AUTOMOTIVE CYBERSECURITY
Team 5
Introduction to automotive cybersecurity
Automotive cybersecurity is to protect automotive electronic systems, software, users
and data from unauthorized access, damage and manipulation. As the automotive
sector is shifting toward more connected and smart vehicles more risks and threats are
faced by the manufacturers and car owners.
It wasn’t a surprise for cybersecurity experts to hear that Uconnect information system
in 1.4 million vehicles manufactured by Fiat Chrysler Automobiles wasn’t vulnerable
which forced FCA to recall them because humans in general have a long history of
making or developing information technology with vulnerability issues.
Autonomous driving
A self-driving car which can recognize the surrounding environment and move with little
or no human interfere.
Risks related to Autonomous driving:
1. Autonomous driving cars have a lot of sensors and equipment that can be
jammed or manipulated.
2. Autonomous driven cars have a significant amount of data about the travels and
potentially some of the communications of its passengers so, leaked information
such as your payment method or personal information being stolen is another
issue.
3. can be easily manipulated because of the many codes and numbers the car has
to maintain a safe environments
4. Physical attacks: Certain attacks could be carried out by those with physical
access to the vehicle. Vehicular systems that are exposed to passengers such as
USB ports or OBD-2 ports might provide mechanisms to allow for malicious use
or exploitation.
How new Technology could be vulnerable?
The software is now literally in the driver's seat, driving the auto industry and
redirecting the way it has been organized since the time of Henry Ford - who has
famously said that consumers could have a car of any color. Speaking of Ford, we now
see leading carmakers like Ford saying that in order to be successful in the future of the
industry, they need to think more like a software company. Aside from the growing
importance of software, we see the car becoming a software platform that can support
a wider ecosystem and car-focused programs. As a result, the automotive industry has
more acquisitions, alliances and innovations than ever before. Car is becoming a
software platform that enables you to monetize ADAS functions, suspension functions,
engine functions and other value-added services. This is a great opportunity. The car is
becoming a mobile platform that will provide new, unconventional business
opportunities to automakers and give more focus on solutions like Advanced software
platform, In vehicle protection using electronic engine control unit (ECU) protection, invehicle network protection and connectivity protection will increase automotive cyber
vulnerability.
How major manufacturers will manage defense?
Cybersecurity will be nonnegotiable for securing market access and type approval in the
future Unlike in other industries, such as financial services, energy, and
telecommunications, cyber- security has so far remained unregulated in the automotive
sector – but this is changing now with the upcoming UNECE WP.29 regulations on
cybersecurity and software updates.4 Under this framework, OEMs in UNECE member
countries (see Exhibit 2) will need to show evidence of sufficient cyber-risk management
practices end to end, i.e., from vehicle development through production all the way to
postproduction. This includes the demon- started ability to deploy over-the-air
software- security fixes even after the sale of the vehicle. Other countries like China and
the US have so far not issued similar regulations, only guidelines and best practices. We
expect the new UNECE regulation to become a de facto standard even beyond its
members. Looking at today’s passenger car market volumes in only the ten largest
countries regulated under UNECE WP.29, the new regulations will likely affect over 20
million vehicles sold worldwide. This does not even include commercial vehicles, or any
other type of motor vehicle regulated under UNECE WP.29. Exhibit 1
Software vulnerabilities have been observed across the entire digital car ecosystem in
this spirit to ensure user safety, European Automobile Manufacturers' Association
(ACEA) and its 15 member companies today published a set of six key principles:






Cultivating a cybersecurity culture
Adopting a cybersecurity life cycle for vehicle development
Assessing security functions through testing phases
Managing a security update policy
Providing incident response and recovery
Improving information sharing amongst industry actors
Size of investment in automotive cybersecurity market and big
manufacturers efforts to reduce cyber risk.
According to (Automotive Cybersecurity Market Size, Growth and Industry Forecast by
2025 | MarketsandMarkets, 2021) the automotive cybersecurity market is estimated to
grow from 1.9 billion $ in 2020 to 4 billion $ in 2025.
Manufacturer's efforts to reduce cyber risks:
In 2018 BMW made a strategic investment in claroty to ensure safety and reliability of
industrial control networks also Some organizations conduct a bug bounty events in
which hackers try to find security issues and report them to the company to fix these
issues like when tesla announced the launch of its bug bounty program in March 2020
and offered 1million $ and a free car as a reward to any security researcher who can
hack their model 3 car.
Reference: Marketsandmarkets.com. 2021. Automotive Cybersecurity Market Size,
Growth and Industry Forecast by 2025 | MarketsandMarkets. [online] Available at:
<https://www.marketsandmarkets.com/Market-Reports/cyber-security-automotiveindustry-market-170885898.html> [Accessed 19 February 2021].