This blog is part of a series on the monetization of connected vehicles through cloud-based agentless cybersecurity tools, written by Ric Vicari, Upstream’s UK-based VP EMEA.
Part 1: From Car Cos to Tech Cos
Similar to major players in telecoms, insurance, medical, etc., automotive OEM executives are looking at the stock valuation of Alphabet, Apple and Microsoft, and studying ways to achieve similar results through the transformation from a “Car Co.” into a “Tech Co”.
This is apparent to any shareholder who has heard about a company’s new revenue opportunities being offered via emerging software-based and data-driven services. As predicted by McKinsey and other analysts, the industry will see a 70/30 revenue split between vehicle sales and new services by 2030.
With revenue for the industry in the hundreds of billions of dollars, this potential to add a technology-based revenue of 30% without needing to produce more physical goods is a worthwhile endeavour.
However, the introduction of software-defined vehicles comes with its own complexity due to the 100 million lines of code present in each modern high-end vehicle. This much code earns such vehicles the prize of being some of the most complex software systems around, second only to Google when considering their full suite of services.
Automotive cybersecurity is the prerequisite for modern connected vehicles
The combination of software and internet connectivity represents a vulnerability to potential cyber attacks. Therefore, the safe launch and running of connected and software-defined vehicle services depend heavily on the deployment of a data-driven cybersecurity program.
It is not an exaggeration to state that the role of the cybersecurity community today is not just to protect individual assets from potential cybersecurity attacks, but rather to protect those new strategic revenue streams that will help the transformation of OEMs from “Car Co’s” to “Tech Co’s”.
Positive ROI from vehicle cybersecurity investments
Understanding the capabilities of the data collected by cybersecurity teams pivots the traditional view of cybersecurity from an expense to an investment.
A recent paper from Porsche Consulting even states that cybersecurity is not a box to check for upcoming regulations but a matter of competitive advantage. Yet, it has taken a new set of regulations to create a sense of urgency around this topic, with some OEMs making significant upfront investments, whilst other OEMs have chosen to implement a phased approach in the next three years.
In light of increasing volumes of cyber attacks, as regularly reported by Upstream’s threat intelligence analysts, it’s hard to understand why OEMs would choose to delay the implementation of state of the art cybersecurity monitor-detect-respond solutions and vehicle security operation centres (or VSOCs). Hackers in the field do not differentiate between OEMs who are moving quickly and those who take their time. Our deep and dark web automotive analysts have seen hackers colluding to discover weaknesses and vulnerabilities anywhere they can.
What OEMs must consider is not whether or not they should have an immediate comprehensive cybersecurity operation in place but rather how to do it and what is the path of least resistance in achieving their cybersecurity and data management goals.
In-house SIEM vs. automotive cloud cybersecurity solution
Whether to build or buy is a pivotal decision that all OEMs must make when looking to comply with standards and regulations, as well as begin utilising vehicle data.
While an in-house SIEM-based solution may be a top choice for experienced IT specialists, it falls short of meeting the unique in-field demands of modern connected vehicles.
To address this challenge, leading OEMs have looked to Upstream’s cloud-based cybersecurity and data management platform to obtain regulatory compliance, rapid time-to-market, accurate data collection and anomaly detection, and utilise their domain expertise to achieve the required scalability.
H1'2022 Automotive Cyber Trend Report
Securing Smart Mobility Requires a Fresh Approach to API Security
Connected vehicles and smart mobility services use numerous APIs. Everything from OEM-driven companion apps, infotainment systems, OTA servers, telematics servers, and EV charging management or…Read more
EV Charging Stations Cyber Vulnerabilities Could Be EVs Achilles Heel
Electric vehicles (EVs) are a critical pillar of the global automotive revolution we’re experiencing today. Over the next five years, the US government will invest…Read more
Upstream’s 1000th Automotive Cybersecurity Incident: Use NFC Card to Gain Control in 130 Seconds
As a part of Upstream’s ongoing effort to monitor, analyze the cyber threat landscape and assess the impact of automotive-related cybersecurity incidents and vulnerabilities, we…Read more
Charging Station’s Cybersecurity Risks Endanger EV Adoption
Automakers and consumers are experiencing a breakthrough in electronic vehicle (EV) adoptability. Wide-spread easily accessible charging station networks are quelling range anxiety and replacing it…Read more