Asymmetric Attacks with Unknown Motivations Heighten Vehicle Vulnerability and Highlight Importance of Multi-layered, End-to-end Security Approach
LONDON — The move toward connected and autonomous vehicles is reflected in the increasingly complex electronic and digital architecture of vehicles. However, while the focus has been resting on the value derived from these technologies, the risks and threats associated with them tend to be overlooked.
New analysis by Frost & Sullivan, “An Insight on Cybersecurity Complexities and Initiatives in the Automotive Industry,” finds that car manufacturers are acknowledging these realities and are increasingly making automotive cybersecurity a strategic priority. In response to the heightened vulnerabilities of today’s highly connected and digitised vehicles, automakers are actively developing inclusive, multi-layered security solutions.
“Connectivity provides numerous customer experience, safety, as well as commercial and societal benefits, provided that they can be secured,” noted Byron Messaris, Senior Mobility Consultant at Frost & Sullivan. “A new class of companies is beginning to launch and scale solutions that will provide the necessary layers of protection to ensure that the potential of connected vehicles is not undermined by security vulnerabilities. We have also been witnessing a certain degree of M&A activity in this industry, demonstrated by Continental’s acquisition of Argus and Samsung-Harman’s move to invest in TowerSec.”
To download the Automotive Cybersecurity white paper, please click.
In an already connected world, it is easy to imagine highways where vehicles communicate and interact with one another and their environments. By 2025, connected vehicles will comprise 80% and 90% of new vehicle sales in Europe and the US, respectively.
Such connected technologies will drive automotive efficiencies but also will create an array of security threats. These range from unauthorised access and tampering with car applications to loss of vehicle control due to a hostile takeover.
In this context, symmetric, known threats undoubtedly present a challenge. Nevertheless, dealing with asymmetric attacks with unknown motivations poses a bigger problem for both commercial fleets and passenger cars.
Companies like SafeRide have developed technologies that, beyond the prevention of known threats, profile vehicle behaviour and detect anomalies that expose unknown threats by using artificial intelligence and machine learning.
Solutions like Irdeto Cloakware offer a framework for protecting the digital assets of vehicles, including software and proprietary data, against tampering as well as data and intellectual property theft.
“The right security solution can reduce exposure and provide mitigation-driven solutions that address symmetric and asymmetric cyber threats,” said Messaris. “Industry leaders are becoming more proactive in analysing their vulnerabilities and developing solutions that strengthen their leadership position. This is being paralleled by customers placing greater value on the ability of OEMs to deliver on security and privacy parameters, especially for connected/semi-autonomous cars.”
The research underlines that partnerships between vehicle manufacturers and cybersecurity vendors are set to become more widespread, and their success will hinge on developing end-to-end, holistic security solutions that embrace the spectrum from design to real-world vehicle operations.