What and How to Prepare for Automotive Cybersecurity Incidents
In the previous article, we saw that the growing number of connected cars open new business opportunities such as car data monetization. However, as every coin has the other side, the growing connectivity of vehicles has also brought in cybersecurity issues.
What is automotive cybersecurity?
Whereas functional safety is about protecting systems or equipment from technical failures and ensuring correct operation in response to inputs, cybersecurity is about protecting systems against attacks, intentional or unintentional.
Why Cybersecurity Is an Issue
The automotive industry is apparently going through a disruptive transformation led by the four megatrends – autonomous driving, connectivity, electrification, and shared mobility, in the alphabetical order – that are built on the digitalization of in-car systems. As a result, a connected car today is known to contain over a million lines of code.
This bunch of software code and the data generated by those digitalized in-car systems turn connected cars into tempting targets for cyberattacks, and without proper protection in place, cars and the data will be vulnerable to those attacks. What is worse? Different from cyberattacks in general that have limited impact to the online domain, cyberattacks against cars can physically endanger the passengers.
What Is Going on Around Automotive Cybersecurity
According to Upstream Security, an automotive cybersecurity solutions provider, the number of automotive hacking incidents has continuously increased every year by 94% on average since 2016, and it has almost doubled only in 20191). The several years old concerns over cybersecurity has become a reality.
In response to the danger of cyberattacks against cars and the increase of automotive hacking incidents, the United Nations Economic Commission for Europe (UNECE) adopted two new UN Regulations, one on cybersecurity and the other on software update, in June. They will enter into force in January 2021.
The regulations require that measures be implemented across four distinct disciplines:
• Managing vehicle cyber risks;
• Securing vehicles by design to mitigate risks along the value chain;
• Detecting and responding to security incidents across vehicle fleet;
• Providing safe and secure software updates and ensuring vehicle safety is not compromised, introducing a legal basis for so-called “Over-the-Air” (O.T.A.) updates to on-board vehicle software2)
1) UPSTREAM SECURITY’S GLOBAL AUTOMOTIVE CYBERSECURITY REPORT 2020, Upstream Security
Reshape the future of your automotive business with
webOS Auto is an out-of-the-box in-vehicle infotainment platform that allows effortless adoption and guarantees seamless user experience.
According to UNECE’s announcement, it is known that Japan has implied it would apply these regulations upon entry into force and that Korea plans to introduce the provisions of the regulation on Cybersecurity in a national guideline in the second half of 2020 and proceed with the implementation of the regulation in a second step. European Union will obligate automotive manufacturers to comply with the new regulation on cyber security for all new vehicle types from July 2022 and for all new vehicles produced from July 2024.
Be Ready for Cybersecurity Issues
Computers, servers, and mobile devices connected to a network can be a target for cyberattacks. As mentioned, a connected car is like a huge digital system and at the same time a data clearing house and accordingly is no exception. Electronic components run by software code, interfaces through which those components communicate with each other, connectivity to the Internet, data networks between vehicles and infrastructure or backend systems, and so on are all potential victims.
Managing cyber risks requires a staged approach. Proper security measures should be prepared and implemented to minimize cyber risks from design and development to manufacturing, and even after manufacturing, ways to detect and resolve vulnerabilities should be planned and put in place. In particular, a plan to provide software updates if a risk or vulnerability is found, for example, over-the-air (OTA) update, shall be part of them. Passing a certain test in the production line does not guarantee all-time cybersecurity of a vehicle, and the reasonable approach, not perfect though, will be consistent and systematic monitoring and management throughout the entire lifecycle, from component design to software update.
webOS Auto, LG’s automotive infotainment platform, is armed with a variety of security functions, such as integration with powerful security solutions and OTA update of software and security policies, to cope with automotive cybersecurity issues.
As long as the advancement of autonomous driving technology and the expansion of automotive connectivity are on the track, automotive cyber risks will accompany them as unwelcome but inevitable byproducts. It applies to all players in the industry, OEMs, Tier-1 suppliers, automotive solutions providers, and automotive services providers.
Each enterprise has to assess its capability to respond to cybersecurity issues first and if necessary consider partnership with tech companies or purchase of security solutions. In the short term, it is to prepare for the implementation of UNECE’s two new regulations regarding automotive cybersecurity, and in the long run, it is because cybersecurity will be one of the essential capabilities that a player in the automotive industry should hold.
Driver Monitoring System 101People don’t like to face an unexpected situation, because it could make them feel embarrassed, put them in danger, or take away their ability to properly react. That is...
The four major trends in the automotive industry - connectivity, autonomous driving, electrification, and shared mobility- are largely enabled by the growing power of software, and those trends are...
The world is overwhelmingly connected than ever. Moreover, evolutions in connectivity yet to come will stimulate more innovation in a wide range of domains, and vehicle industry is definitely one of...