Cybersecurity for Connected Vehicles: From Cost Centre to Value Centre (Part 2)



This blog is part of a series on the monetization of connected vehicles through cloud-based agentless cybersecurity tools, written by Ric Vicari, Upstream’s UK-based VP EMEA.

Part 2: Strategic Considerations to Achieve Data-Driven Cybersecurity

OEMs who are already along their journey to shift from ‘Car Co.’ to ‘Tech Co.’ have many things to consider. The most important of these is how they collect and analyse connected vehicles and other data for cybersecurity purposes (see more about this in part 1 of this 2-part blog).

The ability to have a view of the entire connected fleet and to detect anomalies in the data, even before being classified as a cyber attack, helps Auto manufacturers meet the standards and regulations in the regions they operate in. Cybersecurity platforms can also act as a holistic single source of truth for all teams who rely on this data for further monetisation – teams include product and engineering teams who are looking to build safety by design, data teams trying to increase data quality and reduce associated costs, or aftermarket teams involved with detecting warranty fraud, and more.

Decision-makers at all levels tasked with choosing a company-wide connected vehicle cybersecurity solution will have to take into account several dimensions. Two elements that are critical to consider are scalability and the ability to cover both cars currently on the road and vehicles coming off the assembly line.

Cybersecurity: Buy, make, or status quo

OEM’s are faced with three options when it comes to achieving desired levels of cybersecurity: The first is to buy an Upstream-like, purpose-built anomaly-detection solution. The next is to develop an in-house solution based on repurposing SIEMs that currently power Enterprise IT SOCs. The final choice is to do nothing beyond the traditional in-vehicle intrusion detection systems that have been deployed in the past few years.

Each comes with its own benefits, costs, and risks as illustrated in the table below.

New regulations and standards have effectively removed the “do-nothing” option but have fallen short of giving detailed guidelines on what will be needed to obtain an R155 compliance certification. To address this concern, Upstream focused their 2022 Global Automotive Cybersecurity Report to sort through the confusion.

OEMs that are considering (or have even begun) developing an in-house SIEM-based solution may be tempted to extend the use of IT cybersecurity infrastructure to OT assets.


This approach has the effect of exacerbating the issues created by scarcity in cybersecurity talent. Moreover, initial pilot programs are demonstrating the sharp differences between IT and OT challenges, and even between OT and Connected Vehicle requirements, when it comes to monitoring, detecting, and responding to cyber threats and attacks on vehicles.

There’s no harm in stating the obvious: vehicles are heavy moving objects that – unlike laptops – can cause physical damage and harm to people and the surrounding environment, should something go wrong.

SIEM-based solutions have so far not satisfied the industry’s technical nor commercial scalability requirements. They may be suitable for small POCs at limited volumes, but cannot pass the test of mass-market deployments.


Conclusion: A future-looking automotive cybersecurity strategy

The role of the cybersecurity community is not just to protect individual assets from potential cybersecurity attacks, but rather to protect new strategic revenue streams that will help the transformation of OEMs from “Car Co’s” to “Tech Co’s”.

When justifying an investment in a new solution, it is necessary to make ROI assumptions and consider how to turn cybersecurity from an expense to a standalone asset. Systems set up today must remain agile after deployment to allow for fine-tuning in real-time, perfecting their results as new features are added to connected vehicles.

Both the Upstream team of cybersecurity experts (including field threat intelligence analysts and the data team) and the Upstream Platform can assist during the OEM’s journey from the assumption-setting phase to the accurate measurement of return on investment across various business case parameters.

It will become evident, like for most of our existing satisfied customers and partners, that ROI will come not only from regulatory compliance and effective cybersecurity protection but also from the many non-cyber use cases enabled by the adoption of the Upstream solution.

Bottom line, a partnership with a vendor like Upstream is a key enabler to transform the cybersecurity function from a cost center to a value center. And in doing so, it supports OEM executives along the strategic transformation journey from “Car Co.” to “Tech Co.”

To dive deeper into what your data is capable of, book a demo or explore the latest white paper, Cybersecurity for Connected Vehicles: From Cost Centre to Value Centre.

Newsletter Icon

Upstream’s 2023 Global Automotive Cybersecurity Report

Newsletter Icon

to our newsletter

Sign up to receive updates delivered to your inbox

Fleets Shift Focus to Secure Against Operational Disruptions Following Cyber Attack

Fleet management solutions are indispensable in fleet operations, offering essential insights into vehicle inventory and status, helping to monitor driver behavior and safety, and more.…

Read more

Cleared for takeoff? Upstream’s vSOC is the traffic control center for vehicles

Air traffic control centers play a critical role in ensuring the safety and efficiency of air traffic. The control centers help prevent aircraft collisions, maintain…

Read more

Discovery: An Essential First Step in Securing APIs

API security is a crucial facet of cybersecurity in this era of rapid digitalization. While APIs serve as potent tools operating across every aspect of…

Read more

Securing the Road Ahead: The Automotive Perspective of the New SEC Cybersecurity Rules

Cybersecurity has been recently positioned as a top priority by the SEC, requiring corporate America to disclose information on material cyber attacks. In addition to…

Read more