China’s first-ever automotive data security regulation is slated to go into effect on 1 October. The provision, which primarily aims to regulate automotive data processing in the country, joins a growing number of standards, regulations, and best practices enacted worldwide designed to protect vehicles from cyber crime.
An alarming rise in cyber attacks against connected vehicles demonstrates why these protections are increasingly necessary. According to a report from Upstream Security, at least 150 automotive cybersecurity incidents happened in 2019, which is part of a 94% year-over-year increase since 2016.
Most vehicles that come with some form of connectivity today are at risk of coming under attack, although the risks vary.
“The more sophisticated the system is, the more connected your vehicle is, the more exposed you are,” Moshe Shlisel, the CEO and cofounder of GuardKnox Cyber Technologies, a company that develops cyber security solutions for vehicles, told the Detroit Free Press. “We have taken whatever model [car] you think of and we hack them through various places. I can control your steering, I can shut down and [start] your engine, control your brakes, your doors, your wipers, open and close your trunk.”
How can automakers prevent this? The Upstream report recommends three actions automakers can take to improve vehicle security, as noted in Car and Driver Magazine:
- Integrate security into the design of all vehicle components.
- Establish a multi-layered cyber security solution that includes in-vehicle, IT network, and cloud-based security defenses.
- Build vehicle security operations centers that “monitor, detect, and quickly respond to cyber incidents to protect vehicles, services, fleets, and road users.”
Why It’s Important to Establish a Governance Security Framework
Technical solutions alone will not be enough for automakers to stave off cyber crime. According to Stefano Buschi, partner and cyber risk & crisis management services leader at Deloitte, automakers also need to enact a governance security framework to ensure their vehicles are secure.
“Governance of connected vehicle cyber security is key and will define manufacturers’ abilities to deploy, maintain and evolve their cyber security management systems across their entire production chain in the coming years,” writes Buschi in Automotive World.
Few automakers and original equipment manufacturers are making the necessary strides to establish governance. However, new regulations have opened up opportunities for companies to “re-think their complete cyber security governance model in a more integrated way.”
According to Buschi, these new regulations would foster “more comprehensive cyber security governance between connected vehicles, factories, and typical information and communication technology (ICT) legacy systems, whilst also achieving a competitive advantage in the long term.”
An effective integrated cyber security governance model must “integrate cybersecurity into the lifecycle of a vehicle, from design and development to security monitoring,” he adds. Failing to do this and detecting potential cyber attacks will likely result in needing to spend large sums on retrofit defenses, such as recalls and warranty repairs, after cyber attacks occur.
As ransomware attacks grow, so too will the need to establish enhanced cyber security solutions. While automakers may find these changes challenging and costly, they may likely find that not making them will create even bigger problems for them long term.
Focus on Cyber Security Needs in the Automotive Industry
Designed to foster the discussion on automotive cyber security solutions and requirements for both intelligent vehicles and the infrastructure of intelligent transportation systems, Automotive Cyber Security: Protecting the Vehicular Network is a five-course that can help you better comprehend the security aspects of the automotive industry.
Contact an IEEE Content Specialist today to learn more about getting access to this five-course program for your organization.
Interested in the course program for yourself? Visit the IEEE Learning Network.
Blanco, Sebastian. (4 September 2021). Car Hacking Danger Is Likely Closer Than You Think. Car and Driver.
Buschi, Stefano. (16 August 2021). Cyber security governance must keep automakers ahead of the hackers. Automotive World.
Goh, David S. K. and Xu, Beibei. (21 September 2021). A New Era of Automotive Data Compliance is Coming. National Law Review.
Gong, James, Yue, Clarice, Werner, Sven-Michael, and Zeng, Sarah. China Tightens Data Protection in Automotive Industry. Lexology.