Why Cyber Security Is No Longer Optional in the Automotive Industry

The auto industry is full of exciting disruptions, but one risk is lurking in the shadows. Here are some reasons why cyber security is going to be absolutely critical for cars in the future.

The automotive world is changing.

After decades of slow and gradual technological advancements, the industry is now reshaping its future at a pace we have never seen before. We can see it in all aspects – from investments and M&As, to R&D and hiring decisions.

As part of the change, the ADAS (Advanced Driver-Assistance Systems), connectivity and digitalization of the vehicles are stepping to the front line and becoming the customers’ main consideration when purchasing a new vehicle. With these, as a persona non grata in any computerized connected system, come cyber security threats – this is why cyber security systems are becoming a critical enabler to the revolution in the industry.

Cyber security by itself is not an extra feature consumers expect to get in their car, it is rather something they expect to have as a standard, just like seat belts or any other safety elements. Actually, most consumers are not even troubled by cyber security threats to their car – they take it for granted that the car is safe whether it’s connected or not. Based on that, cyber security will have to become an embedded, integrated part of every vehicle, just like security is embedded in any PC or organizational network today. There will be just one major difference – a vehicle is a critical piece of infrastructure travelling at high speeds, and as such, it must be secured like one. That means the highest level of security and reliability.

Connected Cars

Connected, internet accessible cars, also mean new targets for cyber criminals who are always happy to find new revenue streams. We can expect to see them getting inspiration from the IT world, applying attacks such as wide ransomware attacks similar to the one we have recently witnessed attacking the healthcare system in the UK and many other targets. Or, they might try more focused APTs (Advanced Persistent Threats) to gain financial benefits.

Think about getting into your car in the morning only to realize that the car cannot be turned on, and then receiving a message telling you to pay $300 for it to be unlocked. Wouldn’t you pay? Or worse – it might happen while you are driving…

Autonomous Vehicles

In addition, autonomous driving will change the level of trust people put in their vehicle. Their expectations from the vehicle behavior will shift as well, as the focus moves from hardware performance to software performance. When we are driving a vehicle today, we are the ones controlling it, but once the vehicle will drive itself, we might feel quite miserable when the software is malfunctioning.

Ownership and Business Models

The technology change will also drive change in the car ownership model, from “car as a product” to “car as a service”, and thus the attacks on the fleets can be more centralized. An attack on a fleet can neutralize the companies operating these fleets, and even put them out of business – so not only the OEMs or suppliers are damaged, but also the fleet operators (Uber, Gett, or any others that pop up).

Insurance

The shift in business and ownership model, from B2C to B2B, will also drive a significant change in the insurance models, as car accidents will be drastically reduced, and cars will be mostly held by big fleet companies. In this case, the physical insurance by insurance companies will be minimized and eventually disappear, and the insurance will focus more on data breaches and operational downtime, or accidents as a result of bugs or hacks. Who will be held responsible for an accident as a result of a bug or a system failure? This question is still open…

Revenue Channels

The revenues of the industry, which are today mostly based on hardware sales (cars and parts), will change and will be based more on digital or data based service revenues, which highlights the importance of cyber security, data security, and privacy in the automotive domain. Any breach of data might lead to a serious damage to the brand and its profitability.

R&D Centers

Finally, the automakers will have to adapt to the rapid changes, and start operating more like software companies than hardware manufacturers. Today, many OEMs and tier-1s are already opening R&D centers in technology hubs like Silicon Valley or Israel, and this trend will accelerate as we move forward

The Future is Unknown

These are just some of the changes we will face in the industry in the next decade, and no doubt they will dramatically change the current landscape, as some players will disappear, others will merge, and new giants will arise.

It is hard to predict where exactly we will be in 5 or 10 years, but we surely have a very exciting journey ahead!

**SheeldS, previously known as Arilou