Cybersecurity in connected and autonomous mobility- How far the industry must grow
Recent trends in information technologies such as AI and its subset, ML, Computer Vision, IoT, Cloud Technologies, and Mobility are expanding innovation in the safe, connected and autonomous vehicles industry.
The industry is in an increasing momentum, with a compound annual growth rate (CAGR) expected to be higher than 10% over the next five years.
The key benefits implemented are improvements in driving security and overall safety (through advanced driving assistance systems, crash avoidance systems and overall reduced human error), higher vehicle reliability and maintenance with devices fitted with onboard diagnostic systems (OBD) and safer communication protocols, better human-machine interface using speech recognition and operational enhancement including reduced traffic congestion, and traffic control etc.
These possibilities are not only important for the automotive industry itself but also for surrounding industries like insurance, transportation, transportation infrastructure, logistics, engineers and other professionals — look at the ecosystem it’s impacting.
Take for example in the particular case of insurance agencies, new services will show up such as automated emergency callout, theft tracking, and breakdown data. This will obviously improve the vehicle telematics data as well as help reduce insurance frauds.
Associated risks in implementation of connected vehicles
We can conclude not only the risk of traditional cyber-attacks on the information and running of the vehicle systems, but also to a new set of attacks around such things as ransomware, IoT attacks, DDoS and vehicle theft.
Due to their connected nature, there also exists security risks to the networks they are connected to, they can range from financial networks that process on-line payment systems, roadside sensor networks, electricity networks or traffic control lines.
The conventional industry application for software development activities by first securing product quality and safety features with less focus on cybersecurity, represents too high a risk and will require better reforms.
Software development being a fairly new space for automotive companies (read OEMs), it is currently mainly focused on ensuring secure product quality. Companies are recently following the Automotive SPICE (ASPICE) initiative aimed at improving quality as well as the process handling and norms such as ISO 26262 relating to functional safety of vehicles on the streets.
Resolution to reduce the potential threats
Connected and autonomous vehicles depend on a wide array of E/E architecture and computer systems. They must require strong cybersecurity so that these systems work as intended and are built to mitigate safety risks.
To ensure a complete cybersecurity profile , a multi-layered approach is mandate so that it can leverage existing cybersecurity protocols and encourages industry to adopt best practices that improve the security posture of the vehicles.
A multi-faceted approach to cybersecurity which focuses on a vehicle’s entry points, both wireless and wired, that could be potentially vulnerable to a cyber-attacks is mandate.
A detailed and systematic approach to develop a layered cybersecurity protections for vehicles includes the following requirements:
- Real time detection and quick response to potential vehicle cybersecurity risks.
- Architectures, methods, and measures that design-in cybersecurity and cyber resiliency, facilitating rapid response and recovery from events when they occur.
- Methods for effective adoption of intelligent information sharing across the industry to facilitate quick adoption of industry-wide lessons learned — this leads to better customer satisfaction as it provides timely service maintenance.
- Creation of industry standards that articulate best practices and solutions.
Book — Bosch Automotive Electrics and Automotive Electronics.