Latha Chembrakalam
Connectivity has opened doors for many services impelling vehicle safety, driver convenience, and comfort. To put this in perspective, as per Fortune Business Insights, the globally connected car market is projected to grow from $59.70 billion in 2021 to $191.83 billion in 2028 at a CAGR of 18.1 percent in the forecast period, 2021-2028. Connectivity has been opening doors for new technologies and information sharing across industries.
With such a progressive outlook for connected mobility, it opens the room for new challenges. Systems and components that govern safety must be safeguarded against malicious attacks, unauthorized access, damage, or anything else that could interfere with the safety functions of a vehicle. Currently, a standard car consists of more than 100 million lines of code, and it is predicted that by 2030, there will be 300 million lines of code. The loophole in even one of the components within a vehicle could enable hackers to steal data or perhaps intervene in the function.
Hackers continue to find backdoors to enter vehicles remotely as technology advances and the number of software components in a vehicle grows. Navigation and other connectivity features are already standard in today’s vehicles. Keyless entry, cloud access, and smart voice assistants are increasingly getting featured in modern-day cars. With this comes the significance of securing the car from possible security breaches.
Cybersecurity is a continuous process that will continue throughout the life cycle of the vehicle. This increases the importance of software engineers and cybersecurity experts even in the automotive industry, and OEMs around the world are gradually building teams capable of addressing such issues.
Challenges and Risks
With vehicles becoming more IoT driven, an unprotected ecosystem can expose the vehicles to threats and vulnerabilities. An Automotive cybersecurity system aided by artificial intelligence could help in providing a clear picture of any possibilities of vulnerabilities that the system may have.
A connected vehicle exchanges data with multiple parties like other vehicles on the road (V2V), the surrounding infrastructure (V2I), and everything else (V2X). Within a connected vehicle, various individual segments are instrumental in the functioning of the system. In the future, a typical car’s architecture may look in this way, wherein Electronic Control Units (ECUs) will be connected to Zonal Units, which will be collectively connected to High Performance Computers (HPC). The architecture will need robust security to prevent a possible breach from external threats.
However, automotive cybersecurity is more than just keeping the vehicle secure. It must begin much earlier, especially during the manufacturing process. The manufacturing setup necessitates a strong security system to prevent hackers from infiltrating and modifying the codes of the components, resulting in faulty behavior. In a typical Industry 4.0 smart factory, the entire manufacturing infrastructure is connected. The advancement of connected plants exposes the ecosystem, to new threats and vulnerabilities. Any data that travels over the network is vulnerable to a cyber-attack. When manufacturing data migrates from OT systems on the factory floor to interconnected Information Technology (IT) systems in the corporate network, new risks emerge. Cybercriminals may gain access to intellectual property, shut down systems, disrupt production schedules, and negatively impact product quality.
Even if some processes are not connected to the internet, the manufacturing environment should be considered fully integrated. Although many breaches begin in IT networks, hackers or attackers may move on to other parts of the environment via connected devices. Furthermore, information about the non-connected process may be included in some connected devices.
Prevention is the first important step
The solution for automotive cybersecurity needs to be proactive and multi-layered. The automotive industry is working on securing the systems, memory, communication, and supporting infrastructure. Online trust centers secure the crypto keys, and penetration test labs that continuously look for vulnerabilities and threats have become crucial to ensure vehicle safety.
Cybersecurity can majorly be tackled in three broad critical steps:
- Prevent – The probability of security encroachment rises in tandem with the degree of networking and the number of in-vehicle interfaces that it necessitates. Hackers are driven by various factors, including data theft, financial gain, and prestige. Manufacturers need to strengthen all potential attack points and lay down security solutions across multiple levels and departments. This can be made possible by identifying the various attack points, understanding the behavior, and designing safety measures to secure the systems.
In other words, make it as hard as possible for hackers to attack. This typically involves hardware-enhanced crypto, embedded security software, secure networks, and secure vehicle architecture. In terms of automotive cybersecurity, another example of a preventive approach would be DevSecOps. The practice ensures that developers are using coding practices that are less vulnerable to attacks.
- Understand – Know that the system is being hacked, identify the point of entry, exposed vulnerabilities, and other critical information in real time. This involves live monitoring and tracking of connected vehicles. An example of this would be setting up the Security Operation Centres (SOCs). SoCs are needed to ensure real-time detection of any such breach and tackle it in real-time. The SOCs would also help us identify the gaps and do quick patches to avoid long-term exposure to vulnerabilities in on-road vehicles.
- Respond – Mitigate the damage and immunize the fleet in hours. This involves software updates over the air and patch management. Cybercrime is an asymmetric challenge. Although an organization must monitor hundreds of processes, hackers just need to find a single flaw to gain access. It is like a never-ending race between those who want to secure networks and those who want to break them down. Therefore, once a loophole is identified, it is vital to act as quickly as possible.
The UNECE WP.291 regulation (World Forum for Harmonization of Vehicle Regulations) on cybersecurity and software updates is on the horizon and will trigger a paradigm shift in the automotive industry in the UNECE member countries. Under this framework, OEMs in UNECE member countries must show evidence of sufficient cyber-risk management practices end to end, i.e., from vehicle development through production to postproduction. This would include the OTA fixed post-sales of the vehicle as well.
Continental’s Technical Centre India is continuously working on innovating new technologies to suit the demands of the customers, cybersecurity being one of them. Continental acquired Argus Cyber Security in November 2017 to ensure secure data channels for in-car and inter-platform connectivity through its devices.
Considering, that connectivity will play a central part in EE architecture, and modern-day cars becoming self-reliant and automated, cybersecurity protocols are not just good to have but crucial and must add to the system. Developers are working on codes that are less vulnerable to attacks. Cybersecurity is not a step or layer that should be added after development has been completed but an ongoing process. Thus, cybersecurity will be nonnegotiable for securing market access in the future.
The author is Head of Technical Center India, Continental Automotive India.
Disclaimer: Views expressed are personal and do not reflect the official position of the author’s institution or policy of Financial Express Online. Reproducing this content without permission is prohibited.