Preparing the Automotive Industry to Face Threats Head On

For four consecutive years, Upstream’s analysts have compiled a Global Automotive Cybersecurity Report to inform all stakeholders of threats in the rapidly digitizing automotive industry. Tracking the latest developments allowed them to connect the dots between a rapidly evolving threat landscape, regulatory compliance, and cybersecurity solutions.

The findings this year were unlike any other we’ve seen before. They include highly sophisticated attacks being implemented by hackers who had access to relatively inexpensive hardware. This hardware, combined with knowledge obtained online, saw record thefts and cyber attacks that are catching the attention of anyone who’s involved in the automotive field.

From the 900+ automotive cyber incidents that were analyzed for this report, it’s clear that OEMs, Tier-1, and Tier-2 suppliers have much to face as they move their cars towards greater autonomy and V2X infrastructure.

 

A year without precedent for cyberattacks

2021 was a watershed year in the automotive industry.

The number of connected vehicles has been rising exponentially since 2018, with a whopping 775 million connected vehicles expected to be on the roads by 2023. Not surprisingly, the increased prevalence of connected vehicle components, mobility applications, and the expansion of connected fleets has led to a dramatic rise in the number of automotive-related cyber attacks. To give an idea of the scope of the attack terrain, there were only 30 automotive-related CVEs in 2020, but in 2021 the number of automotive-related CVEs skyrocketed to 133.

The autonomous vehicle trend that hastened the vehicles being connected to any number of devices and servers for various purposes is proving to be something of a double-edged sword. It’s increasingly difficult, if not impossible, to avoid expanding the attack terrain while proliferating and implementing new technologies.

For instance:

• In 2021, over 80% of automotive cyber incidents were carried out remotely.
• Key fobs, designed to offer security and superior personalization to passengers, have become one of the most popular targets for cybercriminals, who can swiftly reprogram new ones, allowing them to steal a car in 30 seconds.
• Insightful data communication mediums are being manipulated to crack open vast tracts of data from individual users or entire companies.
• Remote attacks increased in their sophistication, as well as in their ability to overcome state-of-the-art defenses without making a single modification to hardware.

The result of these attacks are seismic losses in revenues, with the automotive industry predicted to lose over 500 billion dollars in revenues to cybercrime by 2024.

In light of these striking developments, 2021’s automotive stakeholders arrived at the central question upon which the fate of the entire industry hangs: What can we do to safeguard passengers and the industry’s interests as we increase our offerings through experience-enhancing devices and services?

Global cybersecurity standards: Compliance for building resilience

With connected vehicles producing 25GB of data every hour, the opportunities for digital tampering and theft have never been higher. The urgent and global need for automotive cybersecurity has posed a unique challenge for intergovernmental organizations and individual governments.

These regulations are discussed at length in the Global Cybersecurity Report, including the UNECE and ISO/SAE regulations that require OEMs to take greater responsibility for the cybersecurity practices of their suppliers.

The UNECE’s WP.29 R155 and R156 regulations broadly represent the shift in the cybersecurity paradigm for the automotive industry, demanding that traditional single-product, single-release security measures be replaced by comprehensive Cybersecurity Management Systems (CSMS) that cover the entire lifecycle of a vehicle, from development to post-production.

Solutions for 2022: Standing up to the complex threat terrain

Along with laying out today’s threat landscape, the 2022 Global Automotive Cybersecurity Report also dives into what companies can do to secure their assets, protect vehicle owners, and comply with various global regulations and standards.

Drawn from 900+ industry-related incidents, the cybersecurity report offers a comprehensive view of the challenges OEM, Tier-1, and Tier-2 manufacturers face in confronting the threats that are increasing daily in their sophistication and number. Our report demonstrates the growing difficulty of combating vulnerabilities as vehicles are hooked up to a virtually endless number of connectivity touchpoints.

Addressing the challenges of an ever-changing perimeter first demands that modern threats and their impacts are understood. Download a free copy of the Global Annual Cybersecurity Report to identify the latest trends including attack vectors, technologies, and community practices that stand to exploit vulnerabilities that exist throughout the automotive industry.