An Evolving Automotive Value Chain Raises Cyber Security Concerns
Vulnerable production processes, shifting business models, and the surge in the amount of code used in connected vehicles raises new challenges for automotive cyber security
Connectivity brings new development challenges to the automotive value chain. Changes in consumer demand led by the smartphone revolution open a whole range of new applications, not least of which is the opportunity for vehicle sharing. These new solutions and the new software applications that underpin them bring more code into the vehicle, and potentially more threats.
An Evolving Value Chain
Traditional vehicle production cycles could range anywhere up to 5 years, from design to rolling off the line. This process is gradually shrinking, as vehicle production times start to look more like software cycles. This in part is being driven by the large amounts of new technology within the vehicle, technology that is evolving at a pace that far outstrips the mechanical evolution of the vehicle.
Because of these speeds, and because of the safety critical nature of a lot of these technologies, potential cyber security threats loom on the development side. Manufacturers must take this into consideration.
Shifting Business Models Raise Cyber Security Concerns
Software, smartphone, and connectivity innovations are changing consumer tastes, and impacting vehicle ownership models. Peer-to-peer ride sharing services such as Uber and Lyft, as well as other car-sharing services that let you use a car on a timed or cost-per-mile basis, are driving the costs of this sharing economy down, to the point where it’s more economical to share a car than it is to own one.
While we are seeing this predominantly in urban areas where there is less incentive to own a car (economy, parking cost and availability, higher insurance costs, etc.), it’s become a key trend, with mobility as a service (MaaS), being taken seriously throughout the automotive industry. From a cyber security perspective this raises some interesting thoughts.
When you spend a lot of time in a vehicle you notice when something changes. If there is a strange new sound or if an infotainment system becomes buggy, you’ll notice it and either get it fixed or accept it as a quirk of your vehicle. Would you notice these things in a vehicle you’d sat in for the first time that morning? Would you even care if you didn’t own that vehicle, and responsibility for general safety and repair wasn’t yours?
Cyber Security Concerns Must Be at the Forefront of Development
It is with this anonymity in mind that we must consider security. With public access to large fleets of vehicles, there is the opportunity for hackers to access financial and personal information by leaving malicious software on publicly used infotainment system, enabling them to hack users of these vehicles.
Additionally, new dedicated interfaces and connectivity options means more code in the vehicle. Larger amounts of code mean more potential defects. These defects can be exploited by hackers in any number of ways. It’s important that software developers, vehicle designers and manufacturers develop a security mindset, approaching their processes and procedures with cyber security in mind.
The value and supply chain are a vital part of any multilayered security strategy. If you would like to learn more, download our 2018 strategic review to explore these and other related factors affecting the automotive industry.