Adrian Johnson
TLDR:
- The automotive industry is experiencing a digital transformation driven by the introduction of electric and connected vehicles, which brings new cybersecurity challenges.
- Automakers are taking steps to address cybersecurity challenges, including conducting risk assessments, implementing regular software updates, and involving suppliers in the security process.
- Vehicle manufacturers integrate cybersecurity into the design and development process by securing their operation technology and addressing threats in the manufacturing process.
- To protect connected and electric vehicles against cyber threats, automakers should take a proactive approach, conduct risk assessments, develop security policies, and implement network security measures.
- Regulatory bodies play a role in shaping cybersecurity standards, but the responsibility for securing products lies with individual players in the automotive supply chain.
- Consumers should ensure the cybersecurity of their electric or connected vehicles by asking the right questions, downloading official software from trusted brands, and staying informed about cybersecurity best practices.
Yaron Edan, CISO at REE Automotive, discusses the cybersecurity landscape of the automotive industry in an interview with Help Net Security. Edan emphasizes that the introduction of electric and connected vehicles has brought new cybersecurity challenges to the automotive industry. He highlights that advancements in technology, such as Over-the-Air (OTA) updates, remote management, Advanced Driver Assistance Systems (ADAS), and AI, have expanded the potential avenues for cyberattacks.
To address these challenges, automakers are taking steps to strengthen cybersecurity in their latest vehicle models. One of the key challenges is in the supply chain, where automakers need to understand and manage risks related to software providers. Automakers are conducting risk assessments, involving suppliers in the security process, and administering regular software updates to patch vulnerabilities and improve product performance.
Vehicle manufacturers integrate cybersecurity into the design and development process by securing their operation technology (OT) policy. This involves understanding and closing gaps in OT systems, which are different from traditional IT systems. Manufacturers need to address unique threats coming from product lines, sensors, and other equipment involved in the manufacturing process.
To protect connected and electric vehicles against cyber threats, Edan recommends a proactive approach. Automakers should conduct risk assessments, develop company-wide security policies, hold regular security training, implement strong network security measures, regularly backup critical data, develop an incident response plan, and conduct periodic security audits.
Regulatory bodies play a role in shaping cybersecurity standards for electric and connected vehicles, but the responsibility for securing products lies with individual players in the automotive supply chain. Regulatory bodies provide guidelines and best practices for automakers to follow in the event of a cyber hack. Compliance with regulatory rules often involves onsite visits and audits by regulatory bodies.
Consumers also have a role to play in ensuring the cybersecurity of their electric or connected vehicles. They should be aware of the data collected in their vehicles and take measures to protect their privacy. This includes asking the right questions when purchasing a vehicle, ensuring software is regularly updated, and staying informed about cybersecurity best practices.
