This post results from the project “Automotive Cybersecurity”(ACS) within the Munich Cyber Security Program (MCSP) The MCSP is a cooperation project between Champlain College and ComCode (Germany). This project focuses on cybersecurity topics for connected cars.
A major point of interest this week was exploring perspectives: that of OEMs, tiered suppliers, media outlets and consulting organizations. There was a sea of information to navigate, and countless opinions that sometimes contradicted each other. Information goes back to the early 2010’s for the most part, but the majority of my findings were from between 2020 and 2022. From all my research, I have six key takeaways:
- Automotive cybersecurity is rapidly growing (both in terms of market share and relevancy)
- Automotive cybersecurity isn’t limited to the OEMs, it impacts/is relevant for the entire supply chain
- Only a small portion of involved companies (less than 10% according to most sources) are adequately prepared to face new regulations, standards and threats
- Most organizations cannot afford the necessary coverage, given the current state of the automotive market
- Regulations and standards such as UN-R-155 and ISO/SAE 21434 are the best ways to uphold proper security practices and mitigate threats
- If companies aren’t proactive in their cybersecurity approach, they will lose more money later than they are saving now
These findings should act as a wake-up call for all who are involved in the industry. When considering the perspective of OEMs and manufacturer’s, entering into this new world of connected vehicles is an upheaval of what has long been considered an industry focused on safety. Now the need for security is gaining ground and is on pace to match safety as a priority for automakers within just a few years.
Consulting companies are in agreement when it comes to the impact of automotive cybersecurity—the stakes are high and rising for OEMs, suppliers, and manufacturing equipment suppliers, among others. In addition to the consulting articles, multiple cybersecurity partnerships have been formed between OEMs, suppliers and cybersecurity firms. Two of the most notable include C2A’s partnership with the automotive platform AUTOSAR (OEMs and Tier 1 suppliers), and the EU’s CCAM Partnership (also consisting of OEMs and Tier 1 suppliers).
C2A Security is an Israeli-based in-vehicle cybersecurity company started in 2016—their partnership with AUTOSAR (AUTomotive Open System ARchitecture) emphasizes the need to secure ECUs within a vehicle. AUTOSAR partners with major tiered automotive suppliers such as Bosch and Continental. Additionally, OEMs such as the BMW Group, Volkswagen Group, Ford, and GM, among others are also members. AUTOSAR is a “standardized software framework for intelligent mobility” according to their homepage.
The CCAM Partnership is a recently established international organization that focuses on the connected and autonomous vehicle industry, grouping together relevant parties for cooperative progress. The goal of CCAM is “to accelerate the development of new technologies and their deployment in real life” according to their website.
Considering these partnerships, the findings of consultancies, and an increase in media attention, it’s clear that automotive cybersecurity is becoming a priority for more people. Moving forward, I’ll be exploring more market topics and am planning to interview some industry experts on their perspective. Stay tuned for future updates, and explore other projects between the Munich Cybersecurity Program and Champlain College’s Leahy Center for Digital Forensics and Cybersecurity.
–Written by Parker Soares ‘24 //Computer Networking & Cybersecurity