Securing the Future of Autonomous Vehicles

Connected Autonomous Vehicles (CAVs) represent one of the most transformative innovations in transportation, but with this transformation comes a new array of cybersecurity challenges. Recently, I had the pleasure of discussing this critical topic with Karin Shopen, VP of Product Management at Cisco Talos Intelligence Group, Cisco Security. Our conversation shed light on the threats facing the automotive and smart mobility ecosystem and the steps needed to secure its future.

This conversation with Karin Shopen is part of Upstream’s upcoming 2025 Global Automotive and Smart Mobility Report, which aims to provide actionable insights and highlight key challenges and solutions for the evolving cybersecurity landscape.

The Expanding Attack Surface of Autonomous Vehicles

As Karin mentioned during our chat, the digitization and connectivity of vehicles open up incredible opportunities but also significantly expand the attack surface. From compromised sensors and V2X communications to exploited APIs and over-the-air (OTA) updates, CAVs face a multitude of cyber risks. Karin pointed out that complexities such as the lack of industry-agreed standards, connectivity including network latency issues, and cybersecurity resource constraints across the ecosystem further exacerbate these challenges.

We also discussed how cybercriminals and state-sponsored actors approach these vulnerabilities differently. “Financially motivated attackers focus on tactics like keyless entry hacks, as well as fleet and lease level frauds,” Karin explained, “while nation-states prioritize more advanced strategies, such as supply chain compromises, for espionage or large-scale disruption.” I couldn’t agree more, especially given the increasing connectivity of vehicles and the monetization of vehicle data, which make the automotive sector an attractive target.

Key Recommendations for Securing Vehicles in the Autonomous Era

In our conversation, Karin and I explored practical solutions to mitigate these risks. Here are some of the key takeaways:

• Follow Industry Standardization: Adhering to frameworks like ISO/SAE 21434 is essential for robust vehicle cybersecurity. These standards provide a baseline for security and build trust across the ecosystem.
• Enhance Remote Keyless Entry Security: Karin highlighted the effectiveness of technologies like Frequency Hopping Spread Spectrum (FHSS) and rolling code systems. These measures dynamically change communication frequencies and prevent signal reuse, reducing the risk of relay attacks.
• Implement ECU Isolation (Security by Design): Segmenting critical ECUs, such as those for braking, from non-critical ones like infotainment, is vital. This approach limits the impact of a potential breach and protects critical systems.
• Secure Connectivity: Ensuring proper authentication for Bluetooth, Wi-Fi, and USB connections in infotainment systems is non-negotiable. Karin stressed the importance of securing these external interfaces to prevent unauthorized access.
• Adopt Lifecycle Security: Regular OTA updates are critical to addressing vulnerabilities as they arise. Karin emphasized the need for a lifecycle approach to security to keep systems resilient over time.
• Strengthen V2X Communications: Karin pointed out the importance of IEEE Standard 1609.2 for securing V2X message formats and processing. Using digital certificates fosters trust between devices and enhances communication security.

Cisco & Upstream: A Collaborative Path Forward

One of the most important points from our conversation was the need for collaboration. As I shared with Karin, cybersecurity is a multi-technology technical challenge and therefore a shared responsibility. She agreed, emphasizing that by working together—whether through collaboration between companies like Upstream and Cisco or across the broader industry—we can stay ahead of evolving threats.

This dialogue reaffirmed our belief in the power of collaboration and innovation. By taking proactive measures and embracing industry best practices, we can build a secure and resilient future for autonomous vehicles and smart mobility. The transformative potential of connected transportation is undeniable, but its success hinges on our ability to address these cybersecurity challenges head-on.