Imagine a concept that an OEM has been working on for years, and works just fine with no discrepancies. Now, a software company, with its permission, demonstrates and controls it in a way that even the OEM cannot retrieve the vehicle in their own space.
Yes, that is just how automotive technology companies in the space of cybersecurity are working to convince, showcase and spread awareness to the OEMs about the risk of cyber threats and potential damage.
As the integration of advanced technologies grows, electronics, software content, digitisation and internet connectivity is rapidly rising in the automotive industry, automobiles are more prone to cyberattacks.
It is important to note that cyberattacks can penetrate to the backend and even to the third party servers. It is not confined to any particular vehicle.
A McKinsey report titled ‘Cybersecurity in automotive- Mastering the challenge’, says that the cyber risk to modern vehicles increases with every line of code. This abundance of complex software codes is a result of both – the legacy of designing electronic systems in specific ways for the past 35 years, and the growing requirements and increasing complexity of systems in connected and autonomous cars. This amount of codes creates ample opportunity for cyberattacks – not only on the car itself but also on all components of its ecosystem
Harald Kroeger, President- Automotive, SiMa, notes that there is not a single car project that is being designed without software content today. The only difference is the pace of AI deployment, which is bound to increase in the upcoming years.
“Cybersecurity is a race between defense and offense, but now defense has got much better,” he said.
A ransomware attack may occur in the parking lots, car infotainment systems, or even domestic EV charging. With keyless control systems coming in place, hacking are typical examples for cyber-attacks on the vehicles.
Satish Sundaresan, Managing Director, Elektrobit India, stated that electric vehicles (EVs) are even more prone to cyberattacks as it involves electronics, and battery management systems (BMS).
Another instance is when EVs are connected to a public charger. Along with an energy exchange there is a certain amount of software exchange as well, which makes it easier to hack and get into the vehicle system.
This could be a big miss for OEMs, if no significant step is taken in due time, he said.
With this concern, Sundaresan said, electric two-wheeler makers in India are taking a lead, in a way that they are completely rethinking how scooters are being made. This includes deciding the network topology, software and then the vehicle design.
But what happens in the case of used cars? Experts suggest today, the data is either stored in the car or on the cloud. Most times, OEMs or the third party is privy to this data.
“Today, OEMs are wiping out the digital footprint of the users before letting out the vehicles in the market again. For the long term, we will need to regulate second hand car sale guidelines as well. This may also create a commercial challenge of who pays for it – the customer, dealership or the OEM!,” Sundaresan said.
Vikash Chaudhary, Chief Executive Officer, Hackersera, believes that automotive cybersecurity is a big business opportunity in the years to come. He noted that the ethical hackers and researchers are required to perform cyberattacks during homologation of vehicles to gauge and prevent it from a real malicious attack. “When we are testing the vehicles, our mindset is like hackers.”
However, Sundesaran stated that software lifecycle management could be one challenge. “Electronics components in cars come with a life cycle as long as the product. Changing them every few years could be complex and expensive. However, software needs timely upgrades and cannot come with a life span ranging as long as 15 years. In this case, software lifecycle management will become critical.”
“Now, cybersecurity will be required at every stage as the software that will be upgraded every few years, could be vulnerable to various threats,” he said.
According to a recent Allied Market Research, titled, “Automotive Cybersecurity Market by Offering, Security Type, Application, and Form: Global Opportunity Analysis and Industry Forecast, 2021-2030,” the global Automotive Cybersecurity market was valued at USD 7.23 billion in 2020, and is projected to reach USD 32.41 billion by 2030, registering a CAGR of 16.6%.
Experts suggest that OEMs need to ensure the vehicle electronic architecture is strong and due measures are taken throughout the life cycle of the vehicle, starting from the concept to the end-of-life. They must ensure end-to-end cyber-risk management.
The challenge for industry is to manage the software cost while they invest in connectivity features. There is a need for collaboration in the automotive industry, government and private players. EV charging is one of the most vulnerable to cybersecurity practices, Sundaresan said.
While cost effectiveness could be a challenge, many software solution providers are working on localising and even providing lower cost, elite versions of their global solutions.
As the market size increases, cybersecurity will indeed become a non-negotiable necessity in the years to come. It will also create opportunities for all players to partner and generate additional business with new offerings.
