Automotive Cybersecurity

Vehicles in particular will require specialized cybersecurity as their autonomy increases.

Keeping Control of the Wheel   By David Geer   in ACM

The rising need for cybersecurity will trigger investments over the next few years. We expect to see the market grow from US$4.9 billion in 2020 to US$9.7 billion in 2030, with software business representing half of the market by 2030," according to "Cybersecurity in automotive: Mastering the challenge," a 2020 market study by global management consulting firm McKinsey & Company.

The study "Automotive Cybersecurity Market: the Development of Autonomous Cars and Other Notable Growth Drivers," by market intelligence firm Infinity Research, identifies the market forces advancing automotive cybersecurity as including:

The development of autonomous vehicles with wireless connections.

The increasing number of in-vehicle electronic control units and their wireless connections.

Regulatory mandates and standards targeting the cyber-safety of vehicles and data .

Nobody wants criminal hackers in the driver's seat. "Much of the motivation to implement enhanced security systems stems from advances in in-vehicle capabilities. Progress in these internal capabilities includes Advanced Driver Assistance Systems (ADAS). These systems necessitate heightened computer control over sensitive actuators (drive by wire, including steer by wire, throttle by wire, and brake by wire)," says Josh Siegel, assistant professor of computer science and engineering at Michigan State University (MSU).

According to the 2021 HSB Cyber Car Tech Survey by cyber risk insurer HSB Group, more than a third of U.S. consumers say they are concerned about the cybersecurity of connected cars. Another third say they fear a computer virus, hacking incident, or other cyberattack that could damage or destroy their vehicle's data, software, or operating systems.

To MSU's Siegel, growing hacker expertise suggests automotive cyberattacks are unleashed by criminal hackers with malicious intent, and not just discovered by researchers to bring vulnerabilities to light. There have been targeted hacks turning vehicles into espionage devices at military bases and disabling engines, so the individual has to take other transportation to work, says Siegel. "I assume that nation-states or well-resourced entities are executing these attacks," says Siegel.

The 2021 Global Automotive Cybersecurity Report by connected vehicle cybersecurity provider Upstream Security, found that malicious blackhat hackers last year carried out 55% of automotive cyberhacks to disrupt business, steal property, and demand ransom. Whitehat hackers and researchers, including those participating in automotive bug bounty programs, performed 38.6% of hacks, the report says. Bug Bounty programs pay white hat hackers a reward or "bounty" for finding critical vulnerabilities in an organization's software.  ... '