Nathaniel Meron
Published in

Nathaniel Meron

Practical Automotive Cybersecurity as a Key for Tackling OEM Challenges

The automotive industry is in a time of upheaval: juggling a complex supply chain, the implementation of new regulations and connected vehicle architecture mean cybersecurity is more difficult to implement than ever before. By being practical, OEMs can tackle these challenges with ease — ushering in a new era of automotive cybersecurity.

Harmonised cybersecurity is more difficult than ever before

Both within OEMs and Tier 1s and down the supply chain, different internal and external teams are responsible for different tasks in the vehicle lifecycle, and struggle to communicate and coordinate.

As the automotive industry copes with a seismic shift towards modern vehicle architecture, OEMs, Tier 1s and other automotive industry suppliers are struggling to adapt. Consumer demand for newer, more connected vehicles with advanced driver assist and — in some cases, autonomous — features mean OEMs are developing more car models with more complex systems architecture. The components required from a variety of sources compromise the automotive supply chain, complicating the planning and implementation of cybersecurity measures. Both within OEMs and Tier 1s and down the supply chain, different internal and external teams are responsible for different tasks in the vehicle lifecycle, and struggle to communicate and coordinate, leading to ineffective task management and assignment. At present, there is no harmonized means of cybersecurity communication or project management — meaning even the simplest and most repetitive tasks, like risk assessment, are more complicated and time consuming than ever before.

To further complicate matters, OEMs, Tier 1s and other automotive industry suppliers are on a tight schedule to incorporate new ISO 21434 standard and UNECE WP.29 regulation that set basic guidelines for cybersecurity management systems. These regulatory activities define the categoric directive for implementing cybersecurity management systems for the protection of vehicles. The regulation outlines key considerations for proper cybersecurity lifecycle management for the vehicle, from TARA and product design to when the vehicle is on the road. The new regulation activities indicate a positive development for automotive cybersecurity: stakeholders are prioritizing cybersecurity as a safety issue in a way that they haven’t before and acknowledging that vehicle architecture must be secure against attacks to mitigate risks to the public.

The current approach to automotive cybersecurity is broken; a realistic, practical outlook can help

The current approach to automotive cybersecurity is broken; a realistic, practical outlook can help

Though the signs of positive change in the industry are encouraging, there is still plenty of room for improvement. Tackling the challenges of vehicle connectivity, a complex supply chain and new regulation cannot be solved with the current status quo. Sourcing cybersecurity down the supply chain is almost technically impossible, as only OEMs have full scope over the vehicle throughout the cybersecurity lifecycle. Current infrastructure does not allow for immediate response to cybersecurity attacks, which is essential to successfully mitigating and responding to incidents. Furthermore, many suppliers are involved in a comprehensive suite of cybersecurity solutions and activities. Coordinating between them is expensive, especially when considering the average vehicle is on the road for two decades or more. Already, OEMs are cutting down costs on vehicle components — leaving a limited budget for effective cybersecurity management.

OEMs need a new approach for cybersecurity that will enable vertical integration, empower them to manage and own every step of the security lifecycle, and equip them with the agility required to identify and respond to attacks quickly, all without adding stress to an already fraught supply chain. This approach must prioritise design and customisation: cybersecurity is not one-size-fits-all, and needs to take different vehicle makes and models into account. A practical approach to cybersecurity will allow for the seamless management of all cybersecurity solutions from different suppliers, and will provide unparalleled visibility and insight into different incidents.

An open ecosystem will enable practical cybersecurity

An open ecosystem will create new opportunities for collaboration that allow security teams to prepare for future cyberattacks and will enable an automotive industry that is truly cyber-resilient.

Visibility, seamless integration and harmonized cybersecurity communication is all possible with an open ecosystem based cybersecurity solution. This centralized cybersecurity hub for OEMs and Tier 1 suppliers will create a dev-ops backbone for cybersecurity management, bridge the gap between all entities down the supply chain, and enable flexibility for software solutions deployed inside the vehicle, as well as allow for fast re-configuration and orchestration of security policy. By adopting an open ecosystem, OEMs and Tier 1 suppliers will have unparalleled transparency into the entire cybersecurity lifecycle, enabling streamlined management of each phase: risk assessment, planning, policy creation and enforcement. With enhanced coordination among key cybersecurity players, an open ecosystem will create new opportunities for collaboration that allow security teams to prepare for future cyberattacks, and will enable an automotive industry that is truly cyber-resilient.

--

--

--

Chief Product and Marketing Officer

Recommended from Medium

How To Create A Disposable Email Address In Only Seconds

Why The Russian Cyber Armageddon Is Unlikely To Come

The Case of the Vanishing Bastion

Russia ‘Cozy Bear’ Breached GOP as Ransomware Attack Hit

Credential Stuffing and Account Take Over

Ukrainian military and banks subjected to DDoS attack

{UPDATE} Hexagon Royale Hack Free Resources Generator

Best Alternatives To BurnerMail In 2022

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
C2A Security

C2A Security

In-vehicle cyber security protection

More from Medium

A day in the life of a business consultant at Madison Partners

Schengen Tourist Visa in Bucharest

Killer Robots: Assessing Moral Judgment in a Modern Warfare

What’s Next for WebThings after 1.0?