The world of automobiles is undergoing massive transformation, the end product (vehicle) is no longer a completely inhouse built/ integrated system, and there are too many components which are now at play originating from other domains such as Consumer Tech, Enterprise Tech, and Mobility Tech, etc. This resulted in a high degree of democratization and distributed buying/ Integrating of multivendor systems. Which then resulted in the creation of gaps, weakness in what has been a ruggedized, matured technology stack.
The new components we are referring to here could have very well been secure in the industry they originated but not necessarily in their reincarnations in the context of the automotive world. The Auto Manufacturers though have worked very hard to establish various process of their operations and this massive change (compression, expansion and optimization, all at the same time) in the value chain; Our solutions specifically address these gaps/ voids in this new value chain using the mix of Process Change, Tool Chain and Point Solutions and to Encapsulate the system holistically we offer a strong management console to bring in cyber assurance for our customers to stay ahead in the cyber threat-addressal cycle.
As the world around is transforming into a Digital-first society the cyber threats cast a very dark shadow on our meaningful existence. Transportation is evolving from personal to multimodal, shared and autonomous where the dangers of cyber-attacks cannot be highlighted enough. Vehicles are CPS or cyber-physical systems and their Cyber security vulnerabilities could impact the safety of human life. They are connected computers on the wheel that can attract hackers to attack the vehicle fleet for different interests, be in ransomware attack for money, targeted attacks, attacking commercial vehicles for business loss, stealing vehicle owners or OEMs IP or damaging the manufacturer brand.
Today’s vehicles are moving towards more software platform with millions of lines of code as compared to traditional largely mechanical based. By looking at the general benchmark of vulnerabilities vs code size, each shipped car may have 750 vulnerabilities.
As also mentioned by McKinsey, a top advisory firm – Digitization, a critical step in Automation has enlarged the attack surface & increased the cyber risk. Typically in a connected vehicle, there is not one but there could be many ways through which a hacker can get access to your vehicle:
Autonomous and connected vehicles make use of sensors and complex algorithms to detect and respond to their surroundings. The automotive sector too has realized the benefits of connecting vehicles to the internet. Using the data coming from the connected vehicle, drivers or car owners gain easier servicing and maintenance notices, and on the other, OEMs or manufacturers can use it to improve driving experience, services, upgrade software, boost marketing, while vehicle-fleets can use it for diagnostics such as maintenance alerts, break-down reports, improved logistics, and even to monitor driver behaviors. Passenger & commercial vehicles, two wheelers, shared scooters, automotive fleets and Government agencies all fall under the autonomous eco-system that is highly vulnerable to cyber threats that range from vehicle theft, navigation attack, ransom-ware, geo-fencing attacks to software & security breach, and sensitive data theft.
Automotive Cyber security is one of the top concerns for manufacturers today. It is a top concern for the analyst, and as per projection, if there is no action taken in time, this threat can cause up to $24 billion-dollar monetary loss by 2023. Another big concern is misusing this technology by the bad guys for the wrong purpose. Similar to the warning issued by the FBI in the past against the threat from terrorist organizations. As being the critical infrastructure, this can also impact the nation’s economy. Different governments and organizations have started working on standards and Cyber security strategies. While the UK government has released automotive Cyber security guidelines, the World Forum for Harmonization of Vehicle Regulations under the United Nations Economic Commission for Europe (UNECE) is expected in 2020 to finalize its regulation on Cyber security and software updates.
At SecureThings we believe that it is important for the automotive industry to make vehicle Cyber security an organizational priority. The reasons being that as we keep adding new technologies, be if for vehicle safety purpose like advanced driver assistance features, for example, lane assist, prior crash warnings, programmed crisis braking or for owner ease like getting vehicle operational access through voice commands like Alexa, we are making the vehicle more vulnerable to cyber-attacks. The structures and parts that govern safety must be secured from unsafe assaults, unapproved access, harm, or whatever else that may meddle with security capacities.
SecureThings offers a Cyber security solution suit for always connected, purpose-built or even fully electrified vehicles. The solution uses real-time protection architecture quintessential for distributed, complex and data-driven systems such as a car. However, most of the automotive subsets are based on distinct generational innovation/ IP built by the OEMs which is what differentiates one brand from another thus what the OEMs need to get to a cyber protected product is a phase of assessment to ascertain the present cyber worthiness of their systems. SecureThings provides sophisticated Cyber security assessment, Penetration Testing and Ethical Hacking services critical to OEMs and Tier1s’ to begin this journey.