It has become quite evident in recent years that the auto industry is becoming more vulnerable to cyberattacks. From connected and self-driving cars to increasing the use of automation and computers in manufacturing, the auto industry has evolved from its purely mechanical and analog past to adapt to the technological revolution we are currently experiencing.
This means that the more our vehicles rely on being connected to the cloud and using artificial intelligence for self-driving purposes, and the more that the auto industry implements connected technologies and automation into their manufacturing processes, the more susceptible it all becomes to cybercriminals with bad intentions.
So why and how is the automotive industry susceptible to cyberattacks, and what is being done to help protect manufacturers and consumers from bad actors? Let us dive into the automotive industry to address these concerns and more.
Cybersecurity for consumers in the auto industry
In 2020, the world saw over 30 million new connected cars on the road, and by 2025, that figure is expected to hit over 115 million globally. One of the largest drivers of the increased use of connected and autonomous vehicles is the increasing popularity of electric cars. For example, in Canada alone, it is expected that over 71% of Canadians will consider an electric vehicle for their next purchase.
Many of the most popular electric vehicle brands, like Tesla, GM, Ford, Toyota, and Volkswagen, rely heavily on the internet, the cloud, and AI to support all vehicle functions, including their self-driving capabilities.
What is most concerning for automakers and consumers alike is that connected vehicles have been shown to contain vulnerabilities that can be easily exposed by cybercriminals if not properly protected.
What is a connected car, and how can it be a target for cybercriminals?
A connected car is any vehicle that can connect to the internet to share data or connect with devices inside or outside the car. It can also perform functions and download data requested by the user.
One of the main benefits of driving a connected vehicle is app-to-car connectivity, which allows users to connect to their vehicle through an app on their smartphone. The vehicle owner can then conduct remote functions like locking or unlocking the doors, adjusting the thermostat’s temperature, turning on and off the headlights, and locating the vehicle using the onboard GPS. Some autonomous vehicles will even let you park your car or move it remotely using an app.
For all of these functions to work properly, the tiny computers controlling them, the app itself, and the vehicle’s command center all need to communicate through the cloud. Thus, cloud security and the security of a vehicle’s command center have become a huge responsibility and concern for the automotive industry working to protect its customers.
Connected cars that use cloud technology can become potential targets of hackers who can gain access to the vehicle through a basic internet connection and take control of all connected functions.
Once the vehicle’s central command center has been infiltrated, a hacker can unlock the car, start the engine, and steal the car. They could take control of a car remotely and have the vehicle drive itself to any location the hacker would like. They could even take control of the car’s functions while the driver is in motion and steer the vehicle into an accident, potentially causing harm to the vehicle occupants and bystanders. The latter is the largest concern of automakers and consumers of connected vehicle technology.
What is being done to address cybersecurity concerns in the auto industry?
We all know that connected and autonomous vehicles pose several risks when it comes to cybersecurity and consumer safety. Because of this, hackers have identified the automotive industry as a soft target struggling to keep up with the constantly evolving cybersecurity landscape.
That being said, automotive manufacturers are working extremely hard to play catch up in the realm of cybersecurity to address the safety concerns of their customers. Connected and autonomous vehicles are here to stay, and for the automotive industry to thrive, they need to make the safety and security of their products their number one priority.
The more connected our vehicles become, the more we are starting to see governments create regulations for the automotive industry to protect consumers from potential security flaws that could put them at risk.
For example, by 2024, all new vehicles produced in the EU will need to follow regulations created by the United Nations Economic Commission for Europe. These regulations will address practices like security by design, secure software updates, and how the automotive industry responds to cybersecurity incidents.
It is expected that automakers in Japan and Korea will adhere to these regulations to be allowed to sell their connected and autonomous vehicles to European consumers. If US automakers would like to sell their vehicles in the EU, they will need to comply with the new regulations before 2024 as well.
At the same time, the International Organization for Standardization is currently working on a framework that can help auto manufacturers identify potential cybersecurity risks while making cars more secure at all stages of development.
Cybersecurity for other industries that use connected and autonomous vehicles
Connected and autonomous vehicles are expected to make huge transformations in many areas other than the automotive industry. One of the largest impacts will be seen and felt in the transportation and storage industry.
It has been estimated that by the mid-2030s, more than half of the jobs in the transportation and storage industry will be automated. A large part of this industry-wide transformation will be due to the wide use of autonomous vehicles for the transportation of people and the delivery of goods and services.
With the rise of eCommerce, especially in a post-COVID world, consumers have changed how they receive everything from consumer goods to even their everyday groceries and medications. People want their goods, and they want them fast. This has put a huge strain on companies like Amazon and UPS, who are trying to deal with supply chain distributions and labor shortages while living up to their service commitments.
Because of this, Amazon, UPS, and even companies like Pizza Hut and Kroger Supermarkets, are investing heavily in autonomous vehicle technology to deliver their products and goods to consumers without needing human drivers. Some researchers predict that up to 90% of all products and goods could be delivered with autonomous vehicles within the next decade.
Again, cybersecurity is a major concern for these companies that are looking to utilize connected and autonomous vehicles to get their goods and services to consumers. For example, what happens if a security flaw is exposed by hackers, allowing them to take control of an autonomous vehicle with a large number of Amazon orders? They can then move it to their desired location, unlock its doors, and steal all of the vehicle’s contents. Who is responsible for the loss? Is it Amazon? Or is it the vehicle manufacturer?
Ideally, this should never be able to happen in the first place. It all starts with the automotive industry and its ability to address these types of cybersecurity concerns at every stage of development.
Auto Industry Cybersecurity – Final words
As we prepare for a future where autonomous vehicles assist society in many aspects of everyday life, it is important that the automotive industry prioritizes cybersecurity for all of their vehicles, and ideally, with the help of governments and other private sector entities with vested interests.