90 Days with Upstream: From “Project Beacon” to “Data-driven Cybersecurity”



March 10, 2022

Having just completed my first 90 days in the cybersecurity domain, I feel it’s important to share a few reflections on market opportunities and risks with my industry colleagues and friends, especially those who – like me – have spent years in the tech, connectivity and automotive sector, but not necessarily with a specialist cybersecurity background.

As some of us remember, the first connected car programme was launched in 1996 by the CEO of General Motors. “Project Beacon”, shortly after renamed OnStar, was a global success, with over 20 million connected GM vehicles to-date around the world.

Other OEMs joined in, with BMW now counting over 14 million connected passenger vehicles, followed by Daimler and Mercedes-Benz, Stellantis, Volkswagen Group, Toyota, Hyundai-Kia, the Renault-Nissan-Mitsubishi alliance and Ford.

The same is true for Commercial Vehicles, with the likes of Volvo having passed 1 million connected trucks and buses and Daimler, PACCAR-DAF showing significant volumes.

Of similar interest is the expected contribution in terms of new connected vehicles sales by innovative OEMs such as Tesla, Einride, Volta, BYD, VinFast, Lucid and Tevva, among others.

25 years on, there are 240 million connected vehicles on the road worldwide, estimated to grow to 400 million by 2025 (source: Statista). A staggering amount.

The OEM business model is undergoing a radical transformation, focusing now on technology innovation and volumes of services to offset a global net slow-down in volumes of vehicles sold. In the board room, job titles including the words “Software” and “Connected Services” are now common practices.

Looking at the market cap ranking of OEMs, it seems EV manufacturers such as Tesla and BYD, 1st and 4th by market value with less than 1 million vehicles sold each, are definitely gaining from this transformation.

Connected car services have proliferated thanks to both:

  • An advanced IOT managed connectivity infrastructure – further enhanced by 5G cellular technology – from leading providers such as Vodafone, ATT, T-Mobile, Verizon, Orange, Telenor, Telefonica and China Telecom.
  • The increasing presence of software in the car.

So-called software-defined vehicles today are providing access to convenient mobility services and a more comfortable and safe ownership and driving experience. In the near future, software-based services in the vehicle and in the cloud will enable gradually higher levels of automation, culminating in fully Autonomous Vehicles.


Connectivity + software = more safety + convenience.


Well, not quite.

By definition, the combination of connectivity and software implies an exposure to potential cyber threats, further exacerbated by recent geo-political events. This is not a guarded secret, and most OEMs include this topic in their investor meetings nowadays.

As a newcomer to the cybersecurity community, I am now starting to see things under a different light, in terms of the trade-off between opportunity and risk. I now see the need to find a balance between providing access to more services and convenience, and being able to do it safely from a cyber risk perspective.

A good example is the vehicle braking system. Brakes are a safety system, they help decelerate and prevent collisions. More intelligent connected and software-driven braking systems can assist the driver to avoid side effects of sudden breaking in difficult road and weather conditions. However, we can all imagine the consequences if those intelligent braking systems were remotely hacked and disabled. Or if engines were switched off, or doors locked, against the driver’s or passenger’s will. If a backend server was subject to a malicious attack, an entire fleet would become exposed too. EV battery recharging is also a domain where software malfunctioning could lead to potential physical risks.

This is why OEMs, Tier-1s and Insurance companies are investing so much in cybersecurity solutions and cyber threat intelligence services. This is also why the UN and other agencies are focusing so much on cybersecurity regulations (e.g. UN R155 and ISO/SAE 21434) and their rapid enforcement in the next three years.

OEMs know that cybersecurity monitoring, detection and protection both at fleet level and backend services level (telematics servers, APIs, FOTA update services) is required to protect ambitious revenue growth forecasts associated with connected car services. This is also pushing the emergence of Chief Information Security Officers, executives with cybersecurity experience, overlooking the deployment of advanced VSOC security.


Connectivity + software + cybersecurity = more safety + convenience.

That must be right ?

Mmmm… not yet.

In-vehicle protection software agents and hardware devices take many months to test, certify, install and ship before a new car hits the road. The hacking community, whatever the underlying motivation, tries to be always one step ahead.

There is a more efficient way to protect the entire connected car services ecosystems, to gain a fleet-wide and ecosystem-wide view of cyber exposure with minimum time-to-safety, to monitor both moving endpoints (the vehicles) and backend servers (telematics, FOTA, APIs, consumer services) communicating directly with  hundreds of thousands and even millions of vehicles. The only way to prevent widespread cyber-attacks is to adopt a holistic approach covering all elements of the connected vehicle ecosystem at once, to understand chains of events leading to attacks, and to detect and act upon anomalies in the data, before they are even classified as known threats.

We might therefore conclude:

Connectivity + software + data-driven cybersecurity = more safety + convenience.

Yes, that sounds about right.

Newsletter Icon

Upstream’s 2024 Global Automotive Cybersecurity Report

Newsletter Icon

to our newsletter

Stay up-to-date on the latest trends, emerging risks, and updates

Mike Lexa Joins Upstream Security Advisory Board to Accelerate Cybersecurity Resilience in the Automotive & Mobility IoT Sector

The mobility ecosystem is experiencing a profound digital transformation. The increasing reliance on mobility services and Internet of Things (IoT) devices is not just reshaping…

Read more

7 Key Financial Implications of Automotive Cybersecurity Risks

In June 2023, a leading Taiwan-based semiconductor manufacturer disclosed a cybersecurity incident involving a ransomware group and one of its IT hardware suppliers, which led…

Read more

Newly Discovered IoT Vulnerabilities in ELDs Raise Risk for Fleet-Wide Attacks

In late March 2024, The Register published a unique coverage, describing multiple new vulnerabilities and elaborating on the cyber risks in ELDs (electronic logging devices)…

Read more

Navigating the Evolving Automotive Cybersecurity Regulatory Landscape

The automotive industry’s digital transformation has ushered in an era of unprecedented connectivity and technological advancement. Yet, it is also exposing mobility assets to a…

Read more