. (19 July 2021). Practical solutions for a secure automotive software development process following ISO/SAE 21434. Security Boulevard. 

Holmes, Freddie. (14 July 2021). Automakers must champion cyber security. Automotive World. 

Currently, 200 million digitally “connected vehicles” are traversing the world’s roadways, according to a recent white paper from the 5G Automotive Association (5GAA). By 2024, real-time traffic updates will be possible thanks to road infrastructure that will be digitally connected. By 2026, advanced vehicle-to-vehicle (V2V) capabilities will help bring automated vehicles another step closer to reality.

Today’s vehicles contain more software than ever before, as well as a constellation of automotive systems in their power locks, brakes, windows, entertainment, steering, and other features. Future vehicles will come equipped with advanced autonomous capabilities and driver-assistance systems (ASAD) that will make them even more complex. 

These developments are happening rapidly. According to the research firm Frost & Sullivan, over 18 million new autonomous vehicles will be road-ready by the end of the decade. However, without appropriate regulations and advanced security features, these vehicles can become easy prey for hackers. With this in mind, many governments and automakers have already begun to take cyber security seriously. 

Standards and Regulations

The United Nations Economic Commission for Europe (UNECE) is in the process of developing automotive cybersecurity regulations. Known as WP.29, the regulation would enhance cyber security and software updates in vehicles. It will be mandatory for all vehicle manufacturers in the European Union beginning July 2024. While manufacturers in Korea and Japan have agreed to comply with WP.29 within their own timelines, manufacturers in North America won’t be required to adhere to them.

Additionally, the International Organization for Standardization (ISO) is working on ISO/SAE 21434, a standard that aims to establish “cyber security by design” from the initial phase of a vehicle’s design. The organization is also working to establish ISO 24089, a standard that would regulate software updates in vehicles.

Five Top Cyber Security Threats for Automakers

In order to ensure their designs are safe from cyber security threats, vehicle manufacturers have five main concerns they will need to consider, according to Security Intelligence. These include:

1. Complexity: Future vehicles will come equipped with interconnected architectures containing embedded telecommunications that will make them challenging to secure.
2. Attacks on the power grid: Recently, research has demonstrated that it would be possible for hackers to disrupt the power grid or trigger a blackout by attacking multiple electric vehicles that are charging at the same time. To prevent this, standards will need to be developed that require vehicles to undergo testing and come equipped with cyber security features.
3. Mobile devices: Increasingly, mobile phones are being used to control the various functions and features of connected vehicles such as windshield wipers, locks, and heat/air-conditioning. These devices pose a range of security threats, such as when a user inadvertently downloads malware, fails to update their operating system, or has a faulty password. If a hacker manages to take control of their phone, it wouldn’t be difficult for them to take control of the vehicle.
4. Untrained employees: In order to ensure cybersecurity is secure across all facets of a vehicle’s design, every employee engaged in the design process must be adequately trained in cyber security.
5. Securing financial features: Since many hackers will likely be motivated to steal financial information from drivers, special attention must be given to financial security features such as payment for fuel, tolls, and subscriptions.

Change is often difficult, but vehicle manufacturers will need to adjust to international regulations and standards in order to gain the public’s trust. By getting a head start in the process now, they can ensure their vehicles are safe when they’re ready to hit the roads.

Protecting Vehicles

As the automotive industry continues to work on intelligent and autonomous vehicles, there is a need to better comprehend the safety and security of this connected technology. Automotive Cyber Security: Protecting the Vehicular Network is a five course program that aims to foster the discussion on automotive cyber security solutions and requirements for not only intelligent vehicles, but also the infrastructure of intelligent transportation systems.

Contact an IEEE Content Specialist today to learn more about getting access to these courses for your organization. 

Interested in the course for yourself? Visit the IEEE Learning Network.

Resources

Dhami, Indy. (2 October 2020). Top 5 Threat Vectors in Connected Cars and How to Combat Them. Security Intelligence. 

Grau, Alan. (28 September 2020). Cybersecurity is Imperative for Connected Cars. Electronic Design.

Kohler, Arndt. (24 September 2020). Automotive Cybersecurity: New Regulations in the Auto Industry. Security Intelligence. 

O’Halloran, Joe. (10 September 2020). Connected vehicle association makes call for wireless spectrum to develop use cases. ComputerWeekly.com.