Automotive cybersecurity tactics and protocols will have to adapt not just to changing threats, but also to changing models of how we utilize vehicles.
Automotive cybersecurity – and especially the cybersecurity of autonomous vehicles – has been a major source of discussion in the cybersec community ever since 2015’s infamous hack of a moving Jeep.
Though autonomous vehicles have been around for a while, the threat landscape they face has changed significantly in recent years. The focus used to be on securing these vehicles against vulnerabilities introduced during design or manufacturing stages. Now, as cybersecurity threats have become more sophisticated and adaptive, there is a growing consensus that automotive security needs to take the same step: away from a retroactive focus on eliminating security holes and towards real-time vulnerability scanning systems.
In this article, we’ll look at the changing threat landscape in the automotive sector and explain why the sector needs to make the transition to real-time threat detection.
Technology has revolutionized almost all aspects of the automotive industry, improving efficiency and profitability at every stage from production to sales. However, each novel use of Technology also gives rise to new cybersecurity challenges. For this reason, it’s important for automotive manufacturers to take a holistic approach to the cybersecurity of their vehicles.
There are, essentially, three levels of cybersecurity threat for automotive companies. The first is shared with almost every other organization: corporate systems. These systems likely hold valuable IP and personally sensitive information, but also contain details of the cybersecurity measures taken.
The second attack vector occurs at production plants. While today’s highly automated production systems have made automotive manufacturing safer and more efficient than ever, they are also vulnerable. An insufficiently secure manufacturing process can potentially have a consequential effect on the security of the cars it produces.
Then there is the security of the autonomous vehicles themselves. This is often the most high-profile element of contemporary automotive cybersecurity because it is the most apparent to consumers. However, in reality, autonomous cars may be compromised just as easily via a “traditional” corporate hack on the manufacturer as a real-time intrusion attempt.
Responding to this range of threats has been difficult, due in part to some unique features of the automotive industry.
The first is the increasing complexity of contemporary vehicles. The number of potential points of attack is already high enough to make totalizing defensive strategies unworkable, and this will only get worse in years to come. One reason is the number of vehicle nodes (ECUs) keeps increasing to support the demand for additional functionalities. Today, an average vehicle may contain around 30 units, and complex vehicles can comprise up to 100 units.
Secondly, most modern vehicles contain systems built by multiple stakeholders, each to their own standard.
