For intelligent technological ecosystems—today’s automotive solutions—security means also safety. And while reliable cellular connectivity makes connected cars function and provides increased capabilities, strong cybersecurity architecture makes them safe. What could happen on the road if a hacker could access a car over the Internet to hijack its brakes and transmission?
So, automakers need to focus on these emerging safety vulnerabilities and ensure that their products meet the highest automotive IoT security standards.
With automotive IoT technologies like radar, vision, V2X, and LiDar enabled by hundreds of sensors, today’s connected cars produce up to 25GB of data every hour, including information about the driver, the vehicle, and the passengers. Although all generated data is pre-processed in the vehicle, data exchange between cars and infrastructure happens via the cloud and can be compromised by hackers.
Traditionally, experts classify three significant categories of valuable goods and services that cybercriminals can potentially monetize:
Earlier, hacks of connected vehicles were regarded as a theoretical danger as most cars relied on custom OEM-produced hardware and software to provide connectivity. Now, many modern manufacturers contract out hardware and software solutions rather than develop them in-house. These systems have become a major target for attack.
It is important to understand the various vulnerable areas a connected car has to be able to take robust security measures.
What types of cyberattacks are already challenging a connected car ecosystem?
Here is a snapshot of real-world examples:
So how can the industry fight back, secure their automotive IoT solutions and protect customers? Car manufacturers should find the optimal cybersecurity strategy by considering five main steps:
Сar companies should select and implement an adequate set of cybersecurity solutions for both software and hardware of their vehicles. Doing so will help minimize waste in terms of investment, and preserve the security of their products. Let’s zoom in on the vital defensive technologies and software solutions for the automotive industry:
Now, automotive players should adopt uniform cybersecurity standards to protect the connected cars they design and manufacture. These include the United Nations Economic Commission for Europe (UNECE) WP.29 cybersecurity standards, International Standardization Organization ISO 24089—Software Update Engineering standards, or the upcoming ISO 21434 Road Vehicles—Cybersecurity Engineering standards.
In the United States, there is no active legislation or regulations for the security of connected cars. The only regulations on the horizon are in Massachusetts, where a bill has been referred to the State Senate Committee on Ways and Means (as of July 2021). Named the Act relative to the cybersecurity of the internet connected devices and autonomous vehicles, Bill S.2056, it introduces some IoT definitions including connected cars, IoT devices, and personal data protection. The act is supposed to regulate the protection of personal data generated by connected cars in the same way as other IoT data is protected.
The above standards are key because advanced technologies and the increased connectivity of vehicles significantly increase the risk of cyberattacks. Additionally, in a vehicle, the risk of physical injury is added to the risk data loss. Successful cyberattacks could lead to financial and reputational damage as well as significant regulatory fines for manufacturers.
Ultimately, cybersecurity standards and regulations such as WP.29 and ISO/SAE 21434 can benefit automotive industry stakeholders. By embedding a strong culture of cybersecurity, cyber risk quantification, risk management, governance, and technological controls and processes, these standards can help keep vehicles, drivers, and pedestrians safe.
Connected cars are designed to integrate seamlessly into the rest of digital infrastructure. But too often, it is precisely this integration that can be a source of vulnerability. That is why connected car security involves far more than just advanced anti-theft devices. It requires businesses to look at the entire ecosystem in which the vehicle functions and communicates, and which ensures that shared data is protected.