Automotive Cybersecurity Needs Serious Work
Annual report from security software and services company BlackBerry indicates the auto industry faces cyber challenges.

According to the BlackBerry 2021 Threat Report , which looks at cybersecurity threats of all types on a global basis, “modern automobiles are effectively insecure networks.” The authors point out that because there are as many as 100 compute components from various vendors on a vehicle, achieving common cybersecurity criteria is exceedingly difficult.
What’s more, they say an estimated 280 million vehicles globally are connected to the internet, and consequently, “Securing vehicles from cyber threats becomes increasingly difficult with every additional network connection, electronic component, and software-driven system.”
Among the issues identified in the 2021 report are:
- Electronic control unit (ECU) takeovers that affect vehicle systems (brakes, steering, powertrain)
- Vehicle compromise through paired smartphones (current or previous owners’)
- Vehicle-to-everything (V2X) and vehicle-to-vehicle (V2V) communications vulnerabilities
- Reliance on network connectivity for vehicle functionality
One effort that the authors note is working to address these issues, is the cybersecurity regulation put into place on June 25, 2020, by the United Nations Economic Commission for Europe (UNECE), WP.29. While the regulation doesn’t tell automakers how to secure their vehicles, it does outline actions that must be done.
The recommendations include making efforts to manage risks, detecting and responding to cybersecurity threats across feels, designing secure systems across the supply chain, and providing secure software updates for on-board systems for the life of the vehicle. UNECE WP.29 is supported by several European Union countries, China, Japan and Korea. WP.29-compliance is not required until July 2024.
The report’s authors say that ISO SAE 21434 provides implementation information for engineering the electrical and electronic (E/E) systems from the cybersecurity perspective for vehicles, including the participants in the supply chain. But because of the timing of UNECE WP.29, the authors aren’t optimistic about the situation between now and then. “This delay leaves threat actors years to operate in the largely unregulated and insecure space of connected vehicles,” the authors warn.
Top Stories
INSIDERDefense
Army Launches M1E3 Tank Development, Cancels M1 Abrams Upgrade Program -...
INSIDERAerospace
The B-21 Raider Starts Flight Testing - Mobility Engineering Technology
INSIDERAerospace
Air Force Awards JetZero $235 Million to Develop Blended Wing Body Demonstrator...
INSIDERDefense
Air Force Receives First eVTOL Six Months Ahead of Schedule - Mobility...
INSIDERDefense
Air Force to Buy Archer eVTOL Under New Contracts - Mobility Engineering...
ArticlesAerospace
Rim-Driven Electric Aircraft Propulsion - Mobility Engineering Technology
Webcasts
Medical
What Really Changed: A Look at the Updated FDA Guidance Document...
Automotive
Electrifying Off-Highway Drivetrains
Automotive
NVH Prediction in Electric Powertrains: Considering Inverter and...
Manufacturing & Prototyping
The Smaller the Part, the Bigger the Advantages of Miniature Aluminum Extrusions
Defense
Here's an Idea: How AI is Changing Military Aircraft Maintenance and More
Manufacturing & Prototyping
Precision, Control and Repeatability: Harnessing the Power of UV Curing in...