Tesla’s recent lawsuit against a former employee for stealing confidential information has given many OEMs a much-needed wake-up call: Attacks can come from anywhere.
On top of remote attacks or ransomware, OEMs are at risk of telematics data center breaches, intellectual property theft, or DDoS attacks. They are exposed to both individual vehicle and fleet-wide hacks, and not just from strangers. Insiders with a grudge to bear could cause even more damage than clever external hackers, especially as they could have privileges that allow them access to sensitive information and controls.
OEMs are under an increasing amount of pressure to be one step ahead. As the impact of security begins to take its toll on the way the public view businesses, and regulation races to catch up with reality, what changes should manufacturers be making to stay protected?
Last May, the Financial Services Committee in the US held its third Congressional hearing in less than a year on the safety and security of connected and autonomous vehicles. There are four separate bills currently going through Congress attempting to legislate this sector more stringently, one of which hopes to create a Driving System Cybersecurity Advisory Council. If successful, they will sit directly in the Department of Transportation and establish the standards and controls that car manufacturers must adhere to when they deploy connected vehicles of all kinds.
The Business Impact of Weak Security for OEMs
Whichever regulation becomes law, one can assume that it will have a considerable amount of control to act in the interests of consumer safety. The National Highway Traffic Safety Administration already has almost carte blanche control over taking vehicles off the road in cases of safety risks. The infamous Jeep Cherokee hack, where 1.4 million vehicles had to be recalled, is a good example of this.
The threat of industry liability is a real one, yet regulatory compliance is one area that fleets and OEMs can get ahead of. Whatever rules are put into place, having visibility into your entire data stream is going to be essential.
A recent example of the importance of data is a proposed rule put forward by the San Francisco Municipal Transportation Authority which states that police can access the logs of any autonomous vehicle without a warrant if it has been involved in an accident. t the data center is vital, as you can have end-to-end fleet visibility of any connected entity. This puts you ahead of the curve when it comes to finding answers and meeting regulatory guidelines.
With the fears surrounding connected vehicles, car manufacturers need the tools to educate consumers about vehicle safety and security
As IoT becomes all-pervasive, consumers are increasingly worried about the ability of hackers to access vital controls on their vehicles such as brakes and headlights, or break into mobile applications that allow them to steal vehicles or misuse them. Perhaps unfairly, the make up 98% of new cars sold by 2020, we anticipate this lawsuit being far from the last of its kind. It’s becoming increasingly important to protect OEMs and create the tools they need to keep their 5-star public image, as well as to respond quickly and proactively to any electric vehicle security issues.
Being able to quickly and efficiently provide insights is essential
This reality makes one thing crystal clear- An increasingly complex automotive landscape that includes dozens of third-party data streams, cars in varied stages of production both on the road and off, and attackers who come from external and internal sources- needs a new type of security. In the case of a car cyber-attack, accurate facts and analysis about its root cause and effects can be a strong foundation for regulatory compliance, as well as the difference between a devastating blow to your public image and a swift recovery.
This visibility can only be found by utilizing a single source of truth that shows you every part of the smart mobility ecosystem. This includes partners that are higher up in the value chain such as TSPs, cloud-computing solutions and mobile apps, and aftermarket integrations too. Real-time alerts can give you a heads-up to any anomalies or breaches, so that you can provide evidence for compliance, and where necessary, both educate and reassure consumers.
Upstream’s 2023 Global Automotive Cybersecurity Report
Cleared for takeoff? Upstream’s vSOC is the traffic control center for vehicles
Air traffic control centers play a critical role in ensuring the safety and efficiency of air traffic. The control centers help prevent aircraft collisions, maintain…Read more
Discovery: An Essential First Step in Securing APIs
API security is a crucial facet of cybersecurity in this era of rapid digitalization. While APIs serve as potent tools operating across every aspect of…Read more
Securing the Road Ahead: The Automotive Perspective of the New SEC Cybersecurity Rules
Cybersecurity has been recently positioned as a top priority by the SEC, requiring corporate America to disclose information on material cyber attacks. In addition to…Read more
Upstream Security joins AWS ISV Accelerate: What does it mean for Connected Mobility and SDV makers?
On May 24, 2023 Upstream was selected to join the AWS Independent Software Vendor (ISV) Accelerate Partner Program. This marks an important milestone in our…Read more