Cybersecurity is a rising concern of the automotive industry as it sees increased digitization, according to a new Omdia report. 

In the past few years, cars have shifted from simply a method of transportation to providing entire experiences. Now, automakers are outfitting cars with a range of digital tools including in-car gaming and entertainment, as well as still-emerging autonomous navigation and driving capabilities. 

Yet with the rise of connectivity comes the increased risk of vulnerability from bad actors – something the automotive industry is typically unfamiliar with.

“The digitization of the industry pulls automotive manufacturers and their suppliers into the realm of cybersecurity,” said report author Hollie Hennessy. “Once primarily concerned with safety and physical malfunctions, now the automotive industry needs to contend with cybersecurity considerations on top of this.”

“Developments in car connectivity have happened rapidly over the last 13 years, and thus having to consider and implement cybersecurity is a relatively new concept for automakers, as opposed to in the IT space,” she added.

These vulnerabilities can be anything from hardware and software weaknesses to connected third-party devices and infotainment systems. 

A now-famous example of what can happen when smart cars are hacked was seen when researchers hacked into a Jeep in 2015. Using the WiFi system to hack into the car’s multimedia system, the team was able to control everything from the radio station to the volume, and even track the car using its GPS navigation system. 

With the kind of capabilities integrated into a car far more advanced than in 2015, such a situation could prove incredibly dangerous for drivers, with new levels of personal data now attached to vehicles. As a result, cybersecurity demands in the industry are on the rise.

“Further technological developments in the automotive space will again demand an increased focus on cybersecurity,” said Hennessy. “V2X (vehicle-to-everything) technology is developing and is likely to be deployed in the next couple of years. From a security perspective, this throws even more data into the mix to be handled by vehicles, as well as widening the attack landscape.”

In addition to increased demand for innovators to improve in-vehicle security, there is also the need to shift the regulatory landscape to accommodate the digital era. 

“There have been significant developments when it comes to industry regulations and standardization in the last few years,” said Hennessy. “The industry has a widely used standard, and multiple participating countries are now covered by the UNECE WP.29 regulation – covering assessment, testing, monitoring, detecting, responding and management across the vehicle’s lifecycle.”

Yet, according to Hennessy, gaps remain in regulation. For one thing, the UNECE regulation isn’t globally applicable, though she notes the standard it aligns with is “used widely across the globe.”

“There are also other regulatory and compliance requirements in the sector which combine hardware and software together when granting approval – this can be a hindrance when it comes to security updates, which need to be applied after the fact,” she said. 

Overall, the shifting demands and parameters of the automotive market have resulted in what Hennessy terms a “culture change” when it comes to cybersecurity. 

“Across the supply chain, assurances need to be in place to confirm cybersecurity has been considered and best practices implemented,” she said. “In the automotive sector, cybersecurity needs to be factored in now, throughout development, production and post-production phases of the car. Connectivity and a technology shift towards software-defined vehicles will require a DevSecOps approach and continual monitoring and management.”

The market for automotive cybersecurity solutions and tooling is still relatively new, but it’s growing. Emerging tools include solutions for embedded security,  visibility, detection and response at every stage of the supply chain – from development to post-production. With vehicle capabilities as a continually developing market, cybersecurity can similarly be expected to adapt to address new vulnerabilities as they arise. 

Read the full Omdia report >>>