Where is automotive cyber security headed?

Protecting cars against cyber threats will only become more vital as digital automotive technology progresses in complexity, scale and volume. By Gundolf Schmidt

Deloitte recently forecast that electronic systems will account for 50% of a new vehicle’s total cost by 2030. It’s no coincidence that the automotive cyber security market is projected to reach a value of US$13.9bn in the same year, according to a report by market research firm Meticulous Research.

Semiconductor supply chain disruption in the automotive industry has highlighted the extent to which modern cars rely on computing power. The number of ECUs in a single vehicle is now typically in the range of 100-150, depending on the exact systems equipped, and a car can comfortably feature 150 million lines of code. “Once, software was a part of the car. Now, software determines the value of a car,” said Manfred Broy, emeritus professor of informatics at Technical University,  Munich, in an article published by IEEE Spectrum. “The success of a car depends on its software much more than the mechanical side.”

Comprehensively protecting cars against cyber threats will only become more vital as digital automotive technology progresses in complexity, scale and volume

Developments in autonomous technology, connected services and the move to electric vehicles (EVs) will only increase the volume of software in new cars and their reliance upon it. Software will have a role to play in almost every conceivable function, from basic vehicle operation to EV range optimisation, connectivity, infotainment, autonomy, safety and more.

This shift from the purely mechanical machine to an almost entirely software-reliant ‘mobility platform’ poses several challenges for OEMs and suppliers, not least of which is the vulnerability of products to cyber security threats. The automotive industry has historically been behind the curve in this area, with a relatively low level of maturity in cyber security solutions and few dedicated in-house divisions.

This is partly because in the past, there have only been functional safety considerations i.e. fail-safety with regard to faults and damage. Now suppliers are adapting development processes so that control units are also safe in terms of cyber security—primarily to guard against deliberate manipulation.

Cyber security
The automotive cyber security market is projected to reach a value of US$13.9bn by 2030

There have already been documented research cases demonstrating how code can be used to enable hackers to send commands through entertainment systems. This afforded control of a range of functions, including the steering, brakes, and transmission, all from a remote laptop. Vehicle wi-fi capability has also been exploited, in conjunction with other systems, to control a car from a smartphone. By 2030, it’s likely that every new car will be connected to the Internet and have some form of smartphone integration, creating more opportunities for malicious activity.

Software over-the-air (SOTA) is an area of particularly rapid development, allowing manufacturers to save themselves money and their customers time by issuing updates to vehicles remotely, rather than in the workshop. Mercedes says that more than 50 electronic components on its current S-Class model can be updated with SOTA and Jaguar Land Rover has already issued more than three million updates to its vehicles in this way. SOTA introduces another area of vulnerability that hackers could potentially exploit if vehicles aren’t adequately protected, but it also allows manufacturers to issue cyber security patches and fixes when vulnerabilities are identified.

As proven in the past, the compromise of a single control unit in a vehicle can be enough to take over others. This could allow systems and features to be disabled or activated or, in the worst case, hackers could take complete control of a vehicle. The critical safety that cyber security solutions provide means there can be no weak points. And that must encompass the entire life of a vehicle, even if software on the vehicle has been superseded. If a car sold in 2030 is still on the road in 2045, cyber security software updates must still be available for it 15 years later.

We are living through a time of great technological change in the automotive industry, as much of the globe embarks on the process of phasing out new internal combustion engine vehicles in favour of EVs for 2030 and beyond. The rise of autonomous technology and the ‘connected car’ will also deliver major advances in convenience, experiences and functionality, and as users we want to be able to embrace and enjoy these developments.

From critical vehicle systems down to owners’ private data, comprehensively protecting cars against cyber threats will only become more vital as digital automotive technology progresses in complexity, scale and volume. For OEMs and suppliers, the challenge is to ensure that their investment in cyber security solutions keeps pace, ensuring future vehicles are a safe and secure ownership proposition for everyone.


The opinions expressed here are those of the author and do not necessarily reflect the positions of Automotive World Ltd.

Gundolf Schmidt is Senior Global Manager of System Safety at GKN Automotive

The Automotive World Comment column is open to automotive industry decision makers and influencers. If you would like to contribute a Comment article, please contact editorial@automotiveworld.com

 

Welcome back , to continue browsing the site, please click here