Preparing the Automotive Industry to Face Threats Head On

RAFI SPIEWAK

Content Marketing Manager

For four consecutive years, Upstream’s analysts have compiled a Global Automotive Cybersecurity Report to inform all stakeholders of threats in the rapidly digitizing automotive industry. Tracking the latest developments allowed them to connect the dots between a rapidly evolving threat landscape, regulatory compliance, and cybersecurity solutions.

The findings this year were unlike any other we’ve seen before. They include highly sophisticated attacks being implemented by hackers who had access to relatively inexpensive hardware. This hardware, combined with knowledge obtained online, saw record thefts and cyber attacks that are catching the attention of anyone who’s involved in the automotive field.

From the 900+ automotive cyber incidents that were analyzed for this report, it’s clear that OEMs, Tier-1, and Tier-2 suppliers have much to face as they move their cars towards greater autonomy and V2X infrastructure.

 

A year without precedent for cyberattacks

2021 was a watershed year in the automotive industry.

The number of connected vehicles has been rising exponentially since 2018, with a whopping 775 million connected vehicles expected to be on the roads by 2023. Not surprisingly, the increased prevalence of connected vehicle components, mobility applications, and the expansion of connected fleets has led to a dramatic rise in the number of automotive-related cyber attacks. To give an idea of the scope of the attack terrain, there were only 30 automotive-related CVEs in 2020, but in 2021 the number of automotive-related CVEs skyrocketed to 133.

The autonomous vehicle trend that hastened the vehicles being connected to any number of devices and servers for various purposes is proving to be something of a double-edged sword. It’s increasingly difficult, if not impossible, to avoid expanding the attack terrain while proliferating and implementing new technologies.

For instance:

  • In 2021, over 80% of automotive cyber incidents were carried out remotely.
  • Key fobs, designed to offer security and superior personalization to passengers, have become one of the most popular targets for cybercriminals, who can swiftly reprogram new ones, allowing them to steal a car in 30 seconds.
  • Insightful data communication mediums are being manipulated to crack open vast tracts of data from individual users or entire companies.
  • Remote attacks increased in their sophistication, as well as in their ability to overcome state-of-the-art defenses without making a single modification to hardware.

The result of these attacks are seismic losses in revenues, with the automotive industry predicted to lose over 500 billion dollars in revenues to cybercrime by 2024.

In light of these striking developments, 2021’s automotive stakeholders arrived at the central question upon which the fate of the entire industry hangs: What can we do to safeguard passengers and the industry’s interests as we increase our offerings through experience-enhancing devices and services?

Global cybersecurity standards: Compliance for building resilience

With connected vehicles producing 25GB of data every hour, the opportunities for digital tampering and theft have never been higher. The urgent and global need for automotive cybersecurity has posed a unique challenge for intergovernmental organizations and individual governments.

These regulations are discussed at length in the Global Cybersecurity Report, including the UNECE and ISO/SAE regulations that require OEMs to take greater responsibility for the cybersecurity practices of their suppliers.

The UNECE’s WP.29 R155 and R156 regulations broadly represent the shift in the cybersecurity paradigm for the automotive industry, demanding that traditional single-product, single-release security measures be replaced by comprehensive Cybersecurity Management Systems (CSMS) that cover the entire lifecycle of a vehicle, from development to post-production.

Solutions for 2022: Standing up to the complex threat terrain

Along with laying out today’s threat landscape, the 2022 Global Automotive Cybersecurity Report also dives into what companies can do to secure their assets, protect vehicle owners, and comply with various global regulations and standards.

Drawn from 900+ industry-related incidents, the cybersecurity report offers a comprehensive view of the challenges OEM, Tier-1, and Tier-2 manufacturers face in confronting the threats that are increasing daily in their sophistication and number. Our report demonstrates the growing difficulty of combating vulnerabilities as vehicles are hooked up to a virtually endless number of connectivity touchpoints.

Addressing the challenges of an ever-changing perimeter first demands that modern threats and their impacts are understood. Download a free copy of the Global Annual Cybersecurity Report to identify the latest trends including attack vectors, technologies, and community practices that stand to exploit vulnerabilities that exist throughout the automotive industry.

Upstream's 2022 Global Automotive Cybersecurity Report

Download Report
Newsletter Icon

H1'2022 Automotive Cyber Trend Report

Newsletter Icon

Subscribe
to our newsletter

Sign up to receive updates delivered to your inbox

Securing Smart Mobility Requires a Fresh Approach to API Security

Connected vehicles and smart mobility services use numerous APIs. Everything from OEM-driven companion apps, infotainment systems, OTA servers, telematics servers, and EV charging management or…

Read more

EV Charging Stations Cyber Vulnerabilities Could Be EVs Achilles Heel

Electric vehicles (EVs) are a critical pillar of the global automotive revolution we’re experiencing today. Over the next five years, the US government will invest…

Read more

Upstream’s 1000th Automotive Cybersecurity Incident: Use NFC Card to Gain Control in 130 Seconds

As a part of Upstream’s ongoing effort to monitor, analyze the cyber threat landscape and assess the impact of automotive-related cybersecurity incidents and vulnerabilities, we…

Read more

Charging Station’s Cybersecurity Risks Endanger EV Adoption

Automakers and consumers are experiencing a breakthrough in electronic vehicle (EV) adoptability. Wide-spread easily accessible charging station networks are quelling range anxiety and replacing it…

Read more