Cybersecurity for Connected Vehicles: From Cost Centre to Value Centre (Part 2)

RIC VICARI

VP EMEA

May 16, 2022

This blog is part of a series on the monetization of connected vehicles through cloud-based agentless cybersecurity tools, written by Ric Vicari, Upstream’s UK-based VP EMEA.

Part 2: Strategic Considerations to Achieve Data-Driven Cybersecurity

OEMs who are already along their journey to shift from ‘Car Co.’ to ‘Tech Co.’ have many things to consider. The most important of these is how they collect and analyse connected vehicles and other data for cybersecurity purposes (see more about this in part 1 of this 2-part blog).

The ability to have a view of the entire connected fleet and to detect anomalies in the data, even before being classified as a cyber attack, helps Auto manufacturers meet the standards and regulations in the regions they operate in. Cybersecurity platforms can also act as a holistic single source of truth for all teams who rely on this data for further monetisation – teams include product and engineering teams who are looking to build safety by design, data teams trying to increase data quality and reduce associated costs, or aftermarket teams involved with detecting warranty fraud, and more.

Decision-makers at all levels tasked with choosing a company-wide connected vehicle cybersecurity solution will have to take into account several dimensions. Two elements that are critical to consider are scalability and the ability to cover both cars currently on the road and vehicles coming off the assembly line.

Cybersecurity: Buy, make, or status quo

OEM’s are faced with three options when it comes to achieving desired levels of cybersecurity: The first is to buy an Upstream-like, purpose-built anomaly-detection solution. The next is to develop an in-house solution based on repurposing SIEMs that currently power Enterprise IT SOCs. The final choice is to do nothing beyond the traditional in-vehicle intrusion detection systems that have been deployed in the past few years.

Each comes with its own benefits, costs, and risks as illustrated in the table below.

New regulations and standards have effectively removed the “do-nothing” option but have fallen short of giving detailed guidelines on what will be needed to obtain an R155 compliance certification. To address this concern, Upstream focused their 2022 Global Automotive Cybersecurity Report to sort through the confusion.

OEMs that are considering (or have even begun) developing an in-house SIEM-based solution may be tempted to extend the use of IT cybersecurity infrastructure to OT assets.

 

This approach has the effect of exacerbating the issues created by scarcity in cybersecurity talent. Moreover, initial pilot programs are demonstrating the sharp differences between IT and OT challenges, and even between OT and Connected Vehicle requirements, when it comes to monitoring, detecting, and responding to cyber threats and attacks on vehicles.

There’s no harm in stating the obvious: vehicles are heavy moving objects that – unlike laptops – can cause physical damage and harm to people and the surrounding environment, should something go wrong.

SIEM-based solutions have so far not satisfied the industry’s technical nor commercial scalability requirements. They may be suitable for small POCs at limited volumes, but cannot pass the test of mass-market deployments.

 

Conclusion: A future-looking automotive cybersecurity strategy

The role of the cybersecurity community is not just to protect individual assets from potential cybersecurity attacks, but rather to protect new strategic revenue streams that will help the transformation of OEMs from “Car Co’s” to “Tech Co’s”.

When justifying an investment in a new solution, it is necessary to make ROI assumptions and consider how to turn cybersecurity from an expense to a standalone asset. Systems set up today must remain agile after deployment to allow for fine-tuning in real-time, perfecting their results as new features are added to connected vehicles.

Both the Upstream team of cybersecurity experts (including field threat intelligence analysts and the data team) and the Upstream Platform can assist during the OEM’s journey from the assumption-setting phase to the accurate measurement of return on investment across various business case parameters.

It will become evident, like for most of our existing satisfied customers and partners, that ROI will come not only from regulatory compliance and effective cybersecurity protection but also from the many non-cyber use cases enabled by the adoption of the Upstream solution.

Bottom line, a partnership with a vendor like Upstream is a key enabler to transform the cybersecurity function from a cost center to a value center. And in doing so, it supports OEM executives along the strategic transformation journey from “Car Co.” to “Tech Co.”

To dive deeper into what your data is capable of, book a demo or explore the latest white paper, Cybersecurity for Connected Vehicles: From Cost Centre to Value Centre.

Newsletter Icon

The 2024 Global Automotive Cybersecurity Report

Newsletter Icon

Subscribe
to our newsletter

Stay up-to-date on the latest trends, emerging risks, and updates

From Cost Center to Value Center: Monetizing Connected Vehicle & Mobility Data in the AI Era (Part 3)

In Part 1 and Part 2 of this series, we discussed the transformative journey of the automotive industry as OEMs evolve from traditional car manufacturers…

Read more

EV CPO Under Siege: A New Attack Exposed the Cybersecurity and Privacy Risks of EV Charging Networks

As the EV revolution accelerates, the spotlight often falls on sustainability, innovation, and range anxiety. However, an underexplored yet critical concern is the cybersecurity of…

Read more

Connecting the Dots: Integrating Auto-ISAC’s ATM with Deep & Dark Web Intelligence for Proactive Automotive Cybersecurity

In March 2024, Auto-ISAC released a significant resource for the automotive industry’s cybersecurity: the Automotive Threat Matrix (ATM). This is an important milestone for Auto-ISAC…

Read more

Breaking the (Supply) Chain: The Macroeconomic Stakes of Cybersecurity in Fleet Telematics

In an era where smart mobility and connected technologies are revolutionizing the automotive industry, reliance on telematics and IoT devices to manage fleet operations has…

Read more
Skip to content