Digitalization has impacted the way the automotive industry operates, leading to shifts in business models and product development lifecycles. Modern cars are becoming more reliant on complex computer systems to manage various operations. Traditionally, OEMs in the automotive industry focused on manufacturing mechanical components for automobiles. However, with the integration of digital technology and software, their roles have expanded to include the design and development of advanced electronic systems.
Automotive manufacturers are now responsible for ensuring the security and reliability of these digital ecosystems. In recent years, notable cases have highlighted the pressing need for automotive cybersecurity. One such incident occurred in 2015 when Chrysler was compelled to recall 1.4 million vehicles due to a discovered bug that could potentially enable remote access to critical systems like brakes and transmission. Similarly, General Motors faced vulnerabilities in their cars and trucks that, if exploited remotely, could disable crucial safety mechanisms, including brakes. The ground-breaking Jeep Hack of 2015 went viral, showcasing what only seemed possible in Hollywood movies – remote vehicle control with the driver in it. The financial toll of such incidents extends beyond immediate expenses to include long-term impacts on consumer trust and market competitiveness.
On average, a modern car can contain anywhere from 50 to 150 electronic control units (ECUs) or more, each containing multiple chips and electronic components to manage virtually every aspect of vehicle operation. This includes advanced driver assistance systems (ADAS), electric power steering, adaptive cruise control, and more. Vehicles are becoming increasingly connected to the internet and other vehicles, enabling features such as remote diagnostics, over-the-air updates, and vehicle-to-vehicle communication.
This technological evolution has introduced a modularity trend, with the creation of modular components that are supplied by multiple vendors. Automakers are designing and fabricating less components in-house, acting increasingly as designers and assemblers in the electronics industry. However, this shift comes with its own set of challenges, such as limitations on computing power and highly complex systems with a growing number of interconnected components. Moreover, the lifecycles of automobiles are far longer compared to other electronic devices, meaning that security measures implemented during the design phase must withstand future attacks.
In light of the growing demand for connectivity and continued reliability of vehicles, the industry has developed security standards and certification schemes. The potential for cyberattacks and unauthorized access to critical systems poses significant risks to driver safety and vehicle functionality. Security standards and certification schemes provide detailed guidelines for securing the most crucial components.
The automotive industry should prioritize the implementation of robust security measures to protect against potential threats and mitigate (financial) risks by investing in security early on. This has impact on the manufacturers’ business models, as they must think ahead and prioritize the implementation of robust cybersecurity measures throughout the vehicle’s lifecycle. OEMs are now pursuing vertical integration (for instance, by building their own cybersecurity components or even software stacks). For automakers, this means not only securing individual ECUs but also implementing network-level defences and intrusion detection systems to monitor and mitigate potential threats in real-time.
According to McKinsey, the automotive cybersecurity industry is expected to nearly double in the coming decade. Attracting new skills and talent and collaborating with cybersecurity experts and researchers becomes essential to address security proactively.
Riscure is the established market leader in embedded system security and the source of the security relevant knowledge for the customers it serves. Specializing in the security assessment and testing of individual components (SOC, ECU, embedded microcontrollers, mobile and server applications, etc.) as well as reviews of security-focused technologies (TEE/OS, communication protocols, secure boot, cryptographic functionality, and robustness of countermeasures), we offer market-focused security training, tools, and security assessment and advisory.
Further reading on Side Channel by Riscure:
Read our latest Automotive Security Checklist, where we curated a list of the most crucial considerations when incorporating security into your product lifecycle.
Read our whitepaper Safety does not equal Security in Automotive, where we address the lack of attention on fault injection attacks by investigating two modern microcontroller units that receive the highest safety assurance rating (ASIL-D) of the ISO 26262 standard.
Read more about how a single exploitable vulnerability can be scaled and make harm to entire product lines in our whitepaper The Price We Pay for Faults.
