Protecting Vehicles Requires a Fresh Outlook on Product Cybersecurity

Cybersecurity is an ever-transforming realm. As vehicles become significantly more connected, the threat landscape increases exponentially. In the race between threat actors and security teams, the key is to remain ahead of your adversaries.

Product cybersecurity vs IT security

“Product Cybersecurity” focuses on protecting an organization’s products, as opposed to its IT infrastructure.

Traditionally, solutions for post-production cyber protection of organizations’ products were either uncommon or combined with their organizational security solutions. The world of IoT and connected Operational Technology (OT) has brought about a complicated reality where common IT cybersecurity approaches are not sufficient for protecting connected products in the field.

This understanding led to a paradigm shift that product cybersecurity needs to be a crucial part of security coverage plans. Simply put, without dedicated cybersecurity efforts throughout the entire product lifecycle, organizations that own and operate connected OT and IoT products are not holistically secure, and organizations that produce them face major brand and financial risk.

Product cybersecurity is imperative in connected vehicles

Product cybersecurity is critical in the OT and IoT world. In the Automotive Industry, it can be a matter of life and death.

Black-hat cyber attacks on connected vehicles are continuously on the rise. As described in detail in our 2022 Global Automotive Cyber Security Report, publicly reported Black-hat incidents accounted for more than 56% of all incidents in 2021. In comparison, in 2016 they accounted for only 22%. As proven time and again by security researchers, the required skills and corresponding vulnerabilities to enable widespread cyber crime are plentiful. The combination of the two does not signify good news for Automotive Stakeholders.

How long will it take until the dam collapses, flooding us with automotive cyber attacks on levels ranging from script-kiddies to APTs?

Cybersecurity trends may take some time to form. However, once democratized, cyber crime puts any stakeholders who failed to prepare in serious trouble. There are many clues pointing to connected automotive cyber crime being the upcoming trend. Among them the 344% increase in documented automotive cyber incidents from 2017 to 2021 and the +253% increase in incidents found in the deep and dark web in 2021 compared to 2020.

In the automotive ecosystem, taking a product cyber security approach means protecting connected vehicles. There are several different points that further emphasize the importance of doing so:

• Safety and Security – Employing product cybersecurity best practices can be a tedious task. It slows down and complicates every stage of the product life cycle. However, when it comes down to connected vehicles, it is important to understand that compromising security is in fact compromising safety and that both aspects must be taken into account. This refers to the entire production as well as post-production lifecycle – producing secure cars and then assuring that they stay that way.
• Regulation – International regulations, such as WP. 29 R155, require automotive stakeholders to monitor and protect their products – be it vehicles, or the components that go into them.
• A complex supply chain with no few unified standards- Thousands of components manufactured by dozens of suppliers are required to assemble a single vehicle. Taking into account the varied architectures, proprietary protocols, and technologies used, a car is truly the perfect storm for a threat actor to compromise.

Cyber attacks on automotive products are imminent. In fact, they’re already here. The best way to prepare for tomorrow’s attacks is to look at what is happening in the wild today. Unfortunately, gaining that visibility into today’s threats is a major challenge for Automotive stakeholders.

IT practices are not enough for automotive product cyber security

The cybersecurity community originates in IT security. The methodologies, products, and procedures have been designed and shaped during the last three decades. Consequently, there’s a natural, yet dangerous tendency to try to tackle automotive product cybersecurity with IT approaches and tools. Although sometimes relevant, the significant differences between these vastly different security realms make this attitude a risky one. To list off a few critical differences: the important role of embedded technology in vehicle security, the massive amounts and types of data generated by connected vehicles, and the critical physical risk factor, create a reality that demands a unique protection gameplan. Ignoring needs and requirements specific to automotive products is a dangerous path to take.

As published by McAfee, protecting actual vehicles requires the coordinated design of multiple designated product security technologies, including behavioral monitoring, anomaly detection, supply chain risk management, and shared threat intelligence.

IT & product cybersecurity – A multi-layer approach

As often with security, it is not one or the other. Having even the best product security will not protect an organization’s IT infrastructure while focusing on the latter will leave the most strategic asset of the business, the product, unprotected. A strategic mix of IT and product cybersecurity is the most potent solution to holistically protect your organization from the endless threats lurking in the shadows.

How Upstream’s product suite boosts the automotive industry’s product cybersecurity

The Upstream Platform® and VSOC

Upstream introduced a fundamental and innovative shift in the approach to connected vehicle security with the first cloud-based data management platform, purpose-built for the automotive industry. The platform delivers unparalleled automotive cybersecurity detection that enables OEMs to effectively respond to and mitigate a wide range of cybersecurity threats and attacks.

Upstream’s cloud-based platform ingests connected vehicle data, normalizes and cleanses it, builds vehicle digital twins, and leverages AI-powered detection to identify relevant anomalies. These capabilities provide industry-leading cyber threat protection and actionable insights, seamlessly integrated into the customer’s environment and vehicle security operations center (VSOC).

Public, deep, and dark web monitoring and threat hunting

Upstream’s tailor-made threat intelligence service, AutoThreat® PRO monitors sentiments to detect early signs of intended exploits and tracks incidents found throughout the deep and dark web, including private forums, marketplaces, and social network channels. As the only automotive-focused solution in the market, it offers component-level mapping and cyber risk management. Additionally, the AutoThreat® cyber incident repository is constantly updated and consists of detailed automotive-related, publically reported vulnerabilities and incidents.