Cybersecurity Takes the Wheel as Auto Industry’s Top Priority – DARKReading
Vehicle safety, which has long been a top concern for automotive companies, today equates to cybersecurity. That’s because now more than ever, vehicles run on software.
They are fast-moving, highly connected data centers, part mainframe, and part mobile device, loaded with Internet of Things (IoT) devices. They are effectively mobile nodes operating at the edge of massive cloud infrastructure. And they will increasingly become targets for cyberattackers.
Over the past decade, auto manufacturers have steadily moved toward electric vehicles, while the industry has also introduced new mobility initiatives, such as ride sharing, car sharing, and changes to traditional ownership models. Over-the-air (OTA) updates to computer systems regularly deliver new features, improving the driving experience or fixing issues without recalling vehicles. And IoT devices laced throughout a vehicle gather, transmit, and receive information. Autonomous vehicles, taxi fleets (Uber, Lyft, Waymo), and trucking operations are around the next bend.
All of this adds urgency to vehicle cybersecurity. In June 2020, United Nations Regulation (UNR) 155 established cybersecurity requirements for members of its WP.29 group of countries, including the EU, UK, Japan, and South Korea. And while the US, Canada, and China are not members, adherence to UNR 155 is mandatory for access to those markets.
Combined with other cybersecurity requirements such as ISO/SAE 21434 — and the real threats of cyberattacks — cybersecurity will overtake functional safety among automakers’ priorities — or at least gain equal footing with it. Auto companies need to be aware of a few important factors.
Identify the Threats
Cyberwarfare, already very expensive for targets, is becoming increasingly dangerous as well. Attacks on the energy sector, for example, can endanger lives if power is cut off to hospitals, nursing homes, or other care facilities. In May, the Colonial Pipeline attack didn’t quite rise to that level but demonstrated how far-reaching a successful attack — achieved by compromising a single password — can be.
The risks are amplified for the auto industry by the very nature of driving at high speeds on crowded roads. Vehicle hacking, already more common than many people may think, could soon become more widespread, with the potential for life-threatening incidents on a large scale.
The economic impact of such hacking also would be considerable, adding another reason for automotive companies to focus on ensuring cybersecurity. Building trust, which is essential for any business, is paramount in transportation. Boeing’s ongoing problems with its 737 Max airliner, which was grounded for 20 months in 2019 and 2020 after two crashes attributed to software failures, clearly illustrate the point. Cybersecurity efforts in the auto industry should focus on five key areas.
1. Zero-Day Exploits
The number of …….