Getting from point A to point B used to feel like a chore. But now, as we saw at CES, drivers and passengers can turn mundane car journeys into more engaging experiences.
The 135K+ attendees gathered at this year’s show were treated to several automotive demos and launches which have the potential to transform our time on the road, including services systems..
However, increased connectivity creates new cyber risks, and consumers will only take advantage of these hi-tech features if they can trust the safety and security of their vehicles…
Connected car security risks
Fears around cyber safety in the automotive industry are not without merit. In fact, connected vehicles operate on millions of computer codes which (if not secured properly) could be hacked and the consequences of this could be far-reaching – from brakes being disabled on busy roads to personal or company data being stolen.
We also need to consider the fact that connected cars have multiple IDs to access all the different features and services. But at the same time as helping to make our journeys better, these IDs are significantly expanding the attack surface area and increasing risk.
These data exchanges and digital identifications need to be protected by secure communications, both on board and off board. This is where Thales Trusted Key Manager comes in – generating, storing, distributing and managing cryptographic keys used for the encryption and decryption of digital IDs, ensuring that only authorised parties have access to these keys.
Security cyber standards in the automotive industry
No one is disputing that there is a growing demand for increased cybersecurity in the automotive industry – and we are starting to see some positive regulatory change.
For example, in recent years the United Nations Economic Commission for Europe issued a new regulation (UN Regulation No. 155) for vehicle Cyber Security Management System – covering risk and security assessment, threat detection, and vulnerability monitoring over the entire vehicle lifecycle.
The automotive industry responded positively by announcing a mandated cybersecurity standard (ISO/SAE 21434) that applies not only to car manufacturers, but to all vehicle cybersecurity suppliers. Those certified have proven that they offer solutions with the highest level of security – helping to support ongoing industry innovation in automotive connectivity and digitisation.
Cyber security of the IoT
In the modern age, vehicles are connected to a cellular network. Automotive-grade embedded SIM cards (eSIM) provide global connectivity for intelligent vehicle systems. As a result, the GSMA has introduced new specifications (the IoT SAFE initiative) to address the cyber security of the IoT.
IoT SAFE stands fro “IoT Sim Applet For Secure End-to-End Communication” and the initiative is designed to secure IoT devices and address IoT cloud security. This is achieved by leveraging the IoT SIM card: the industry-recognised tamper-resistant elements of eSIM, SIM and, more recently, iSIM.
Security-by-design
Incoming regulations support a ‘security-by-design’ approach which makes sure security is a crucial objective at all stages of product creation and deployment. All industries should be getting on board with this approach – but in the automotive sector, where people’s personal and physical safety is at risk, this is non-negotiable across the supply chain.
At this year’s CES, we’ve seen a glimpse of what the future of mobility could look like. But it can only become a reality through continued commitment to a security-by-design approach and regulatory evolution.
Find out more here: