Author: Nathaniel Meron, C2A Security chief product officer
The automotive cybersecurity industry is in the midst of a hugely positive upswing that is promising for the future of connected, autonomous, shared and electric (CASE) vehicles.
Though connected vehicle architecture is more complex and computerised than ever before, hosting up to 150 electronic control units and running on 100 million lines of code, there are exciting conversations happening across the automotive supply chain that promise to make cybersecurity a priority for the protection of passengers, drivers and automakers.
The industry has seen a proliferation of safety standards in the past five years, each with critical implications for automotive cybersecurity practices.
OEMs and Tier 1 Suppliers are beginning to take cybersecurity practices seriously and actively participate in industry-wide consortiums like Auto ISAC.
However, these essential steps forward are also raising new challenges for the industry.
Uncoordinated cybersecurity efforts are a far cry from the harmonised, standardized approach the industry needs.
Building a cohesive approach, one that involves OEMs and Tier 1s collaborating closely, will prove essential to the rollout of autonomous technology, and to the safety of passengers and drivers in the long-term.
Step 1: Approach cybersecurity as a safety issue
The increasing number of vulnerabilities in CASE vehicles pose legitimate safety risks to drivers and passengers. It has long been the case that safe vehicle operation is every OEM’s top priority, so systems are designed to ensure personal safety in the event of a crash or other safety-critical event.
While cybersecurity practices are not as well established, this doesn’t make them any less important to protecting the well-being of people inside modern vehicles.
The advent of connected vehicles means cybersecurity processes are now being prioritized, and should be given the same treatment from automakers as functional safety.
Before creating a holistic approach to cybersecurity, the industry must define the best one.
Any holistic approach to cybersecurity should foster a culture of safety and security, one that sees the cyber engineering and functional safety teams working in parallel to ensure the safety of connected vehicles.
Taking this approach will prove beneficial as connected and autonomous vehicle technology takes to the roads. Ensuring that vehicles are cybersecure will not only help build public trust, but prove essential for vehicles on the road today and tomorrow.
Step 2: Declutter communications across the supply chain.Industry-wide cybersecurity
Industry-wide cybersecurity standardization has long been neglected by the automotive industry.
This is largely because, up to now, it has been fortunate enough to not experience consumer backlash from a mass casualty event posing significant threat to national security.
More sophisticated connected vehicle architecture is making that neglect dangerous to drivers and companies’ bottom lines.
New ISO 21434 standards for automotive cybersecurity are an encouraging example of industry-wide collaborative efforts.
The Automotive ISAC (Information Sharing and Analysis Center) has focused all its efforts on creating a space for sharing information around automotive cybersecurity.
Current activities are excellent opportunities for OEMs and various suppliers to touch base and tackle industry-wide issues, but streamlining Auto ISAC shared knowledge into a de-facto practical risk assessment process that can be easily adopted by the manufacturers remains a challenge, something the industry is actively working together to solve.
By implementing a new, holistic culture of harmonised cybersecurity throughout the vehicle lifecycle, OEMs and Tier 1s will lead the industry in building a standardized approach to cybersecurity that will benefit the mobility ecosystem as a whole.
Step 3: Leverage new technology to create a deliberate, industry-wide approach to cybersecurity
The automotive industry needs comprehensive cybersecurity lifecycle management tools to manage cybersecurity needs across the entire supply chain, and throughout the vehicle lifecycle.
These cybersecurity lifecycle management platforms should empower OEMs and Tier 1s with the visibility required to meet all the cybersecurity needs of connected vehicles for the entirety of their useful lives and overcome the complexity of vehicle cybersecurity systems.
The goal is to create unparalleled transparency into the entire cybersecurity lifecycle, enabling streamlined management of each phase: risk assessment, planning, policy creation and policy enforcement.
This transparency will act as the ultimate enabler for communication. It will provide OEMs, suppliers, and other stakeholders with real-time, easily accessible information that will allow a structured and automated approach for automotive cybersecurity.
Cybersecurity is for the benefit of the entire mobility ecosystem
By fostering a safety culture that seeks to achieve cybersecurity and functional safety goals together, decluttering supply chain communications and leveraging digital technologies for cybersecurity lifecycle management, the industry will see the benefits of managing cybersecurity in a systematic way across the entire mobility ecosystem.
Mastering these three needs is essential for the wide scale rollout of connected and autonomous vehicles, and will prove beneficial for both today’s CASE vehicles and tomorrow’s level-5 AVs.