30 Nov Securing the Road Ahead: Cybersecurity Trends in the Automotive Industry
In recent years, the automotive sector has faced escalating cyber threats. Hackers have exploited vulnerabilities, orchestrating sophisticated car-hacking operations that compromise vehicle control systems. Keyless entry hacks, another growing concern, allow unauthorised access to vehicles, bypassing traditional security measures. Additionally, vehicle subscription services introduce new avenues for identity theft, as personal and financial information becomes integral to car functionalities.
Responding to these threats, the industry is evolving. New legislation is shaping up, emphasising the urgent need for software engineers skilled in designing secure automotive software.
With this in mind, let’s explore the current trends in the automotive cybersecurity sector today, and what needs to be done to ensure the safety and integrity of our increasingly connected vehicles.
1. The State of Automotive Cybersecurity Today
A cyber attack on a vehicle isn’t just a breach of privacy or a technical glitch; it’s a direct threat to personal safety. This was starkly demonstrated in a 2015 study where researchers remotely hacked a moving car and controlled the engine and steering wheel from a remote location approximately 10 miles away. This led to a recall of 1.4 million vehicles and highlighted the potential for life-threatening consequences.
Today’s vehicles, increasingly integrated with the Internet of Things (IoT), face new and evolving threats. Common IoT systems in vehicles today include:
- Smart infotainment systems:
These systems, providing navigation and media services, are now standard in modern vehicles.
- Connected mobile apps:
Apps that control car features like climate and door locks.
- Autonomous driving features:
Systems that assist in parking, lane keeping, and adaptive cruise control.
The rise of IoT in vehicles introduces vulnerabilities mainly because these devices often prioritise functionality over security. With limited processing power, IoT devices in cars struggle to implement robust cybersecurity measures. This weakness becomes a gateway for potential cyber-attacks.
And other risks exist too. Over-The-Air (OTA) updates represent a significant advancement in automotive technology, allowing manufacturers to remotely update software, fix bugs, and add new features to vehicles. However, this convenience also brings with it new cybersecurity challenges. The use of OTA updates means that vehicles are constantly connected to a network, making them susceptible to potential cyber-attacks. If these wireless update mechanisms are not properly secured, they could be exploited by hackers to gain unauthorised access to vehicle systems.
Examples of cyberattacks : Israeli automotive cybersecurity company “Upstream Security”.
2. Increasing Regulatory Scrutiny
The automotive industry is increasingly coming under the lens of government regulators worldwide. This attention is primarily driven by the growing recognition of the risks associated with vehicle cybersecurity.
Governments are now stepping in to set standards and enforce regulations that mandate manufacturers to integrate robust cybersecurity measures right from the initial design and development stages of vehicles. These regulations aim to ensure that automotive cybersecurity keeps pace with the rapid advancements in vehicle technology, thereby safeguarding consumers from potential cyber threats. Two recent regulations shaping the automotive cybersecurity industry include UN-R155 and ISO/SAE 21434.
Let’s look at these more closely.
What You Need to Know About UN-R155
UN-R155, a regulation developed under the United Nations Economic Commission for Europe (UNECE), is reshaping automotive cybersecurity. It sets a framework for vehicle manufacturers to proactively address cyber threats.
Key mandates of this regulation include:
- Detection and Prevention:
Manufacturers must implement measures to detect and prevent cyber-attacks. This ensures vehicles are not just designed for functionality but are also fortified against digital threats.
- Monitoring Capability:
There’s an emphasis on the ability of manufacturers to monitor threats, vulnerabilities, and actual cyber-attacks. This ongoing surveillance is crucial in identifying and mitigating risks promptly.
- Data Forensics:
Vehicles must have the capability to analyse attempted or successful cyber-attacks. This forensic analysis is critical in understanding attack vectors and enhancing future security measures.
In Japan, adherence to UN-R155 is integrated into domestic regulations. In fact, compliance is essential for vehicle-type approval. Vehicles failing to meet these standards face restrictions on sales, emphasising the regulation’s significance in ensuring automotive cybersecurity.
Crucially, this global standard varies by vehicle type, tailoring cybersecurity requirements to specific vehicular functions and risks, adding more comprehensive safety, but more complexity. With this in mind, let’s a growing need for cybersecurity and sales experts who understand the intricacies of UN-R155.
What You Need to Know ISO/SAE 21434
ISO/SAE 21434, known as “Road Vehicles – Cybersecurity Engineering,” is a crucial standard co-developed by the International Organization for Standardization and SAE International. Launched in August 2020, it draws inspiration from previous standards like ISO 26262 and SAE J3061 but focuses specifically on cybersecurity in the automotive sector. This standard has been eagerly adopted by the industry, addressing a need for clear guidelines in a previously scattered regulatory environment.
At its core, ISO/SAE 21434 is concerned with the cybersecurity of vehicle software and hardware. It addresses the full spectrum of cyber threats, from those endangering driver and public safety to those compromising user privacy and sensitive data. The standard is designed to guide manufacturers in developing vehicles with minimal cyberattack risks, encompassing even the most serious threats.
Key features of ISO/SAE 21434 include:
- Security from the Start:
It stresses the importance of incorporating cybersecurity from the early stages of vehicle design, continuing through the entire lifecycle of the vehicle.
- Building a Cybersecurity Mindset:
The standard encourages a consistent focus on cybersecurity within organisations. It covers vital areas like vulnerability analysis and risk assessment.
- Managing Cyber Risks:
It provides guidance on setting up a cybersecurity management system to identify and handle cybersecurity risks effectively.
Though not mandatory, ISO/SAE 21434 is becoming a key requirement in the automotive industry, particularly in the supply chain. Vehicle manufacturers are starting to expect compliance from their partners, making it a critical standard in automotive cybersecurity.
3. Accelerate into the Future of Automotive Cybersecurity
In Japan’s rapidly evolving automotive sector, there’s a critical gap: a shortage of specialized cybersecurity engineers and knowledgeable sales professionals. This presents a unique opportunity for those in software engineering and sales to pivot their careers into a field that’s not only growing but is at the forefront of technological innovation. With the rise of autonomous driving and connected cars, the demand for expertise in automotive cybersecurity is surging. To seize this opportunity, focus on honing specific skills in cybersecurity tailored to automotive applications, understanding the intricacies of modern vehicle technologies, and developing a keen sense of this niche market.
Ready to dive into the automotive cybersecurity world? Feel free to connect with Turnpoint Consulting, we specialize in connecting talent with top-notch roles in the Automotive Cybersecurity sector.
Register with us today to access exclusive job listings, receive valuable career guidance, and benefit from interview insights provided by our industry-experienced recruiters. Your next career move awaits, and we’re here to help you navigate it successfully. Join Turnpoint Consulting and take the next step toward your professional success in the dynamic world of Automotive Semiconductors.