Cybersecurity in Automotive

Cybersecurity in automobiles is emerging as the new measure of quality, as the relative frequency of the
vulnerabilities related to connected, smarter devices are increasing continuously. In recent times,
security researchers clearly understood the technical susceptibilities of connected cars, everything from
infotainment systems, safety systems, and more. Countless software finds use in cars of today to get the
wheels moving, placing added importance for enhanced automotive cybersecurity.
At present, only narrow guidelines and standards exist for precise technical procedures to secure
software and hardware in vehicles, like secure communication or hardware encryption standards,
among the electronic control units (ECUs). Further, the consequences of failure for the systems
controlling the related vehicle-connected devices can be catastrophic as the potential targets are high in
number. Automobile manufacturers must increasingly implement improved cybersecurity measures
blurring the line between software and transportation to counter cybersecurity threats.
Radical Transformation in the Automotive Industry- Increasing Vulnerabilities in Connected Cars
The accelerated market requirements are triggering the complexities of the electronic systems for cars
to meet the increased need for occupants' safety and accident prevention. Such objectives get achieved
through electronic driver assistance systems like speed regulation, parking, lane detection, pre-collision.
Further, more comfort from the cars like memory seat adjustments, automatic cooling, performance
control, and automated tailgate opening, and more, along with improved infotainment systems like
voice assistant, Bluetooth, navigation, audio, is expected.
Moreover, in modern vehicles, the growing number of electrical components are reasons for further
technological advancements around automotive applications like chassis electronics and engine
transmission. Car manufacturers are also coming up with more value-added services which require
network connections like remote support, remote diagnostics, emergency calls, concierge, and internet
browsers. Such a large number of connected electronic components comes with increased network
connectivity among the electronic components, raising cyber-attack chances.
Modern cars need to offer a continuum to users meeting people’s needs to remain connected for
obtaining various information and interacting with the professional and social ecosystems. Rapid growth
in the electronic architectures of automotive, faster than other industries, is taking place to meet such
requirements. Moreover, opportunities associated with increased implementation of vehicle platooning
and MaaS, the increased application of storing and sharing automotive cloud data and software update
over-the-air, and increasing autonomy for advanced cybersecurity solutions can further augment the
market growth.
The software in the average high-end cars of today comes with 100 million code lines, higher than
Boeing 787 or Windows 7. Such a vast line of code leads to higher chances of vulnerabilities and
increased security issues that need to be dealt with by the car manufacturers. The global market is
experiencing rapid growth of connected cars per year, and the amount is likely to grow further soon,
increasing the hacking chances.
There are diverse reasons for software vulnerabilities, and it seems that big automotive project
management is not fully aware of the graveness and specifics of cybersecurity. Moreover, it appears
that software developers in the automotive sectors do not consider security issues from the start of such
a project. The top management of the automotive industry needs to be aware of the importance of
security and actively manage security policy, which poses a challenge for the automobile industry to
overcome cybersecurity threats.
Global Automotive Market Segmentation
The global automotive market finds segmentation based on region, vehicle type, and product type.
Further, product type gets further segmentation into Intrusion detection system (IDS) and Intrusion
Detection and Prevention System (IDPS). The IDS system observes the traffic breaking the rule and doing
malicious activities, and the IDPS system identifies the network's vulnerability spots to thwart various
possible attacks.
The IDPS segment is the pioneer in the global automotive cybersecurity market and accounted for the
majority market share in 2018, which is likely to continue its dominance over the forecast period. Such
growth will benefit the IDPS more than IDS, like arresting vulnerability exploits, blocking the foreign
codes, enforcing zero false positives, and not needing anti-malware updates, and more.
Further, the cybersecurity market based on vehicle type segmentation is commercial vehicles and
passenger vehicles. Robo taxis and automated and connected cars come under passenger vehicles, while
heavy buses and heavy trucks come under commercial vehicles. The passenger vehicles are currently
leading the global automotive cybersecurity market and are likely to continue the dominance over the
forecast period. 
However, commercial vehicles will likely find a higher growth rate over the forecast period between
2019 to 2029. The factors responsible for fueling the growth are increased necessity for reliable logistics,
large-scale vehicle platooning usage, increased number of autonomous and connected commercial
vehicles. Currently, the Asia-Pacific (APAC) region is leading the global automotive cybersecurity market 
Staying Ahead of The Cybersecurity Threats in Automotive
A robust security strategy across the globe requires an implementation to mitigate the challenges,
vulnerabilities, and threats. The process may not be easy, as the cybersecurity issue is not an old
problem in the automotive industry. However, since the technologies are maturing, and with the
availability of improved tools and the lessons learned, it can be easier to take proper measures to
implement cybersecurity measures in automotive industries also, like other industries.
Although reinventing the wheel is not necessary, a few unique characteristics of automotive industry
products need consideration. Unlike personal or commercial computers or IT networks, the automotive
industry requires vehicle operation and system and data components protection. Further, car lifecycles
are reasonably longer than conventional computer products that can impact the security processes like
software update strategies.
Therefore, it is imperative to establish a pertinent list indicating the best practices that automotive
industries need to respect, ensuring a secure design over a long period. Such best practices will reinforce
the complete security aspects keeping the final products safer. Implementation of multilayered security
measures can restrict the impact of malicious intrusion, and in the case of connected cars, such security
measures can mitigate cybersecurity risks to a large extent.
To thwart the surface attack and protect the most crucial assets of a connected car against various kinds
of threats, a few critical steps necessary are as follows:
 Use of COTS cryptographic mature products for segregating onboard network, data filtering, and
intrusion detection.
 ECUs hardening implementing the best practices like detecting services and interfaces used for
developing, during the car release or tradeoff between the software and hardware security
leveraging the defense-in-depth.
 Conducting regular cybersecurity evolution surveys in identical intelligent transportation
systems like the Aeronautics.
 Relying on diverse technologies to mitigate security monoculture through the proper application
of various measures to thwart propagation of attacks in critical components.
 Use of surveillance techniques towards maintaining security over time, like continuous
vulnerability management.