Securing the Future of Autonomous Vehicles

YOAV LEVY

CEO and Co-founder

March 10, 2025

Connected Autonomous Vehicles (CAVs) represent one of the most transformative innovations in transportation, but with this transformation comes a new array of cybersecurity challenges. Recently, I had the pleasure of discussing this critical topic with Karin Shopen, VP of Product Management at Cisco Talos Intelligence Group, Cisco Security. Our conversation shed light on the threats facing the automotive and smart mobility ecosystem and the steps needed to secure its future.

This conversation with Karin Shopen is part of Upstream’s upcoming 2025 Global Automotive and Smart Mobility Report, which aims to provide actionable insights and highlight key challenges and solutions for the evolving cybersecurity landscape.

The Expanding Attack Surface of Autonomous Vehicles

As Karin mentioned during our chat, the digitization and connectivity of vehicles open up incredible opportunities but also significantly expand the attack surface. From compromised sensors and V2X communications to exploited APIs and over-the-air (OTA) updates, CAVs face a multitude of cyber risks. Karin pointed out that complexities such as the lack of industry-agreed standards, connectivity including network latency issues, and cybersecurity resource constraints across the ecosystem further exacerbate these challenges.

We also discussed how cybercriminals and state-sponsored actors approach these vulnerabilities differently. “Financially motivated attackers focus on tactics like keyless entry hacks, as well as fleet and lease level frauds,” Karin explained, “while nation-states prioritize more advanced strategies, such as supply chain compromises, for espionage or large-scale disruption.” I couldn’t agree more, especially given the increasing connectivity of vehicles and the monetization of vehicle data, which make the automotive sector an attractive target.

Key Recommendations for Securing Vehicles in the Autonomous Era

In our conversation, Karin and I explored practical solutions to mitigate these risks. Here are some of the key takeaways:

  • Follow Industry Standardization: Adhering to frameworks like ISO/SAE 21434 is essential for robust vehicle cybersecurity. These standards provide a baseline for security and build trust across the ecosystem.
  • Enhance Remote Keyless Entry Security: Karin highlighted the effectiveness of technologies like Frequency Hopping Spread Spectrum (FHSS) and rolling code systems. These measures dynamically change communication frequencies and prevent signal reuse, reducing the risk of relay attacks.
  • Implement ECU Isolation (Security by Design): Segmenting critical ECUs, such as those for braking, from non-critical ones like infotainment, is vital. This approach limits the impact of a potential breach and protects critical systems.
  • Secure Connectivity: Ensuring proper authentication for Bluetooth, Wi-Fi, and USB connections in infotainment systems is non-negotiable. Karin stressed the importance of securing these external interfaces to prevent unauthorized access.
  • Adopt Lifecycle Security: Regular OTA updates are critical to addressing vulnerabilities as they arise. Karin emphasized the need for a lifecycle approach to security to keep systems resilient over time.
  • Strengthen V2X Communications: Karin pointed out the importance of IEEE Standard 1609.2 for securing V2X message formats and processing. Using digital certificates fosters trust between devices and enhances communication security.

Cisco & Upstream: A Collaborative Path Forward

One of the most important points from our conversation was the need for collaboration. As I shared with Karin, cybersecurity is a multi-technology technical challenge and therefore a shared responsibility. She agreed, emphasizing that by working together—whether through collaboration between companies like Upstream and Cisco or across the broader industry—we can stay ahead of evolving threats.

This dialogue reaffirmed our belief in the power of collaboration and innovation. By taking proactive measures and embracing industry best practices, we can build a secure and resilient future for autonomous vehicles and smart mobility. The transformative potential of connected transportation is undeniable, but its success hinges on our ability to address these cybersecurity challenges head-on.

Newsletter Icon

The After-Sales Quality Report, Zooming in on the Power of AI

Newsletter Icon

Subscribe
to our newsletter

Stay up-to-date on the latest trends, emerging risks, and updates

From Detroit’s Auto Roots to AI Innovation: Jennifer Tisdale Joins Upstream

At Upstream, we’re passionate about shaping the future of mobility, and just as passionate about the people who join us in getting there. We have…

Read more

A CISO View from REE Automotive on the Evolving Cyber Landscape and AI

As vehicles become software-defined, cloud-connected, and increasingly infused with AI-driven capabilities, cybersecurity is no longer optional. It is a core design principle and a fundamental…

Read more

Flipper Zero and the Rise of “Unleashed 2.0”: Why Automotive Cybersecurity Needs to Look Beyond the Perimeter

Vehicles increasingly rely on wireless technologies, from RFID and Sub-GHz radio signals used in remote keyless entry and ignition to NFC-based digital keys in newer…

Read more

When Grey-Market Loopholes Leave Cars Open to Ransom

Imagine buying a brand-new connected vehicle, only to wake up one morning locked out of it. The app on your phone no longer works. The…

Read more
Skip to content