Cybersecurity in the Autonomous Vehicle: The Next Frontier in Mobility | #hacking | #cybersecurity | #infosec | #comptia | #pentest | #ransomware

By Ganesh Rao, Head of R&D ADAS Engineering, Continental Automotive India

With the advancement in technology and influx of digitalization, the vehicles are being transformed into moving data centre. For example, the introduction of connectivity, advanced safety technologies and driver assistance systems are turning the vehicle architecture into a complex one. If we further break it down, there is a typical hierarchical structure that is replacing traditional vehicle architecture, for instance, High-Performance Computers (HPC) are taking the centre stage in running the complex vehicle electronic and electrical functionalities. A modern vehicle architecture will have electronic control unit managed by zone control unit which will be collectively computed by HPCs. 

At the centre of it, software plays a key role in enabling the entire vehicle architecture to work seamlessly. This is exactly why software is like the oil of the future. As we move towards CASE (Connected, Autonomous, Shared and Electric), the number of lines of codes is also on the rise. To give you a perspective, the cars of today have about 100 million lines of code and by 2030 it is predicted to reach 300 million lines of codes. 

Therefore, the vehicle architecture must be protected from malicious attacks, illegal access, damages, or anything else that could interfere with a vehicle’s functionality. A flaw in even one of the vehicle’s components might allow hackers to steal data, interfere with a function or completely take over the vehicle. This would land in a serious problem with variety of issues such as identity theft, possible theft of financial data and in worst case, the safety of the driver and the passengers. 

Advanced technologies like keyless entry and voice assistance are being incorporated in the modern vehicles. According to Upstream’s 2022 Global Automotive Cybersecurity Report, about 82 percent of overall global attacks were carried out remotely, needing no physical access to the car. To ensure the safety of the vehicle as well as the passengers, it is essential to put into place robust security measures to guard against potential threats and attacks. This includes encryption technologies, authentication protocols, secure data storage systems, and regular updates to software patches.

Evolving challenges around Autonomous Driving

Increasing Vulnerability to Cyberattacks

Autonomous vehicles heavily rely on interconnected systems and software that control their operations. These systems make use of various sensors, cameras, and communication technologies to navigate and interact with the external environment. Hackers can potentially exploit vulnerabilities in the software and gain unauthorized access to critical functions like steering, acceleration, or braking, leading to dangerous consequences on the road. In India, where the cyber security landscape is constantly evolving, it is crucial to proactively address these vulnerabilities to protect autonomous vehicles from malicious attacks.

Securing Autonomous Vehicles

A connected vehicle seamlessly exchanges data with a variety of parties, including other vehicles that are on the road (V2V), surrounding infrastructure (V2I), and everything else (V2X). The various individual segments play a crucial role in how the system functions. However, these networks can be susceptible to interception and disruption, potentially leading to accidents or unauthorized control of vehicles. Building secure communication networks that employ encryption and authentication protocols is crucial to prevent such incidents. 

Data Privacy and Protection

Connected vehicles generate and process vast amounts of data, including personal and sensitive information about passengers, driving patterns, and routes. Protecting this data from unauthorized access and ensuring its privacy is significant. India must establish robust data protection frameworks and regulations to safeguard this information and mitigate the risk of data breaches.

Adopt a multi-layered approach

The automotive industry must adopt a multi-layered approach to address cybersecurity challenges. Implementation of a robust encryption protocol can protect the communication channels between the vehicle and external systems. This comprises of authentication mechanisms as well as secure data transmission to ensure that only authorized entities can access vehicle systems.

Highly secured software and firmware

Secure software and firmware has to be a priority for vehicle manufacturers. Only regular software updates and patches can address vulnerabilities and protect vehicles against potential threats. Furthermore, conducting rigorous vulnerability assessments and penetration testing can help identify and resolve weaknesses in a vehicle’s cybersecurity system. 

Collaboration and Regulation

Addressing cybersecurity challenges in an autonomous vehicle requires collaborative efforts from all stakeholders across the industry including government bodies and cybersecurity experts. Furthermore, the development of regulatory frameworks specific to autonomous vehicles is essential. Governments should work closely with industry experts to establish guidelines and regulations that ensure the security and safety of autonomous vehicles. Compliance with these regulations should be mandatory for all manufacturers, thus fostering a culture of cybersecurity within the industry.

AI and predictive modelling

An unregulated environment could expose the vehicles to risks and vulnerabilities as they become more IoT-driven. Therefore, Artificial intelligence-enhanced automotive cybersecurity systems may be able to provide a detailed picture of potential system vulnerabilities. The introduction of AI and predictive modelling in autonomous vehicles is a step forward in preventing cybersecurity attacks. 

Automotive cybersecurity is more than just keeping the car secure. It needs to start much earlier, particularly during the manufacturing process. A strong security mechanism is required in the manufacturing setup to prevent hackers from infiltrating and altering the codes of the components, resulting in faulty behaviour. The entire industrial infrastructure is networked in a typical Industry 4.0 smart factory. The growing number of connected plants exposes the ecosystem to new threats and vulnerabilities. Any data traveling across the network is subject to a cyber-attack. New dangers emerge as manufacturing data migrates from OT systems on the factory floor to connected Information Technology (IT) systems in the corporate network. Cybercriminals may acquire access to intellectual property, disrupt manufacturing schedules, and have a severe impact on product quality.

Even though certain processes are not connected to the internet, the manufacturing environment should be considered fully integrated. Although many breaches begin in IT networks, hackers or attackers can spread to other parts of the environment via connected devices. Furthermore, some connected devices may contain information about the non-connected processes.

The vehicle cybersecurity solution must be proactive and multi-layered. Cybersecurity can be tackled in three broad steps:  

Prevent – As networking and the demand for in-vehicle interfaces increase, so does the likelihood of security incursions. Hackers are motivated by a multitude of factors like data theft, monetary gain, and status. Manufacturers must fortify all potential points of entry and implement security measures at all levels and divisions. By recognizing the different attack sites, comprehending behavior, and creating security measures for the systems, this is made achievable. This typically involves the use of embedded security software, secure networks, hardware-enhanced encryption, secure vehicle architecture and DevSecOps. 

Understand – Recognise that the system is under attack, locate the point of entry, identify any vulnerabilities that have been exposed, and gather other vital details in real time. This entails the tracking and live monitoring of connected automobiles. Setting up Security Operation Centres (SOCs) is one example of this. To ensure real-time detection of any such breach and to respond to it immediately, SoCs are required. Furthermore, SOCs would assist in detecting gaps and performing fast repairs to reduce long-term exposure to risks in on-road vehicles.   

Respond – Though a company must keep track of hundreds of procedures, hackers only need to uncover one vulnerability to obtain access. Between those who seek to secure networks and those who want to undermine them, it seems like a never-ending race. Therefore, it is crucial to take action as soon as a gap is discovered. It is pertinent to reduce the damage and immunize the fleet through over-the-air software updates and patch management immediately.

To sum up, the importance of cybersecurity cannot be overstated in modern cars. With the potential risks associated with unauthorized access and data breaches, securing these vehicles is of paramount importance. By adopting a multi-layered approach, fostering collaboration, and establishing robust regulations, one can overcome the challenges of cybersecurity and ensure a safe and secure driving experience for all. Currently, the developers are building a robust system preventing the hackers from intruding the architecture and altering the codes. Cybersecurity is a continuous process, not a step or layer that needs to be added once development is completed. As a result, cybersecurity will be inevitable in the future for ensuring market access. With the automotive industry growing smarter, the cybersecurity protocols requirements also need to grow smarter. 

Disclaimer: Views expressed are personal and do not reflect the official position or policy of Financial Express Online. Reproducing this content without permission is prohibited.