From connected and autonomous vehicles to electrification, the automotive industry is experiencing tremendous change as it edges closer towards a software-defined model. With the advent and adoption of the ‘connected car’, the industry is seeing a surge in demand for robust cyber security solutions, to mitigate the modern vehicle’s growing reliance on software and – as a result – its heightened vulnerabilities to cyber-attacks.
As the rollout of connected services continues to gather momentum, so too does the number of functions that software plays in the industry. The latest models are, increasingly, categorized as ‘software-defined vehicles,’ a trend set to continue driving the development of the automotive industry over the next five-to-ten years.
The rise in software-defined vehicles has seen the automotive cyber security market experience unprecedented growth, as OEMs and suppliers worldwide place a greater emphasis on – and investment into – ensuring security of these technologies against new vulnerabilities. According to market research firm, Grand View Research, the automotive cyber security market is on track to reach a value of $14.22 billion by 2030, at a CAGR of 20.93 percent from 2023 to 2030.
For decades, automakers have focused on mechanical vehicle development. Those that do feature software systems often become quickly outdated and present an array of vulnerabilities. In the age of digitized mobility, frequently making the difference between vehicles and brands, automotive cybernetic systems are critical. They crucially protect people’s personal data, keep people safe, healthy, and otherwise help to facilitate our modern society.
The rise and continual growth of software-defined automotive products will only continue to ensure the critical need for attack vectors to be protected against threat actors.
The increasing number of software applications within vehicles ranges from basic operation and body control systems to electric vehicle optimization, safety and advanced driver assistance systems (ADAS), infotainment and more. Self-driving vehicles, for example, rely on technologies including sensors and artificial intelligence to navigate roads without the need for human intervention, while connected cars use a suite of systems to communicate with other vehicles on the road, sharing data about their surroundings to improve road safety and efficiency.
The increasing reliance on – and volume of – software in modern vehicles does, however, open up new vulnerabilities, with forecasts indicating that, by 2026, all new cars sold in the UK will be connected to the internet and have some form of smartphone integration. This presents opportunities including data and privacy breaches, all the way up to vehicle thefts and break-ins via wireless key fob mechanisms.
According to cyber security and data management platform, Upstream, the top cyber-attack vectors in 2022 were telematics and application servers (35 per cent), remote keyless entry systems (18 percent), electronic control units (14 percent), infotainment systems (eight percent and mobile applications (six percent) with nearly all attacks (97 percent) conducted remotely.
Security Engineering Processes (SEPs) must be embedded into everything everyone does, like we do at GKN Automotive (closely aligned to the UNECE WP.29 (World Forum for Harmonization of Vehicle Regulations) for securing new and existing vehicle types). This ensures that all our products are in compliance with the requirements of UNECE R155 and the ISO21434.
This continual evolution of SEPs means a meticulous cycle of analyses and risk treatments cover against all existing cyber risks.
As the development of connected cars and autonomous technologies continues to progress, vehicles are becoming more complex and, unfortunately, increasingly susceptible to malicious activity. The more complex code, in turn, requires more sophisticated software solutions to ensure each line of code is secure, with the compromise of even a single control unit in a vehicle acting as a significant enough vulnerability for hackers to exploit. To put this into context, the number of electronic control units (ECUs) in a modern vehicle is typically between 100 and 150, and a car can now quite comfortably feature 150 million lines of code.
Keeping customers safe
Automotive cyber-attacks have increased by 225 percent in the last three years, highlighting the necessity for the development and deployment of robust cyber security solutions, as the industry continues to deliver major advances in software technologies.
Another area of particularly rapid development within the industry is software over-the-air (SOTA), which enables manufacturers to rollout upgrades to a system – such as the infotainment and navigation – remotely and on a routine basis, typically via cellular connection or Wi-Fi network. Aside from significantly improving the user’s in-car experience, one of the key advantages of SOTA is that the capability saves manufacturers money and resources, and their customers time, by removing the need to issue updates in-person.
While SOTA introduces further potential vulnerabilities for hackers to exploit if a vehicle’s security is compromised, it also enables OEMs to issue cyber security fixes when a vulnerability has been identified, contributing to the overall enhancement of automotive cyber security.
GKN Automotive has developed a set of features to cover all cyber-security needs including the use of secure boot, reprogramming, onboard communication, diagnostic, logging, storage, manipulation protection and life cycle management. These all meet the UN’s regulations 155 (cyber security) and 156 (software updates) to ensure the vehicle is and stays compliant with vehicle type approval.
As the industry undergoes great technological change, with an increasing reliance on software and connectivity, the challenge facing manufacturers will be to ensure that their investment in cyber security measures keeps pace with advances in automotive technology capabilities.
The establishment of GKN Automotive’s security team has a dual focus, protecting against threat actors today while simultaneously driving forward the conceptual work of cyber-security risk management in the future.
A key goal for the team is to participate in international committees to influence future standardization initiatives. The goal here is to use our expertise to help guide the future guidelines, keeping customers safe.
While the rise of autonomous technology has the potential to leave users more susceptible to malicious activity and hacks, it also presents opportunities for improvements in the safety and reliability of these same technologies, as well as major advances in convenience, experiences, and functionality.
For a list of the sources used in this article, please contact the editor.
Gundolf Schmidt is Senior Global Manager of System Safety at GKN Automotive, a world-leading global automotive technology company at the forefront of innovation. Its origins date back to 1759 and for the last 70 years it has been putting key technologies into series production. It is the trusted partner for most of the world’s automotive companies, specializing in developing, building, and supplying market-leading drive systems and advanced ePowertrain technologies.