The State of Automotive Cybersecurity: Key Insights from Auto-ISAC European Summit

We recently took part in the Auto-ISAC European Summit at the iconic BMW-Welt in Munich, gaining valuable insights into the evolving automotive cybersecurity landscape. As Auto-ISAC partners, we’re pleased to share our key takeaways:

Expanding Attack Surface

The summit highlighted growing concerns about the expanding attack surface in smart mobility. Our 2024 Global Automotive Cybersecurity Report confirms this trend, demonstrating a significant increase in cyber incidents affecting connected vehicles and mobility assets. As the ecosystem grows to include not just vehicles but also EV charging infrastructure and other IoT devices, the need for comprehensive security solutions becomes even more critical. The introduction of software-defined vehicles on a large scale (90% of total production by 2030) is expected to put emphasis on data-driven real-time monitoring and full digitization of the risk management process.

Furthermore, this year we witnessed an inflection point in the automotive cybersecurity landscape, as the attack surface not only expanded but the impact has expanded dramatically as well. As discussed in Upstream’s 2024 report and during the summit, attacks are shifting from experimental attempts to large-scale attacks. Indeed, in 2023 nearly 50% of incidents in 2023 impacting thousands-million of mobility assets (including connected vehicles, EV charging infrastructure, IoT, and mobility applications).

Evolving Regulatory Frameworks

Adapting to new regulations, particularly UNECE WP.29 R155, the EU Cyber Resilience Act, and NIS2, is a top industry priority. These frameworks are reshaping cybersecurity approaches throughout the vehicle lifecycle and for the wider IoT ecosystem. The summit provided valuable insights into how OEMs and suppliers are navigating these new requirements, from design and development to post-production support. It was great to receive first-hand information from representatives of regulatory agencies such as the European Commission – DG CONNECT, ENISA, and BSI.

Collaborative Cyber Threat Intelligence Sharing

The summit strongly emphasized the critical role of information sharing in combating cyber threats. Auto-ISAC’s efforts to facilitate this collaboration were widely recognized. We’re proud to contribute to this effort through our partnership with Auto-ISAC and our AutoThreat® Intelligence Cyber Incident Repository, which provides mobility-specific threat cyber intelligence to enhance industry-wide security postures.

GenAI Integration in Cybersecurity

GenAI’s potential to enhance cybersecurity measures was a key discussion point, highlighted in a fireside chat featuring Upstream’s VP Market Development and Prof. Dr. Hans-Joachim Hof. They introduced the concept of vSOC 3.0, a Generative AI (GenAI)-powered approach to managing cyber risks at scale. The discussion emphasized GenAI’s role in improving investigation processes within vSOCs. This aligns with Upstream’s recent launch of Ocean AI, our Generative AI capability integrated into Upstream’s Mobility XDR platform, designed to address the growing complexity of cyber threats in the automotive sector.

We’re privileged to partner with Auto-ISAC. Their leadership in bringing together executives and experts creates a unique environment for addressing business models, technology solutions, and regulatory frameworks. This collaborative approach is crucial as our industry faces increasingly sophisticated cyber threats.

As cyber risks evolve and the mobility ecosystem expands, we at Upstream remain committed to developing innovative solutions that protect the entire smart mobility ecosystem. We’re grateful for the insights gained at the summit and the ongoing collaboration fostered by Auto-ISAC’s leadership team, including Faye, Martin, Kevin, Stephan, Amine, Sebastien, Valentina, and all the board directors and steering committee members.

By staying engaged with Auto-ISAC and leveraging insights from events like the European Summit, we continue our mission to secure the future of connected mobility. The challenges are significant, but through collaboration and innovation, we’re confident in our industry’s ability to build a secure and trustworthy smart mobility ecosystem.