The Keys to Securing Automotive Fleets: KPMG Report

YOAV LEVY

CEO and Co-founder

January 28, 2018

[By Yoav Levy, Co-Founder and CEO]

Between SpaceX, Tesla, the Boring Company and many other initiatives, Elon Musk is, to say the least, busy.  Despite working up to 100 hours a week, he still has time to worry about a fleet-wide hack on Tesla.  And rightly so.

All large vehicle manufacturers and many Tier 1 suppliers are making big investments in connected and autonomous vehicle technology and, like Musk, they understand the need to build-out new security infrastructures for their fleets to ensure they are safe from cyber-attacks.

Protect the fleet and not just the car

KPMG recently released their report, ‘Protecting the fleet – and the car business’. It highlights the need for car manufacturers (OEMs) and businesses which manage vehicle fleets to adopt a completely fresh security framework.

Today, the average car contains more than 150 million lines of code written by dozens of different vendors, multiple computers and vast quantities of wireless connections to internal and external communication channels. This, together with the data-hungry nature of cars and their users (according to the report during 2017, North American users  consumed an average of 6.9 gigabytes each month) and the impending 5G roll out, is expected to create an explosion of in-car technology innovation and confirms we are firmly in the age of ‘the Internet of Cars’ (IoC).

Although this technology revolution has extraordinary benefits for car users and indeed businesses with fleets of cars, there is also a major sticking point – the issue of electric vehicle cyber security. The report notes that ‘many manufacturers have made huge strides in addressing cyber security issues within their vehicles, taking various approaches to the challenge even as the threat landscape continues to evolve, and solutions continue to emerge and mature’.

The next disruptive threat: fleet-wide cyber-attacks

Crucially, these developments do not address the far more frightening possibility of a fleet-wide cyberattack or hack, and that has Elon Musk worried. This, according to KPMG, represents the next disruptive threat to the automotive industry. The threat comes in many shapes and sizes, including vehicle consumer data breaches, DoS attacks, malicious exploit attempts, intellectual property theft and the safety of drivers and passengers. A fleet wide cyber-attack has the potential to cause cataclysmic damage.

Today, a car can be forced to swerve across lanes and travel over 120 miles per hour while the driver is totally powerless to stop it from happening. That’s a frightening image on its own, let alone the scenario where a fleet of hundreds of vehicles in different locations can be simultaneously controlled. We’ve seen the use of vehicles in terrorist attacks rise significantly in recent years, but we are yet to witness a remotely controlled vehicle army. To prevent this from becoming a reality, it is essential that fleet-wide security is taken seriously, and automotive network protection is prioritized.

According to KMPG (and I agree), ‘cyber security can no longer be seen as a corporate challenge. It is a much broader and more complex engineering, production and operational task – and it requires a new approach’. With 65 million connected cars on the road today without security, multidimensional systems that cover the individual vehicle, the connected fleet, the automotive business and the supply chain will be essential – particularly as this figure is expected to rise to 250 million by 2020.

“Analyzing the entire fleet-level data offers full visibility into the fleet’s security posture. By understanding the complete picture, normal car and driver behavior can be monitored effectively and attacks can be prevented before they reach the network and cause harm.”

Yoav Levy, Co founder and CEO, Upstream

Monitor, analyze and protect: from within the data center

So, what can you do to protect your fleet? That’s where we come in. Our centralized cloud platform sits in the data center and permits the entire fleet to be monitored and protected with a combination of big data analytics and advanced cyber and fraud security technology.

Upstream’s Fleet Cybersecurity Platform enables access to automatic protection through the use of health dashboards (offering alerts on cyber threats, policy violations and additional infrastructure indicators) for the fleet. Additionally, analytics captured from all levels of the fleet architecture – car, driver, mobile app and server – help fleet operators investigate an incident and determine the cause so that similar situations can be prevented in the future. This centralized, automated and insightful approach is the key to securing fleets of connected cars in the future.

Analyzing the entire fleet-level data offers full visibility into the fleet’s security posture. By understanding the complete picture, normal car and driver behavior can be monitored effectively and attacks can be prevented before they reach the network and cause harm.

UPSTREAM’S DASHBOARD – AUTOMOTIVE FLEET SECURITY HEALTH AT A GLANCE

And by making use of a secure boundary in the demarcation point between the operational network and the IT network, users can ensure protection of the communication data between the vehicles and command and control servers. Upstream leverages deep protocol understanding of the communications between data centers and fleets to detect, interpret and alert in real-time of any threats to the fleet.

As the world we live in rapidly changes, it’s clear that automotive cybersecurity must keep up with the pace of technology, sociological and environmental development. The risk of a fleet cyber security attack is grossly underestimated and there are very few solutions that sit above proprietary protocol. Businesses must start to take this risk seriously and protect their fleet efficiently so that they can be prepared for the next generation of automotive security breaches – which are just around the corner.

You can read the full KPMG report

Newsletter Icon

The 2025 Global Automotive & Smart Mobility Cybersecurity Report

Newsletter Icon

Subscribe
to our newsletter

Stay up-to-date on the latest trends, emerging risks, and updates

Proactive Quality, Powered by AI: A New Era for Automotive Manufacturing

As global markets tighten and margins shrink, the automotive industry finds itself at a crossroads: how do we balance innovation with efficiency? Nowhere is this…

Read more

Beyond CVEs: Why Automotive Cyber Threat Intelligence Must Cast a Wider Net

The recent volatility of CVE funding is a wake-up call for the automotive industry to rethink its risk and threat intelligence strategy. In the world…

Read more

Agentic AI in Action – How Service-as-a-Software Is Reinventing Automotive Cybersecurity Operations

In my previous post, I explored the paradigm shift brought on by service-as-a-software and agentic AI – and what it means for the future of…

Read more

From Services to Software – What the Agentic AI Economy Means for Automotive Cybersecurity

We are at the dawn of a new era in software and service delivery – one where the traditional boundaries between human expertise and digital…

Read more
Skip to content