Calming Automotive Cybersecurity's Perfect Storm

Of all the challenges facing the automotive industry – chip shortages, electrification, automation – none is more troubling than preserving cybersecurity.? Automobiles are comprised of hundreds of modules and each module may have a dozen or more components including software and hardware along with the relevant suppliers.

Auto makers are essentially obliged to vouch for the cybersecurity hygiene of hundreds of those suppliers with limited means, a few essential standards and regulations, and a lot of faith.?Cybersecurity is something taken for granted by the consumer – certainly not something the customer wants to pay for separately.? And the last thing any car company wants to acknowledge is the existence of a cyber vulnerability.

Car makers are not only obliged to vouch for the cybersecurity of their many suppliers, they are also obliged to share known cybersecurity vulnerabilities with the Auto-ISAC industry organization which serves as a platform for the sharing of this information. ?The role of the Auto-ISAC is especially essential in the automotive industry where cars and car companies share suppliers and components – including hardware and software.

The leadership of the Auto-ISAC notes that it is receiving and sharing such reports on a daily basis, but, of course, not with the general public.? There is a not-so-small industry of white hat hackers probing automotive systems from around the world.? This robust eco-system of ethical hackers is doing its best to keep auto makers on their toes, tracking down and flagging up vulnerabilities to be corrected before the “bad guys” take advantage.

Thankfully there is a growing ecosystem of cybersecurity solution providers pro-actively taking on this challenge.? One such supplier is Cybellum with its Digital Twin automated cybersecurity analysis platform.

The objective of the Cybellum solution is to identify cybersecurity vulnerabilities during the design and development process – as hardware and software components are coming together from different suppliers – before they enter production. ?The tool is also able to support forensic activities where and when vulnerabilities emerge in the field.

Strategy Analytics and Cybellum interviewed automotive industry executives regarding their cybersecurity counter measures, philosophies, and strategies.? What emerged was a picture of a still coalescing industry-wide campaign taking many different forms and reflecting differing levels of commitment.

The good news is that the automotive industry has largely remained “out of the headlines” in the past couple years while power, fuel, and water supplies and financial and government institutions have been successfully breeched by hackers. ?In a world of connected cars, auto makers understand that cars represent a point of access to personal data, corporate assets (network operating centers), and the power grid (charging stations). The risk is real.

Shipping new products with confidence requires tools, such as Cybellum’s Digital Twin Platform, that instill and establish that confidence.? No single tool can solve the cybersecurity challenge facing the automotive industry.?The Cybellum Digital Twin Platform is one of many such tools.

For further insight:

“Keeping Vehicles Safe in the Age of Software” – Strategy Analytics white paper.- https://tinyurl.com/4bzf6r2k

“VEX – Protecting the Software Supply Chain from Hidden Threats” – Cybellum blog - https://tinyurl.com/3s8eteer