Security News > 2021 > April > Securing vehicles from potential cybersecurity threats

Securing vehicles from potential cybersecurity threats
2021-04-21 05:00

Organizations in the automotive industry are no stranger to demands and mandates regarding car and passenger safety, so addressing the issue of cybersecurity of computerized, connected vehicles should, in theory, not be a huge problem.

"Today's sophisticated connected vehicle architecture is inherently more vulnerable to cyber attacks. Connected vehicles can host up to 150 electronic control units and run on 100 million lines of code; tomorrow's vehicles may contain up to 300 million lines of software code. Cyber attacks that exploit the increasing digitization of vehicles present a significant risk to manufacturers, vehicle owners, other drivers and pedestrians," Meron noted.

"Each OEM tries to come up with their own defense strategy, using the variety of tools available in the market to protect from different attack vectors. Eventually they all need to manage cybersecurity of the vehicle throughout its lifecycle, from the very first day the design process commences, through production and maintenance of the vehicle, until decommissioning."

"For OEMs, this is the main obstacle to overcome. When considering the number of vehicle models and topologies, complex supply chains, increasing connectivity and over-the-air updates, among other areas of consideration once the vehicle is on the road, visibility provides important means of constant and systematic analysis, allowing for strong security posture. Once they gain visibility into their vehicles' cybersecurity lifecycles, OEMs can perform risk assessments and analyze potential threats, plan their desired security policy and enforce the chosen policy across the board to gain full ownership."

Meron's opinion of the cybersecurity of modern vehicles is poor and he advises potential buyers to wait until OEMs apply decent security measures and prove that to the market.

In the meantime, the first cut of automotive cybersecurity standards and regulations is here: two new UNECE WP.29 automotive cybersecurity regulations and the new ISO 21434 standard, which define the categoric directive for implementing cybersecurity management systems for the protection of vehicles.


News URL

http://feedproxy.google.com/~r/HelpNetSecurity/~3/J0Mc-u2j_vk/