Connected cars, autonomous cars, and electric vehicles are constantly under the threat of cyber attacks. Thus, new regulations are required.
Fremont, CA: With technological advancements and digital innovations such as infotainment connectivity, over-the-air (OTA) software updates, cars are turning from mere vehicles to information clearinghouses. These technologies deliver significant customer value, and at the same time, they make the vehicles a center of hacking and black-hat intruding. Perpetrators attempt to gain access to critical in-vehicle electronic data and potentially compromise the safety of the car, its owner, and compromises customer privacy.
The automotive industry is transforming due to new concepts such as new personal-mobility concepts, vehicle electrification, autonomous driving, and car connectivity. The propagation of software and new fully digital mobility services has become a core consideration due to the digitization of in-car systems. The digital mobility services include several car apps, vehicle features, online offerings that customers can buy and unlock online. Currently, cars have 150 electronic control units, but by 2030 many observers expect cars to have 300 million lines of software code. The overabundance of complex software code results from the legacy of designing electronics systems and the increasing requirements and complexity of operations in autonomous and connected cars. This generates a lot of opportunities for cyber attacks in the entire value chain.
Cyber attacks have become relatively easier as compared to the past. With the right state-of-the-art tools, attacks are relatively low-effort and an affordable affair. Perpetrating the defense of a complicated value chain requires relatively higher effort and investment. For instance, in a hacking contest, white-hat hackers took control of the infotainment system of an electric vehicle. As a result, the car manufacturer had to release a software update to mitigate the issue. In another example, a Chinese security company found 14 vulnerabilities on a European premium car in 2018. Approximately 1.4 million vehicles were recalled in 2015 by a global automaker involving cybersecurity risks. The recall affected the OEM significantly, with approximately $600 million.
The automotive industry can break down complex challenges and standardize responses. However, cybersecurity remains a mystery to the industry. So far, suppliers cannot deal with the carrying requirements of their OEM customers. As a result, automakers try to strike a balance between the use of standard security requirements used in their original products and the software adjustments made for individual original equipment manufacturers. However, OEMs are restricted by the contractual arrangement and supplier relationships to test the end-to-end cybersecurity of a vehicle platform. This makes it difficult for suppliers and OEMs to collaborate and achieve effective cybersecurity.
Recently, regulators are standardizing vehicle software and cybersecurity, affecting the entire value chain. For instance, California’s final regulations regarding testing autonomous vehicles came into effect in April 2018. This regulation requires autonomous vehicles to meet adequate cybersecurity standards. The World Forum will finalize new rules for the Harmonization of Vehicle Regulations on cybersecurity under the United Nations Economic Commission for Europe (UNECE). These regulations will make cybersecurity mandatory for vehicle sales in the future. Industry experts believe that the UNECE regulations will begin the new era of technical compliance regulations in the automotive sector.