Automotive Cybersecurity Needs Serious Work
Annual report from security software and services company BlackBerry indicates the auto industry faces cyber challenges.
According to the BlackBerry 2021 Threat Report , which looks at cybersecurity threats of all types on a global basis, “modern automobiles are effectively insecure networks.” The authors point out that because there are as many as 100 compute components from various vendors on a vehicle, achieving common cybersecurity criteria is exceedingly difficult.
What’s more, they say an estimated 280 million vehicles globally are connected to the internet, and consequently, “Securing vehicles from cyber threats becomes increasingly difficult with every additional network connection, electronic component, and software-driven system.”
Among the issues identified in the 2021 report are:
- Electronic control unit (ECU) takeovers that affect vehicle systems (brakes, steering, powertrain)
- Vehicle compromise through paired smartphones (current or previous owners’)
- Vehicle-to-everything (V2X) and vehicle-to-vehicle (V2V) communications vulnerabilities
- Reliance on network connectivity for vehicle functionality
One effort that the authors note is working to address these issues, is the cybersecurity regulation put into place on June 25, 2020, by the United Nations Economic Commission for Europe (UNECE), WP.29. While the regulation doesn’t tell automakers how to secure their vehicles, it does outline actions that must be done.
The recommendations include making efforts to manage risks, detecting and responding to cybersecurity threats across feels, designing secure systems across the supply chain, and providing secure software updates for on-board systems for the life of the vehicle. UNECE WP.29 is supported by several European Union countries, China, Japan and Korea. WP.29-compliance is not required until July 2024.
The report’s authors say that ISO SAE 21434 provides implementation information for engineering the electrical and electronic (E/E) systems from the cybersecurity perspective for vehicles, including the participants in the supply chain. But because of the timing of UNECE WP.29, the authors aren’t optimistic about the situation between now and then. “This delay leaves threat actors years to operate in the largely unregulated and insecure space of connected vehicles,” the authors warn.
Top Stories
INSIDERRegulations/Standards
Boeing to End 767 Production, Reduce Workforce Amid Ongoing Union Strike
INSIDERRF & Microwave Electronics
Germany's New Military Surveillance Jet Completes First Flight
INSIDERWeapons Systems
Army Receives New Robot Combat Vehicle Prototypes
INSIDERWeapons Systems
Army Seeks to Expand 3D Printing to the Tactical Edge
INSIDERDesign
Army Evaluates 3D Printing for Bradley Fighting Vehicle's Transmission Mount
ArticlesPropulsion
Cummins New X15 Engine Meets Upcoming Regs While Boosting Efficiency
Webcasts
Software
The Rise of Software-Defined Commercial Vehicles
Test & Measurement
Avoiding Risk Analysis Pitfalls: Implementing Linked DFMEA, HARA,...
Test & Measurement
A Quick Guide to Multi-Axis Simulation and Component Testing
Software
Best Practices for Developing Safe and Secure Modular Software
Power
Designing an HVAC Modeling Workflow for Cabin Energy Management...
Aerospace
Countering the Evolving Challenge of Integrating UAS Into...