Supporting the Mobility Society of the Future: Trends in Automotive Cybersecurity

With the recent development of software-defined vehicle vehicles (SDVs), we are facing the threat of cyber-attacks. Hackers are using sophisticated methods to exploit vulnerabilities and launch sophisticated hacking attacks that compromise vehicle control systems. Keyless entry hacking, which is becoming increasingly popular in the market, is also a growing concern, cleverly circumventing traditional security measures and facilitating unauthorized access to vehicles. At the same time, vehicle subscription services are revealing new information theft threats as personal and financial information, such as credit cards, become an integral part of the vehicle’s functionality.

In response to these threats, the automotive cybersecurity domain is attracting increasing attention. New legislation is underway, and software engineers with the skills to build secure automotive software are increasingly in demand.

With this background, this article will explore the latest trends in automotive cybersecurity and focus on the necessary measures to ensure the safety and integrity of the rapidly evolving SDV fleet.

The State of Automotive Cybersecurity Today

Cyberattacks on vehicles are not just a violation of privacy or a technical issue; they are a threat directly related to personal safety. This was clearly demonstrated in a 2015 study. Researchers remotely hacked a moving car and controlled the engine and steering from roughly 10 miles away. This led to 1.4 million cars being recalled, highlighting a life-or-death concern.

Modern vehicles are increasingly integrated into the IoT and face new threats.

Common IoT systems in modern vehicles include the following examples

• Smart Infotainment System:
  This system provides navigation and media services that are standard in modern vehicles.
• Collaborative Mobile Apps (Connected Services):
  Apps that control vehicle climate, door locks, etc.
• Automatic driving functions:
  Systems that assist with parking assistance, lane keeping, adaptive cruise control, etc.

As the IoT in vehicles evolves, these functions typically emphasize convenience over security, which can result in security vulnerabilities. IoT devices in vehicles have limited processing power, making it difficult to deploy robust cybersecurity measures. This limitation is a gap to potential cyber attacks.

There is also the risk of various cyber-attacks. Over-the-air (OTA) updates to vehicles are a revolutionary automotive technology that allows software to be updated remotely, fixing bugs and adding new features. However, this convenience also brings with it a new cybersecurity issue: with the use of OTA updates, the vehicle is constantly connected to the network, making it vulnerable to potential cyberattacks. If these wireless update mechanisms are not adequately protected, hackers can exploit unauthorized access to vehicle systems.

Examples of cyberattacks: Israeli automotive cybersecurity company “Upstream Security”.

Stricter regulations

As a result of the ever-increasing risks associated with vehicle cybersecurity, the automotive industry is subject to intense scrutiny by government regulatory agencies around the world.

Governments are now implementing regulations that set and enforce standards requiring automakers to integrate robust cybersecurity measures from the earliest design and development stages of the vehicle. These regulations are intended to keep pace with the rapid evolution of automotive technology and protect consumers from potential cyber threats.

Let’s take a closer look at two recent regulations that shape automotive cybersecurity: “UN-R155” and“ISO/SAE 21434”.

What you need to know about “ISO/SAE 21434

ISO/SAE 21434, widely known as “Road Vehicles – Cyber Security Engineering,” is an important standard jointly developed by the International Organization for Standardization (ISO) and SAE International. The standard was published in August 2020 and focuses specifically on cybersecurity in the automotive sector, while drawing influence from earlier standards ISO 26262 and SAE J3061. It was born out of the recognition that clear guidelines were needed in a scattered regulatory environment and has been actively adopted within the industry.

At the core of the standard concerns cybersecurity of vehicle software andhardware. It addresses all aspects of cyber threats, from those that threaten the safety of drivers and the public to those that compromise user privacy and sensitive data. It is also designed to guide manufacturers in developing vehicles that minimize the risk of cyberattacks, including the most serious threats.

Key features of ISO/SAE 21434 include

• Security from the Early Stages
  emphasizes the importance of incorporating cybersecurity from the earliest stages of vehicle design and continuing throughout the entire vehicle lifecycle.
  
• Building a Cybersecurity Mindset:
  This standard encourages a consistent focus on cybersecurity within an organization. It covers key areas such as vulnerability analysis and risk assessment.
  
• Managing Cyber Risk:
  Provides guidance on establishing a cybersecurity management system to identify and effectively address cybersecurity risks.

ISO/SAE 21434 is not mandatory, but is becoming a key requirement in the automotive industry, especially in the supply chain. Automakers are beginning to expect compliance from their partners, and ISO/SAE 21434 has become an important standard in automotive cybersecurity.

Things to keep in mind about “UN-R155

UN-R155, a regulation developed under the UNESCO Economic Commission for Europe (UNECE), is transforming automotive cybersecurity. It provides a framework for automakers to proactively address cyber threats.

Examples of key items in this regulation:

• Detection and Prevention:
  Manufacturers must implement measures to detect and prevent cyber attacks. This will ensure that vehicles have robust protection against digital threats as well as functional ones.
• Monitoring Capabilities:
  The emphasis is on the ability of manufacturers to monitor threats, vulnerabilities, and actual cyber attacks. This continuous monitoring is critical to quickly identifying and mitigating risk.
• Data Forensics:
  Vehicles must have the ability to analyze attempted or successful cyber attacks. This forensic analysis is critical to understanding attack vectors and improving future security measures.

In Japan, compliance with “UN-R155” has been incorporated into national legislation; the scope of the regulation will be expanded in January 2024, and compliance with it is essential for vehicle certification, even for new non-OTA-compliant vehicles. Sales restrictions will be imposed on vehicles that do not meet these standards, underscoring the importance of automotive cybersecurity.

Notably, this international standard varies by vehicle type, tailoring cybersecurity requirements to specific vehicle functions and risks, providing more comprehensive safety, but also increasing the complexity of the requirements.

Toward the Future of Automotive Cybersecurity

As we have seen in this article, while the importance of the cyber security domain and regulations are rapidly advancing in the Japanese automotive industry, one of the challenges is the shortage of engineers and sales personnel. The cyber security field is not only growing rapidly, but is also at the forefront of technological innovation, making it an excellent opportunity to change career paths.

With the rise of automated driving technology and connected vehicles, the demand for automotive cybersecurity expertise has skyrocketed. To take advantage of these opportunities, it is important to hone specialized automotive application-specific cybersecurity skills, understand the complexities of modern vehicle technology, and develop a precise sense of this niche market.

If you are considering a career change in the automotive cybersecurity field, please feel free to contact Turnpoint Consulting. We offer job search assistance with a particular focus on the automotive and mobility industry, and can assist you in many ways, including interview practice and response correction. If you have any questions or concerns about your job search or career change, please do not hesitate to let us know.

Supervised by Turnpoint Consulting Media Team (Edited by Shintaro Kondo)
We are a media team that provides useful information about changing jobs related to the automotive and mobility industry. For those who are thinking about changing jobs, we will provide information about the job market in the automotive and mobility industry and how to prepare for the selection process, and for corporate recruiters, we will provide information about the flow of human resources in this industry. Our goal is to help you by providing information about changing jobs and recruitment in the automotive and mobility industry.