The Business Impact of Weak Security for OEMs


Tesla’s recent lawsuit against a former employee for stealing confidential information has given many OEMs a much-needed wake-up call: Attacks can come from anywhere.

On top of remote attacks or ransomware, OEMs are at risk of telematics data center breaches, intellectual property theft, or DDoS attacks. They are exposed to both individual vehicle and fleet-wide hacks, and not just from strangers. Insiders with a grudge to bear could cause even more damage than clever external hackers, especially as they could have privileges that allow them access to sensitive information and controls.

OEMs are under an increasing amount of pressure to be one step ahead. As the impact of security begins to take its toll on the way the public view businesses, and regulation races to catch up with reality, what changes should manufacturers be making to stay protected?

Last May, the Financial Services Committee in the US held its third Congressional hearing in less than a year on the safety and security of connected and autonomous vehicles. There are four separate bills currently going through Congress attempting to legislate this sector more stringently, one of which hopes to create a Driving System Cybersecurity Advisory Council. If successful, they will sit directly in the Department of Transportation and establish the standards and controls that car manufacturers must adhere to when they deploy connected vehicles of all kinds.

The Business Impact of Weak Security for OEMs

Whichever regulation becomes law, one can assume that it will have a considerable amount of control to act in the interests of consumer safety. The National Highway Traffic Safety Administration already has almost carte blanche control over taking vehicles off the road in cases of safety risks. The infamous Jeep Cherokee hack, where 1.4 million vehicles had to be recalled, is a good example of this.

The threat of industry liability is a real one, yet regulatory compliance is one area that fleets and OEMs can get ahead of. Whatever rules are put into place, having visibility into your entire data stream is going to be essential.

A recent example of the importance of data is a proposed rule put forward by the San Francisco Municipal Transportation Authority which states that police can access the logs of any autonomous vehicle without a warrant if it has been involved in an accident.  t the data center is vital, as you can have end-to-end fleet visibility of any connected entity. This puts you ahead of the curve when it comes to finding answers and meeting regulatory guidelines.

With the fears surrounding connected vehicles, car manufacturers need the tools to educate consumers about vehicle safety and security

As IoT becomes all-pervasive, consumers are increasingly worried about the ability of hackers to access vital controls on their vehicles such as brakes and headlights, or break into mobile applications that allow them to steal vehicles or misuse them. Perhaps unfairly, the make up 98% of new cars sold by 2020, we anticipate this lawsuit being far from the last of its kind. It’s becoming increasingly important to protect OEMs and create the tools they need to keep their 5-star public image, as well as to respond quickly and proactively to any electric vehicle security issues.

Being able to quickly and efficiently provide insights is essential

This reality makes one thing crystal clear- An increasingly complex automotive landscape that includes dozens of third-party data streams, cars in varied stages of production both on the road and off, and attackers who come from external and internal sources- needs a new type of security. In the case of a car cyber-attack, accurate facts and analysis about its root cause and effects can be a strong foundation for regulatory compliance, as well as the difference between a devastating blow to your public image and a swift recovery.

This visibility can only be found by utilizing a single source of truth that shows you every part of the smart mobility ecosystem. This includes partners that are higher up in the value chain such as TSPs, cloud-computing solutions and mobile apps, and aftermarket integrations too. Real-time alerts can give you a heads-up to any anomalies or breaches, so that you can provide evidence for compliance, and where necessary, both educate and reassure consumers.

Newsletter Icon

Upstream’s 2023 Global Automotive Cybersecurity Report

Newsletter Icon

to our newsletter

Sign up to receive updates delivered to your inbox

The Power Grid Must Be Protected, But Are EV Charging Stations Secure?

The widespread adoption of electric vehicles (EVs) depends on a robust and reliable network of charging stations. However, as the number of EVs on the…

Read more

Navigating the Risks of Automotive Subscription Revenue Streams: Cyber Hacking Enables Bypassing, Tampering and Fraud

“A significant increase in hacking attempts by vehicle owners is expected, aimed at bypassing premium costs by manipulating systems fraudulently.” – Upstream Security 2023 Global…

Read more

API Security Needs to be Integral in Automotive Threat Analysis and Risk Assesment

APIs enable the opportunity to innovate and improve services in the connected vehicle and smart mobility ecosystem. APIs are widely used in advanced features, services…

Read more

NHTSA Updates US Cybersecurity Guidelines for Vehicles

Connected and software-defined vehicles technologies are on the rise, offering customers a better user experience, and introducing new monetization strategies for OEMs. Given the rising…

Read more