24 May Automotive Cyber Security – Threats to OEMs and Drivers
Connected vehicles are no longer a futuristic vision, they are now a global reality. Today’s vehicles are equipped with IoT-enabled devices that provide live tracking, remote start and stop, remote access, temperature control, maintenance scheduling, and autonomous driving.
These new connected capabilities are revolutionizing the driver experience. They have also significantly increased our vehicle’s exposure to cyber-attack. If unchecked, these malicious attacks can have catastrophic consequences for drivers and automotive OEMs.
The Automotive Cyber-Threat Landscape
A typical car or truck today contains more than a billion lines of code and dozens of custom electronic control units, telematic control units (TCU), internal gateways and internet connectivity. All this connected technology has vastly improved vehicle performance, comfort, and reliability. On the flip side, it has also provided potential accesses to cyber-criminals.
Hackers can now launch an attack from the internet to compromise vehicle performance, reliability, and safety. These attacks can take many forms, including:
- Unintended airbag deployment: Unexpected airbag deployment can injure the vehicle’s occupants and cause collision with other vehicles.
- Remote brake activation: Hackers remotely activate braking systems on cars or trucks that are operating at speed.
- Sudden vehicle acceleration: Vehicle accelerates to high speed leaving driver with no speed control.
- Unauthorized access to navigation system: Malware can be inserted into vehicle GPS systems resulting in navigational havoc for drivers.
- Vehicle lock-out: Owners can be locked out of their vehicles and forced to pay a ransom for lock-out removal.
- Hacking of onboard vehicle diagnostics: Cyber-criminals can contaminate or disable onboard diagnostics resulting in faulty performance indicators and degraded reliability.
Each of the above attacks have the potential to be targeted towards large volumes of vehicles of the same makes and models. These attacks pose a significant threat to the safety of our highways and to the health of our drivers.
The Impact to Automotive OEMs
Over the past decade, millions of vehicles across top OEMs have been recalled due to security vulnerability issues. In many cases, manufacturers have been slow to respond to the new threat landscape. Automotive security has often taken a back seat to development of new connected products and systems. The resulting security gap exposes OEMs to risks that will continue to accelerate. Those risks include:
- Higher warranty costs: Higher costs associated with repair or replacement of IoT devices and equipment that have been compromised via cyber-attack.
- Increased liability exposure: OEMs can be subjected to crippling legal actions resulting from cyber-attack-induced injury or death.
- Loss of consumer confidence: A rash of cyber breaches can erode consumer confidence in targeted vehicle makes and models.
- Tarnished brand value: Brand value can be diminished in ways that can take years to repair.
- Reduction in sales revenue: Loss of revenue for the entire automotive OEM chain due to the trickle-down effect of high-impact cyber-attack.
- Higher operational costs: Operating costs (quality, design, logistics, etc.) can escalate as automotive manufacturers and OEMs struggle to react to escalating security attacks.
- Degradation in share price: All the above can combine to create a sharp downward trend in a company’s share value and create a prolonged period of financial instability.
What is Needed?
Getting ahead—and staying ahead—of the evolving cyber-threat landscape will require the adoption of new technologies throughout the entire automotive production chain. The backbone of advanced automotive cyber security will be provided by advancements in Edge-native AI threat detection protocols. These new endpoint AI solutions will effectively harden vehicle security via enablement of a host of next-generation capabilities, including:
- Edge-native AI solutions specifically designed to operate on low-powered automotive hardware
- AI security algorithms trained and embedded at the device/sensor endpoint
- Raw TCU data processed at the endpoint vs transmission to a cloud environment (faster, more reliable, lower cost)
- Predictive insights into vehicle status and security risks
- Intelligent workflows that provide automated alerts and responses
- Quickly scalable to cover large fleets of vehicles
- Fully customizable to accommodate any specific automotive OEM security requirement
Cyber-security is not a static thing. Malicious actors are constantly developing new mechanisms for attack. The automotive industry will continue to be a prime target and will need to place intense focus on development of effective countermeasures. The safety of our vehicles and our highways depend on it.