The vehicles we use today are more or less like data centers on wheels. Modern age cars support up to 150 Electronic Control Units (ECUs) and 100 million lines of code. This means that the data flows in and out of the vehicle from multiple sources. There are millions of connected cars running on the road already and every point of connection is a potential target for hackers.
The automotive cyber security risks are gravely terrifying. Hackers can entirely control the vehicle from any remote place. Some university researchers practically did this as a part of their research work. In Nov. 2020, they hacked and stole a Tesla Model X in 2 minutes. They required a key fob, a Raspberry Pi and a replacement engine control unit and it cost around $200. So you can understand the importance of cyber security features for your vehicle. There is a potential risk that your car data might be intercepted for financial reasons. Say a malware is installed into the vehicle’s operating system and payment is demanded to remove it.
Unfortunately we have so many cases of security threats. There has been a 605% rise in such incidents since 2016 and 6 out of 10 cases were carried out by criminals whose mere intentions were to disrupt businesses, steal property and demand ransoms. Companies like Keyfactor already started working on cybersecurity compliance methodologies to reduce the security risks.
The automotive industry has taken cyber security protocols seriously and the manufacturers are working hard to defend against threats. There is the Car Connectivity Consortium (CCC) which provides a forum for sharing standards and further suggestions regarding this matter. However, the measurable action needs to be taken by all the participants in the value chain.
The United Nations has brought various car safety laws since 1950s. The stress has been laid on improving the safety of vehicles and passing of regulations regarding use of seat belts, steering wheels, headlights, etc. From 2018 onwards it is taking step in regard with the automotive cyber security standards.
The United Nations Economic Commission for Europe (UNECE) put forth new WP.29 regulations. Its main motive was to make sure that all car makers meet clear performance and audit requirements of the vehicles before hitting the road. It said that an ‘Approval Authority’ will closely monitor the participating manufacturers. Cybersecurity in automotive sector was unregulated so far but the scenario is changing now.
The WP.29 cybersecurity regulations got approval in June 2020. The automotive sector got a framework for:
- Identification and management of the cybersecurity risks in vehicle design
- Verification regarding risk management
- Current risk assessments
- Monitoring and responding to attacks
- Analyzing the successful or attempted attacks
- Reviewing cybersecurity measures with regard to new threats
- Ensuring security lifecycle management across each phase of development, production and post-production
European Union has adapted the WP.29 regulations and made it mandatory for all new vehicle types from July 2022. South Korea and Japan have also accepted the regulations. These three regions altogether produced 32 million vehicles in 2018. With the laws being framed and imposed, the UN is making automotive cyber security standards non-negotiable. In the coming future, the motorists should also factor out the cyber security into their buying decisions like air-con or heated seats.
How the consumers are reacting? A study was conducted by IBM which stated that 62% of consumers would consider the brand providing better security and privacy features. Cybersecurity is more than a defensive measure. The reduction in crimes boosts the trust factor in the mind of consumers. The car makers can also accelerate the development of the new features and business models such as:
- Sharing of the ownership/access systems
- In-car detection system
- V2V communication system to broadcast the car’s position and speed with regard to other connected vehicles to avoid accidents
- Automatic payment system for parking, battery charging, fuel, etc.
- Real-time information system for live journey planning.
- Smartphones and voice integration system
- Location triggered alerts like marketing alerts which are sent by the local businesses to the in-car display.
Therefore, we see that the automotive industry has witnessed major technological changes and the vehicle manufacturers should prepare themselves to align their connected car data security practices with international regulations and standards.