Connected cars have evolved from being an extra to being the norm. As fleets become more autonomous and connected, the complexity of their systems continues to increase. These days, vehicles’ computer systems may include millions of lines of coding. Fleet owners may face new risks from cybercriminals that can break havoc on their business. In this post, we’ll give you an overview of the main cybersecurity challenges of fleets and how to overcome them.
The security challenges of connected cars
The first problem lies in manufacturers’ implementation of cybersecurity measures is still behind. There are no specific automotive standards, just the ISO 26262, which states that a manufacturer is responsible for implementing security measures. But there are other security challenges for connected fleets. Let’s explore.
The security threat landscape
Code-heavy solutions increase the risk of exposure.
The larger and more complex a piece of software, the more likely it is to have vulnerabilities that can be exploited. Automotive software can contain hundreds of millions of lines of code. If you have code-heavy software, the chances of vulnerabilities are exponential. Regardless of the testing, the automotive industry is not yet ensuring secure code line by line.
The complexity of the automotive software supply chain
The automotive industry often integrates third-party software, applications, components, and protocols. For each integrant in the supply chain, the risk of an attacker taking advantage of weak links increases. When multiple actors are involved, and a car software set can be supplied by over 20 suppliers—, implementing cybersecurity protections becomes difficult.
Applying signatures to software should be done when built up in the supply chain. But suppliers are not always aware of potential threats that may affect others. For instance, if a Tier 1 supplier solution has a vulnerability, it can pass down to Tier 2 and Tier 3 suppliers. A cybercriminal can infiltrate a low-level supplier and work its way up there. The problem is compounded by the high interconnection of supply chain integrants. That is why connected cars are at great risk of supply chain attacks.
Diversity of the attacks
Cyberattacks are increasing, not only in number but also in diversity. Attackers can steal cars or break in, control car systems or steal sensitive and private data. Although around for a long time, in-car data collection and storage systems are often overlooked by automotive cybersecurity. With attacks coming from multiple fronts, car fleets and manufacturers need to up their protection game.
Government initiatives fall behind
Connected fleets, if hacked, can be victims of accidents and damage, financial loss, and personal injury. Attackers can target vehicles via their software updates, or any component.
Unfortunately, government initiatives to protect fleets from the impact of a cyberattack are lacking. In a recent study by the University of Exeter, researchers stated that “It’s impossible to measure the risk of driverless vehicles being hacked, but it’s important to be prepared. We suggest the introduction of insurance backed Maliciously Compromised Connected Vehicle Agreement to compensate low-cost hacks, and a government-backed guarantee fund to compensate high-cost hacks.”(source)
Consequences of getting hacked
Financial loss
An attack in the fleet architecture can be a disaster. First, a company will suffer a loss and of clients and reputation. As a consequence, the financial loss for car hacking can be in the millions.
Loss of personal data
Imagine a cyber attacker getting hold of your car fleet user’s data. Data breaches can result in loss of client’s trust, reputation and money. Not to mention the penalties and fines for noncompliance with regulations.
Fines and insurance issues
A car hacking can result in regulatory issues, with hefty fines. Moreover, most insurance doesn’t cover car fleet hacking. Many times, manufacturers and fleet owners suffer from increases in insurance primes and compensation.
How automotive cybersecurity overcomes the challenges
Car fleet owners can find it overwhelming to protect their fleet against these types of attacks. But there are some strategies you can apply. First, you don’t have control over the manufacturer’s hardware or other software integrated into the system.
- Conduct cybersecurity hygiene
This may be obvious, but the first line of defense is prevention. Evaluate which parts of the infrastructure you have control over, and how it integrates with your vehicles. Ensure your staff is practicing security hygiene practices. This includes being responsible for data retention, access control, and data loss prevention practices.
- Leverage a cloud-based automotive security solution
A holistic car protection solution can help protect your fleet. An effective security solution needs to analyze the fleet as a whole, understanding the data at all levels of the fleet architecture, including at the car, driver, app, and server level. By leveraging a cloud solution, you are not tied to hardware issues.
Conclusion
Car hacking can have disastrous consequences for car fleets, financially, and in terms of loss of reputation and business. Car fleet owners can protect their companies from cyberattacks by leveraging automotive security technology and best practices.