The Business Impact of Weak Security for OEMs


December 10, 2018

Tesla’s recent lawsuit against a former employee for stealing confidential information has given many OEMs a much-needed wake-up call: Attacks can come from anywhere.

On top of remote attacks or ransomware, OEMs are at risk of telematics data center breaches, intellectual property theft, or DDoS attacks. They are exposed to both individual vehicle and fleet-wide hacks, and not just from strangers. Insiders with a grudge to bear could cause even more damage than clever external hackers, especially as they could have privileges that allow them access to sensitive information and controls.

OEMs are under an increasing amount of pressure to be one step ahead. As the impact of security begins to take its toll on the way the public view businesses, and regulation races to catch up with reality, what changes should manufacturers be making to stay protected?

Last May, the Financial Services Committee in the US held its third Congressional hearing in less than a year on the safety and security of connected and autonomous vehicles. There are four separate bills currently going through Congress attempting to legislate this sector more stringently, one of which hopes to create a Driving System Cybersecurity Advisory Council. If successful, they will sit directly in the Department of Transportation and establish the standards and controls that car manufacturers must adhere to when they deploy connected vehicles of all kinds.

The Business Impact of Weak Security for OEMs

Whichever regulation becomes law, one can assume that it will have a considerable amount of control to act in the interests of consumer safety. The National Highway Traffic Safety Administration already has almost carte blanche control over taking vehicles off the road in cases of safety risks. The infamous Jeep Cherokee hack, where 1.4 million vehicles had to be recalled, is a good example of this.

The threat of industry liability is a real one, yet regulatory compliance is one area that fleets and OEMs can get ahead of. Whatever rules are put into place, having visibility into your entire data stream is going to be essential.

A recent example of the importance of data is a proposed rule put forward by the San Francisco Municipal Transportation Authority which states that police can access the logs of any autonomous vehicle without a warrant if it has been involved in an accident.  t the data center is vital, as you can have end-to-end fleet visibility of any connected entity. This puts you ahead of the curve when it comes to finding answers and meeting regulatory guidelines.

With the fears surrounding connected vehicles, car manufacturers need the tools to educate consumers about vehicle safety and security

As IoT becomes all-pervasive, consumers are increasingly worried about the ability of hackers to access vital controls on their vehicles such as brakes and headlights, or break into mobile applications that allow them to steal vehicles or misuse them. Perhaps unfairly, the make up 98% of new cars sold by 2020, we anticipate this lawsuit being far from the last of its kind. It’s becoming increasingly important to protect OEMs and create the tools they need to keep their 5-star public image, as well as to respond quickly and proactively to any electric vehicle security issues.

Being able to quickly and efficiently provide insights is essential

This reality makes one thing crystal clear- An increasingly complex automotive landscape that includes dozens of third-party data streams, cars in varied stages of production both on the road and off, and attackers who come from external and internal sources- needs a new type of security. In the case of a car cyber-attack, accurate facts and analysis about its root cause and effects can be a strong foundation for regulatory compliance, as well as the difference between a devastating blow to your public image and a swift recovery.

This visibility can only be found by utilizing a single source of truth that shows you every part of the smart mobility ecosystem. This includes partners that are higher up in the value chain such as TSPs, cloud-computing solutions and mobile apps, and aftermarket integrations too. Real-time alerts can give you a heads-up to any anomalies or breaches, so that you can provide evidence for compliance, and where necessary, both educate and reassure consumers.

Newsletter Icon

Upstream’s 2024 Global Automotive Cybersecurity Report

Newsletter Icon

to our newsletter

Stay up-to-date on the latest trends, emerging risks, and updates

Newly Discovered IoT Vulnerabilities in ELDs Raise Risk for Fleet-Wide Attacks

In late March 2024, The Register published a unique coverage, describing multiple new vulnerabilities and elaborating on the cyber risks in ELDs (electronic logging devices)…

Read more

Navigating the Evolving Automotive Cybersecurity Regulatory Landscape

The automotive industry’s digital transformation has ushered in an era of unprecedented connectivity and technological advancement. Yet, it is also exposing mobility assets to a…

Read more

With Its Second Milestone Coming Soon, the Impact of UNECE R155 Continues to Expand

The UNECE WP.29 R155 regulation is rapidly evolving, reflecting the automotive industry’s commitment to addressing cybersecurity risks across an increasingly connected and technologically advanced mobility…

Read more

The GenAI Arms Race is Here

The Automotive and Smart Mobility Ecosystem is entering a new era of GenAI, democratizing attacks but also cyber defenses. On the one hand, GenAI is…

Read more