Transportation Cybersecurity Risks: Protecting The Electric And Software-Defined Car Steve Tengler Senior Contributor Opinions expressed by Forbes Contributors are their own. A seasoned expert with 29+ years in automotive on advanced tech design New! Follow this author to improve your content experience. Got it! Jun 28, 2022, 04:00am EDT | Share to Facebook Share to Twitter Share to Linkedin Automotive hacks are on the rise while innovative technology such as electric, autonomous and/or .
. . [+] software-defined vehicles have exponentially increased the potential threats.
So the cybersecurity community meets to learn, share and react. (Photo by Sean Gallup/Getty Images) Getty Images “Putin is a d***head. Glory to Ukraine.
” That’s what hacked electric vehicle chargers read amongst other things at disabled charging stations near Moscow recently. And as much as it brings a smile to the faces of many around the world, it highlights a point made by several researchers and developers who assembled last week at escar 2022 (a conference that focuses on deep, technical developments in automotive cybersecurity each year): automotive hacks are on the rise. In fact, per Upstream Automotive’s report , the frequency of cyberattacks have increased a whopping 225% from 2018 to 2021 with 85% conducted remotely and 54.
1% of the 2021 hacks being “Black Hat” (a. k. a.
malicious) attackers. In the midst of listening to various, real-world reports at this conference, a few things became evident: there is both good news and bad news based upon the ever-required focus in this critical area. The Bad News In its very simplest terms, the bad news is that technological advances are only making the likelihood of Day One events more likely.
“Electric vehicles are creating more technology, which means there are more threats and threat surfaces,” stated Jay Johnson, a Principal Research from Sandia National Laboratories. “There are already 46,500 chargers available as of 2021, and by 2030 the market demand suggests there’ll be approximately 600,000. ” Johnson went on to delineate the four primary interfaces of interest and a preliminary subset of identified vulnerabilities along with recommendations, but the message was clear: there needs to be an ongoing “call to arms.
” That, he suggests, is the only way to avoid such things as the Denial of Service (DoS) attacks in Moscow. “Researchers continue to identify new vulnerabilities,” states Johnson, “and we really need a comprehensive approach of sharing information about anomalies, vulnerabilities and response strategies to avoid coordinated, widespread attacks on infrastructure. ” Electric cars and their associated charging stations are not the only new technologies and threats.
The “software-defined vehicle” is a semi-new architectural platform (*arguably employed 15+ years ago by General Motors GM and OnStar) that some manufacturers are headed to combat the billions of dollars being wasted on continually redeveloping each vehicle. The basic structure involves hosting much of the vehicle’s brains offboard, which allows for reuse and flexibility within the software but also presents new threats. Per the same Upstream report, 40% of the attacks over the last few years targeted back-end servers.
“Let’s not fool ourselves,” warns Juan Webb, a Managing Director from Kugler Maag Cie, “there are many places throughout the automotive chain where attacks may happen ranging from manufacturing to dealerships to offboard servers. Wherever the weakest link exists that’s the cheapest to penetrate with the greatest financial implications, that’s where the hackers will attack. ” MORE FOR YOU Tesla Challenger Polestar Powers Up With Nasdaq Listing Plan Valuing It At $20 Billion Driver Killed By His Own Car Door While Waiting In Line At Fast-Food Drive-Thru, Providing Cautionary Insights For AI Self-Driving Cars Tesla Cofounder’s Recycling Startup Plans To Become EV Battery Material Powerhouse Therein, part of what was discussed at escar was the bad-news-good-news (depending upon your perspective) of the UNECE regulation going into effect this week for all new vehicle types: manufacturers must show a robust Cybersecurity Management System (CSMS) and Software Update Management System (SUMS) for vehicles to be certified for sale in Europe, Japan and eventually Korea.
“Preparing for these certifications is no small effort,” states Thomas Liedtke, a cybersecurity specialist also from Kugler Maag Cie. The Good News First and foremost, the best news is that companies have heard the rallying cry and have minimally begun to instill the necessary rigor to combat the aforementioned Black Hat foes. “In 2020-2022, we have seen an increase in corporations wanting to conduct a Threat Analysis and Risk Assessment or TAR AR A,” states Liedtke.
“As part of those analyses, the recommendation has been to focus on remotely-controlled attack types since these lead to higher risk values. ” And all of this analysis and rigor initially appears to be having an effect. Per a report provided by Samantha (“Sam”) Isabelle Beaumont of IOActive, only 12% of the vulnerabilities found in their 2022 penetration testing were deemed “Critical Impact” versus 25% in 2016, and only 1% were “Critical Likelihood” versus 7% in 2016.
“We are seeing present risk remediation strategies starting to pay off,” states Beaumont. “The industry is getting better at building better. ” Does that mean the industry is done? Certainly not.
“All of this is a continuous process of hardening the designs against evolving cyberattacks,” Johnson suggests. Meanwhile, I’ll celebrate the last piece of good news I gleaned: the Russian hackers are busy hacking Russian assets rather than my social media feed. Follow me on Twitter or LinkedIn .
Steve Tengler Editorial Standards Print Reprints & Permissions.
From: forbes
URL: https://www.forbes.com/sites/stevetengler/2022/06/28/cybersecurity-risks-protecting-the-electric-and-software-defined-car/