Autonomous & Connected Vehicles Must Be a Top Security Priority

Cybersecurity investment is emerging as a strategic priority for automakers as connected and autonomous vehicles make their way onto public roads, according to a study by analytics firm Frost & Sullivan.

The report estimated 55% of trucks in North America and 43% of trucks in Europe would be connected by 2025, underscoring the need for strong cybersecurity platforms with multi-layer protection.

The study noted many OEMs are partnering with automotive cybersecurity specialists in an effort to lead the field.

Meanwhile, calls are growing for more White Hat hackers to test autonomous vehicle defenses.

Matt Mackay, General Motors’ manager of product cybersecurity governance and risk analytics, told TU-Automotive in August the challenge for the industry is to find researchers who are doing advanced security testing with respect to automotive.

The Frost & Sullivan report, “Automotive Cybersecurity Emerges as a Strategic Priority in an Era of Connected and Autonomous Commercial Vehicles,” finds that AV security platforms should also have future-proof technologies that can prevent attacks not thought of when the vehicle was first designed.

From ransomware, which could cost consumers and businesses an endless amount of money, to the risk of someone maliciously commandeering a connected car, the potential threats are daunting.

The self-driving cars of tomorrow will remain in operation for several years, probably across several owners or ride-sharers.

Unlike PCs and smartphones, which can force upgrades by slowly decreasing their security updates, automobiles will need to remain secure for many years, even decades, after they’re produced.

This will present a host of other challenges as automakers attempt to stay ahead of everything hackers can throw at them long after a vehicle has run its course.

“Hackers perceive commercial vehicles carrying high-value goods to be more lucrative than passenger vehicles,” Sathya Kabirdas, research director for connected fleets at Frost & Sullivan, wrote in a statement. “Greater sophistication makes cyber threats harder to identify. At the same time, these threats are no longer universal; they are evolving to target specific industries and use cases.”

US automaker Ford claims it regularly updates its library of threats and attacks, and cross-references Common Vulnerability and Exposure alerts from the National Institute of Standards and Technology and other threat sources.

Digital security specialist Gemalto is providing data protection and encryption technology for smart electric car startup Faraday Future, helping to secure the software powering the car.

Component makers are fostering partnerships as well. For instance, supply and technology giant Continental entered into a partnership with Argus Cyber Security and Elektrobit to offer security and over-the-air (OTA) software updates that will be pre-integrated into its telematics units, infotainment systems, gateways and other components.

In addition, government-mandated standards are likely to play a major roll. In the last, the UK’s standards and compliance authority, the British Standards Institute (BSI) received funding from the Department for Transport (DfT) to publish new standards for cyber security in autonomous vehicles.

The DfT said the guidance would allow automakers to show compliance with previously published government guidance on AV cyber-security which suggested “their systems should be designed to be resilient to attacks and respond appropriately when [their] defenses fail.”

— Nathan Eddy is a filmmaker and freelance journalist based in Berlin. Follow him on Twitter.