Threats to vehicle integrity and production line availability due to a cyberattack are areas where maturity and a higher operational resilience focus are required.
FREMONT, CA: CAVs (connected and autonomous vehicles) are vulnerable to hackers once they are on the road. For many years, manufacturing plants have prioritized intellectual property protection, such as novel designs, concepts, tooling/technologies, and strategic goals. This covers the physical vehicles, technologies, and services with which they interact.
Manufacturers excel at security in development, production, and engineering, but they do not think about cybersecurity as much. They may, for example, disregard cybersecurity monitoring of connected vehicles on the road. Threats to vehicle integrity and production line availability due to a cyberattack are other areas where maturity and a higher operational resilience focus are required.
Vehicle Component Complexity
CAVs are essentially interconnected architectures that deliver various key services via a gateway Electronic Control Unit (ECU) that includes telematics and communications. The powertrain (engine and gearbox), chassis control subnet (steering, braking, airbag), body control subnet (instruments, climate control, door locking), and infotainment subnet (telephone, navigation, audio/video) are all included in these services. External interfaces like USB, Bluetooth, WiFi, ZigBee, Wave, GPS, 3/4/5G, OBD, GSM, and others are available alongside these components. Vehicles may be exposed to a variety of vectors as a result of this complicated networked infrastructure.
Damage or loss of sensitive data in the cloud, system failure or malfunctions, power outages or software mistakes, locking doors or garages, data interception, tampering with car controls, and identity fraud/theft are all potential concerns.
Mobile devices have evolved into a key and a means of managing various vehicle features, including locks, entertainment, headlights, climate control, wipers, the horn, and even vehicle movement. These devices and programs are known to be vulnerable to a variety of security flaws. Poor password requirements, coding faults, obsolete operating systems, malware/virus vulnerability, and poor user practices, for example, offer a CAV with a variety of danger vectors. For instance, a hostile actor may have installed an app on a user's cellphone that let them access the simple CAV app and collect a Vehicle Identification Number (VIN). Once the attacker has a VIN, they can install a legitimate program and seize control of the vehicle.
The Human Factor
Employees in the automotive industry will need to learn new skills and adjust their work habits. Engineering, design, sourcing, program management, sales, and service all change due to this. All employees and stakeholders will require cybersecurity training.