Manav Kapur, Executive Director, Steelbird International shares his thoughts on Automotive cyber-security and OEMs, along with how they are interconnected.
In the technology-driven era, the integration of IoT and car technology has blessed customers with an all-new driving experience. Besides, remote managing features and well-equippedservice stations are enhancing their user experience. Connected, autonomous, shared and electrified vehicles are soon going to steer the automobile sector into AI-enabled future. According to an independent study by CEEW Centre for Energy Finance (CEEW-CEF), the EV market in India will be a US$206 billion opportunity by 2030 if India maintains steady progress to meet its ambitious 2030 target. This would require a cumulative investment of over US$180 billion in vehicle production and charging infrastructure.
Automobiles, especially cars are getting smarter each day in terms of functionalities like intelligent dashboardand advanced automated driving. Also, certain features like multi-modal interaction, multi-display interaction, 5G connectivity, V2X, OTA and digital keys are increasingly becoming common in the new-age connected vehicles. The industry has also witnessed steady growth in the recent years. According to study done by Statista on Indian automotive industry, the market of connected cars is expected to increase from almost 40 per cent in 2020 to over 70 per cent in 2025.
However, when a system gets digitally connected, it also becomes vulnerable to cyber security threats. Without proper cyber security, the smart vehicles remain exposed to attacks on server, digital key, mobile applications, OBD port and others, which can enable a malicious party to harm the vehicle or hurt the company or steal sensitive information like customer data.
Regardless of who owns the data, the security of the telematics data becomes the responsibility of all stakeholders – the car-fleet, Original Equipment Manufacturer (OEM) or a third-party Telematics Service Provider (TSP). While the cyber-security has been emerging as the key focus area for the car industry, the OEMs are also exploring the area, since they need to assess the cyber-security vulnerabilities of their products too. The OEMs have significant IT and OT operations which are exposed to cyber threat and often they might lack internal resources to address the issue. Whether it is in-house or third-party TSP, channel partners and the OEM are equally accountable for securing the telematics data; thereby gradually moving towards the next level of technologically advanced automotive sector.
The automated cars are exposed to cyber security threats and manipulations of its electronic systems, communication networks, control algorithm, software and underlying data. Most new-age cars with advanced features have around 150 Electronic Control Units (ECUs) and millions of lines of source codes, which are vulnerable to cyber attacks. Thereby, OEMs are also seeking third party assistance to secure the ECUs and also conduct intensive testing of both the Internal Combustion Engines (ICEs) and the Electric Vehicles. This will also lead the manufacturers to develop and design systems in compliance to the global cyber security standards.
The OEM head units are comprised of several boards and a TCU with a unique IP address to maintain communication through designated ports. Generally the Country Specific Board (CSB) poses major cyber security threats. Thereby, thorough assessment of their cybersecurity vulnerabilities, proper segmentation of networks and managing their access, creating and testing recovery plans, and properly training personnel becomes the key for OEMs when it comes to eliminating cyber security threats.
Moreover, as the OEMs serve the car fleet clients too, they should seek automotive cyber-security expertise to avoid being compromised and quickly implement damage-mitigating measures; thereby, shield their client data and client lists. It is also necessary for the OEMs to partner with third-party cyber security firms ensure adequate safeguards against security threats and properly inform employees regarding the same.
The major requirements of OEMs to safeguard their software systems and hardware equipment through the third-party include risk assessment of supplier operations, implementing dual authentication for equipment log-in, means to isolate equipment for data/registration codes and inputs/outputs, assured security for remote connectivity, backup and recovery systems, and protected updates for hardware and software.
From the very early stage of equipment design, cyber security should be kept in prior in line with how the equipment will be connected to a network, components to be connected to the machine, and how those components can be secured better, how new equipment can be integrated into operations; thereby, to enable remote services in the future.