Cybersecurity for Connected Vehicles: From Cost Centre to Value Centre (Part 2)

RIC VICARI

VP EMEA

May 16, 2022

This blog is part of a series on the monetization of connected vehicles through cloud-based agentless cybersecurity tools, written by Ric Vicari, Upstream’s UK-based VP EMEA.

Part 2: Strategic Considerations to Achieve Data-Driven Cybersecurity

OEMs who are already along their journey to shift from ‘Car Co.’ to ‘Tech Co.’ have many things to consider. The most important of these is how they collect and analyse connected vehicles and other data for cybersecurity purposes (see more about this in part 1 of this 2-part blog).

The ability to have a view of the entire connected fleet and to detect anomalies in the data, even before being classified as a cyber attack, helps Auto manufacturers meet the standards and regulations in the regions they operate in. Cybersecurity platforms can also act as a holistic single source of truth for all teams who rely on this data for further monetisation – teams include product and engineering teams who are looking to build safety by design, data teams trying to increase data quality and reduce associated costs, or aftermarket teams involved with detecting warranty fraud, and more.

Decision-makers at all levels tasked with choosing a company-wide connected vehicle cybersecurity solution will have to take into account several dimensions. Two elements that are critical to consider are scalability and the ability to cover both cars currently on the road and vehicles coming off the assembly line.

Cybersecurity: Buy, make, or status quo

OEM’s are faced with three options when it comes to achieving desired levels of cybersecurity: The first is to buy an Upstream-like, purpose-built anomaly-detection solution. The next is to develop an in-house solution based on repurposing SIEMs that currently power Enterprise IT SOCs. The final choice is to do nothing beyond the traditional in-vehicle intrusion detection systems that have been deployed in the past few years.

Each comes with its own benefits, costs, and risks as illustrated in the table below.

New regulations and standards have effectively removed the “do-nothing” option but have fallen short of giving detailed guidelines on what will be needed to obtain an R155 compliance certification. To address this concern, Upstream focused their 2022 Global Automotive Cybersecurity Report to sort through the confusion.

OEMs that are considering (or have even begun) developing an in-house SIEM-based solution may be tempted to extend the use of IT cybersecurity infrastructure to OT assets.

 

This approach has the effect of exacerbating the issues created by scarcity in cybersecurity talent. Moreover, initial pilot programs are demonstrating the sharp differences between IT and OT challenges, and even between OT and Connected Vehicle requirements, when it comes to monitoring, detecting, and responding to cyber threats and attacks on vehicles.

There’s no harm in stating the obvious: vehicles are heavy moving objects that – unlike laptops – can cause physical damage and harm to people and the surrounding environment, should something go wrong.

SIEM-based solutions have so far not satisfied the industry’s technical nor commercial scalability requirements. They may be suitable for small POCs at limited volumes, but cannot pass the test of mass-market deployments.

 

Conclusion: A future-looking automotive cybersecurity strategy

The role of the cybersecurity community is not just to protect individual assets from potential cybersecurity attacks, but rather to protect new strategic revenue streams that will help the transformation of OEMs from “Car Co’s” to “Tech Co’s”.

When justifying an investment in a new solution, it is necessary to make ROI assumptions and consider how to turn cybersecurity from an expense to a standalone asset. Systems set up today must remain agile after deployment to allow for fine-tuning in real-time, perfecting their results as new features are added to connected vehicles.

Both the Upstream team of cybersecurity experts (including field threat intelligence analysts and the data team) and the Upstream Platform can assist during the OEM’s journey from the assumption-setting phase to the accurate measurement of return on investment across various business case parameters.

It will become evident, like for most of our existing satisfied customers and partners, that ROI will come not only from regulatory compliance and effective cybersecurity protection but also from the many non-cyber use cases enabled by the adoption of the Upstream solution.

Bottom line, a partnership with a vendor like Upstream is a key enabler to transform the cybersecurity function from a cost center to a value center. And in doing so, it supports OEM executives along the strategic transformation journey from “Car Co.” to “Tech Co.”

To dive deeper into what your data is capable of, book a demo or explore the latest white paper, Cybersecurity for Connected Vehicles: From Cost Centre to Value Centre.

Newsletter Icon

The After-Sales Quality Report, Zooming in on the Power of AI

Newsletter Icon

Subscribe
to our newsletter

Stay up-to-date on the latest trends, emerging risks, and updates

The Silent Theft Epidemic: What the Key Fob Lawsuit Reveals About Automotive Cyber Risk

In the early hours of a quiet morning, an SUV by a global OEM vanished from its owner’s driveway. No broken glass. No alarm. No…

Read more

The Growing Relevance of Hardware Integrity in Connected Mobility

The automotive industry, and the broader world of critical infrastructure, has just received two clear warnings about the threat of hidden, undocumented hardware features.  These…

Read more

Unlocking the Full Potential of Precision Farming with AI

The agricultural industry is in the midst of a technological transformation. Traditional heavy machinery is evolving into intelligent, connected IoT systems, integrating real-time data, autonomous…

Read more

Proactive Quality, Powered by AI: A New Era for Automotive Manufacturing

As global markets tighten and margins shrink, the automotive industry finds itself at a crossroads: how do we balance innovation with efficiency? Nowhere is this…

Read more
Skip to content