What do people care about when it comes to Cybersecurity?
According to Statista, 85% of new vehicles in the UK are now ‘connected’, enabling consumers to benefit from the convenience and accessibility of connected devices when on the road.
For automakers, connectivity comes hand-in-hand with a significant growth in the number of lines of software in the vehicle, ensuring the quality of its functions match user expectations, while guaranteeing maximum performance. This includes features like biometric recognition, real-time traffic information, and assisted parking.
However, this is just the beginning.
Vehicles of the near future will be able to offer a lot more – think autonomous driving, and live safety information to avoid accidents. While these advancements will help to revolutionise the driving experience, they will also bring a greater risk of sophisticated and potentially highly-damaging cyberattacks.
This is because cybercriminals are finding new ways of discovering and hacking into advanced vehicle systems.
While everyone is familiar with the term cybersecurity, it is often used as a catch-all phrase, when in actual fact it is far more nuanced. The truth is that cybersecurity means different things to different people, depending on who they are.
With cars, the cybersecurity concerns of drivers will be different to those of automakers, with individuals more likely to be concerned over personal data breaches than vehicle safety and performance.
By examining what is important to who when it comes to automotive cybersecurity, it is possible to get a clear idea of what concerns the industry needs to address:
For many car users, cybersecurity means privacy and the protection of confidential information. Due to an increase in the types of attacks that target such data, drivers have become more vigilant and demand the right kind of protection against such activity from their car manufacturers.
With connected devices becoming more ingrained in our lives, the exposure of data to third parties has become a common and well-publicised threat. The risk of these breaches remains real as the use of in-built apps, and the data they store, has increased inside connected vehicles.
Despite this growing threat, many drivers do not understand the wider potential risk of data breaches from connected cars that go well beyond privacy issues. However, they are likely to become more familiar with these advancements as the standard of technology used becomes more complex. And, with better education surrounding the subject, more drivers will expect manufacturers to overcome their security concerns.
While protecting privacy is one aspect of the role that cybersecurity plays in connected vehicles, it is not its sole duty. It plays a much larger role in the protection of vehicles and drivers, safeguarding the entire system rather than the sensitive data alone.
Given that the average consumer may not yet understand all aspects of cybersecurity, it is important that the two are not confused, so drivers can understand the level of protection they have.
For example, drivers may not yet be aware of the increasing dangers posed by hackers gaining control of autonomous cars. Very few considered the importance of remote key fob security until headlines started to emerge about breaches leading to car thefts. Now drivers are primarily concerned with this issue, as can be seen from this recent article by Forbes
As driverless cars become more popular across the world, knowledge of the safety risks that can occur will grow. As such, drivers will rightly demand more of their car manufacturers to keep them safe.
Automakers must take privacy and safety concerns seriously, given the vulnerability of connected cars and the strict cybersecurity compliance they are legally required to undertake.
Failure to comply will see automakers leave themselves open to legal action, reputational damage, and significant losses. For example, if a vulnerability allowing an attack is detected in one car, the entire model range could be open to the same kind of interference.
Not only could this lead to lawsuits and fines, but it could mean expensive recalls across entire fleets to remediate the problem. This demonstrates that the challenge for OEMs is far from simple and needs to be built into the heart of the vehicle as well as across the cloud and core backend systems.
The same can be said for following GDPR regulations to prevent large fines and damaging press.
German automakers, for example, are taking breaches of this kind very seriously. They are even working on ways for drivers of a shared car to make their individual locations private, which could actually compromise the equilibrium of security, privacy and user experience if not implemented effectively.
Yet, although people do not want to have to spend time logging into their cars, they equally want maximum privacy. As such, it is essential that manufacturers provide solutions to ensure consumer trust and protection, while remaining competitive.
Perhaps we will see the same trend as with phones where initially using passcodes and biometrics was a hassle and an extra step to being able to do what you want. Yet now, as phones store vast amounts of private data, banking information etc most people would not dream of using a phone without a lock/unlock code.
It is paramount that automakers provide the correct security to ensure their customers have trust in their purchases, given the high-risk factors. This is not only to assure compliance with GDPR requirements, but also to guarantee driver safety behind the wheel. To achieve this, they must tap into consumer concerns around management of data and security, without tainting their experience.
It is no easy feat to ensure this, given that connected cars of today are operated using tens of millions of lines of code, which inevitably leads to high exposure. Add on the pressure of the rapid changes to cybersecurity regulations, and the car industry has a lot to manage.
Rapid Solutions Are Needed
Fast solutions are needed to keep pace with advancing technology, while ensuring driver protection and the safeguard of manufacturers from lawsuits because of unsecured cars.
Not only does care need to be taken for those purchasing cars on an individual basis, but fleet operators will be faced with bigger challenges in the protection of the cars under their management too. An extra effort will be needed to ensure that entire supply chains are aware of the risks and technology available to prevent cyberattacks on fleets.
This has the potential to cause significant problems, such as financial and reputational damage, not to mention the risk of driver and pedestrian safety.
As we move from Advanced Driver-Assistance System [ADAS] Level 2 to 3, more needs to be done to iron out imperfections. This will be vital in allowing customers to feel confident in making such purchases. This cannot be guaranteed when there is a potential risk to life, meaning. systems need to go through rigorous testing.
And despite these upcoming changes, more needs to be done now to improve car cybersecurity as it stands. The smaller issues should be addressed before all focus is given to the advancing technology soon to be available.
For example, it is vital that, when a car is constantly streaming its location and other sensitive data to the cloud, both elements are protected.
How Trustonic Helps
Trustonic provides high-grade vehicle security that can not only help to protect sensitive information but can ensure driver safety too. This includes IVI, modems and gateways to protect confidential information.
These services help to prevent GDPR issues, leaving customers and manufacturers with greater assurances that their data is protected, creating confidence for both. Trustonic also offers secure storage of data and flexibility for how privacy related data is stored and processed within a vehicle, allowing car makers to balance privacy and a premium customer experience.
One of the main changes Trustonic has made is a move to a Trust Execution Environment (TEE) -based security system – a highly sophisticated security solution. Our Kinibi TEE operating system is one of the most reliable forms of protection.
Its security expands beyond the control of infotainment and telematics units to guard many aspects of a vehicle, including gateways, sensors, and ADAS. This system is particularly unique in that it has an environment that can be used to execute code while ignoring threats from elsewhere in the same device.
It meets the strict requirements laid out across the industry, and offers the manufacturer and customer a highly trustworthy mode of security.
Whatever cybersecurity means to you, it is a bigger threat today than ever. Therefore, drivers want to feel confident that their privacy and safety is fiercely protected. Equally, auto makers who continue to develop connected vehicles need to ensure they have impenetrable models to avoid costly mistakes.
Cybersecurity is the key to this, and Trustonic holds the solution.