Technology Automotive cybersecurity in a changing world – 4 key insights for car makers November 28th, 2022 The evolution of connected car services and the software-defined car continues to pick up speed. The rise of automotive connectivity and complexity comes with an enormous potential for car makers, connected car service providers, and certainly drivers too. Without automotive cybersecurity, however, none of that potential can be tapped into. So, how do we do that, and set ourselves on the right course for the future? In a changing world and digital environment, what are the most important things that car makers need to know about automotive cybersecurity? The connected car – from driver performance to digital performance Automotive cybersecurity refers to the processes and technologies that ensure the safe and secure operation of connected cars. Everything that happens within this vast field is a reflection of larger societal and technological transformations. Cars will soon be just as defined by their software as their hardware. In the beginning, there was essentially a horse cart with an engine. Along came electronics and microprocessors, turning it into the technology-supported car, where drivers suddenly had safety and support systems at their disposal. Around the turn of the millennium, we saw the birth of the connected car. Instead of being their own, separate products, cars started to become part of a digital service ecosystem. Cloud technology and over-the-air (OTA) updates began to enable connected car services for drivers at a pace and scale few could have imagined. What we are seeing now is yet another evolutionary step: the personalized car, where connected transportation meets the driver’s digital identity. It is difficult to overstate the impact this will have on car usage, and the potential it presents for car makers. As more and more channels intertwine, however – connected cars, connected infrastructure, cloud services, smartphones and other personal devices – the issue of cybersecurity is no longer merely important, but critical. With this in mind, how can the automotive industry meet the demands and challenges related to automotive cybersecurity? Here are four key insights that car makers need to take into account in order to stay successful. 1. Connected cars are data centers on wheels Connected cars are not mobile computers or servers, but rather data centers where increasingly huge amounts of complex data are processed, sent,and received, from a growing number of sources. Connected car services, new as well as existing ones, must not only be completely secure upon deployment, but for as long as they remain in operation – thus for years, or well over a decade. There is no singular solution to making this work. Instead, it is crucial to have an array of actions and measures in place: security-by-design, zero trust architecture, encryption, robustness, to name some. Security-by-design must be the foundation of your automotive cybersecurity infrastructure; a main ingredient in all of your connected car services, not icing on the cake. 2. Automotive cybersecurity legislation is becoming increasingly strict and mature Legislation around automotive cybersecurity is becoming increasingly strict and mature globally. In 2021, the United Nations introduced the UNECE (United Nations Economic Commission for Europe) resolutions no. 155 and 156. These regulations address the risks related to connected cars and automotive cybersecurity, and we should expect that most countries will ratify them. In addition to these global standards, a growing number of national standards are emerging as well, with China being the most notable example. Simply put, car makers will have to live up to ever-stricter cybersecurity standards if they want to access key markets and stay competitive. Driver privacy must be ensured at all times, and there need to be appropriate risk management and detect and response capabilities in place throughout the connected car ecosystem. This goes for the car makers themselves, but crucially also for their entire supply chains, including WirelessCar and other partners and service providers. 3. Automotive cybersecurity and software constitute a cultural shift, especially for well-established car brands Moving from mechanics and hardware to connectivity and software is not just a technological journey for car makers, but a cultural one as well. Today, automotive engineering is as much about digital services and cybersecurity as it is about physical functions and design. Security-by-design is a prerequisite not just for the software-defined car, but for each car maker’s ability to both attract new customers and retain customers over time. Many younger car companies have automotive cybersecurity in their DNA in a way most traditional car makers simply do not. Even tech companies, who also constantly work with cybersecurity matters, could have major advantages in this area, should they decide to break into the automotive industry. Well-established car makers may have a long and undeniably successful business history, but must provide state-of-the-art cybersecurity capabilities and solutions in order to remain attractive to drivers. That will require a cultural shift in the automotive industry: one that will not be easy for everyone, but critical all the same. 4. Human resources and expertise will determine car makers’ success in tomorrow’s automotive environment Automotive cybersecurity, like most aspects of connected car services and the software-defined car, largely boils down to the people of your company: the talent and expertise you acquire through recruitment, retraining, or both. Without the right people and expertise onboard, car makers will not just fail to keep up with the changing automotive environment, but cede the leadership role they could take. The automotive environment will continue to change, and only grow increasingly complex as it does. The car maker’s ability to prepare for and be at the forefront of this development will determine their position in it. Drivers will not tolerate insufficient automotive cybersecurity, and instead go with those who are innovative, attentive and ambitious in this field. WirelessCar as an automotive cybersecurity partner Being well-informed about automotive cybersecurity is a good start, but it must be followed by concrete action. Different car makers are at different stages in this process, which is fully understandable. At WirelessCar, we work with many different car makers on all matters related to automotive cybersecurity. Therefore, we know that certain needs and challenges are universal, while others are more specific to certain customers. Our work with connected car services began in 1999, and we have been a very active and innovative business partner ever since. And since we are, we can often provide the expertise and the services that by definition take a long time for car makers to acquire themselves. Through the partnerships we have with our customers, we also learn from one another, which in turn gives rise to new, even better connected car services. It broadens and deepens the car makers' knowledge, while at the same time allowing them to quickly take major leaps forward in their services and offers without having to reinvent the wheel. Automotive cybersecurity is a vast topic, and we will continue to cover it in upcoming articles. So keep following our WirelessCar Insights blog, and make sure to read our other articles on automotive cybersecurity and how to make the connected car services of the future. If you have any questions about our work with automotive cybersecurity, email me at Michael Shaffer. Michael Shaffer Head of Cybersecurity Contact