The automotive industry is rapidly innovating, bringing connectivity to vehicles in various ways, and turning them into rolling data centers. However, this increased connectivity brings both new driving experiences and cybersecurity risks. Connected cars, projected to reach over 400 million by 2025, are susceptible to hacking, making securing them essential.
While there's knowledge about securing automakers' back-end networks, the car's interconnected systems and components remain less understood and vulnerable. WiFi, Bluetooth, LTE, 5G, and more pose serious security risks, along with new technologies like Voice-as-an-Interface, expanding the attack surface. Cybersecurity standards are emerging, with the United Nations Economic Commission for Europe (UNECE) introducing UN R155 for new vehicles from July 1, 2022.
Despite these developments, automotive cybersecurity lags behind traditional enterprise standards. Original equipment manufacturers (OEMs) and component makers need to manage vehicle cybersecurity risks, secure vehicles in the design stage, respond to incidents and provide secure software updates. Governance of connected vehicles, adherence to regulations, and mandatory legal requirements are crucial.
Connected car manufacturers must collaborate, manage and assess risks, integrate security into design processes, and undergo thorough testing. Security validation requires thinking like a hacker and conducting various tests, considering the multiple points of entry attackers could use. Software updates for emerging threats require verification and compliance with UN R155 demands repeatable, well-documented testing approaches, often achieved through automation.
As vehicles become more connected and autonomous, their cybersecurity becomes increasingly critical and complex. Effective management of these challenges requires a committed industry to mitigate emerging threats and ensure safer vehicles for everyone's enjoyment.
Source:https://www.securityweek.com/automotive-security-threats-are-more-critical-ever/