– The global market of connected cars is expected to grow by 270% by 2022 .
– The automotive industry is expected to dominate the demand for connectivity by 2023 .
ISO/SAE 21434 is a standard that provides cybersecurity engineering guidelines for all processes across different phases of a vehicle’s lifecycle.
These new features and systems require an increased dependence on software. While modern features, such as internet access, app-based remote monitoring and management, autonomous driving, and driver-assistance systems, were designed to increase user safety and convenience, they also add complexities and cybersecurity gaps to the whole automotive ecosystem.
For instance, every added feature, sensor, or connection needs to be supported by software in an engine control unit (ECU). The number of ECUs included in connected cars has increased over time, with some having more than 100 ECUs handling different functions, from the engine and powertrain to the brakes, suspension, and electronics subsystems.
Modern connected cars now share networks with mobile devices and have features that have more in common with computers than traditional automobiles. Unfortunately, the increased demand for connectivity — and the rapid pace of development to meet it — inevitably increases the number of exposed and vulnerable components.
Unlike computers, the majority of the connected cars currently in the market do not have over-the-air (OTA) software updates, nor were they designed or manufactured with cybersecurity in mind. This is a critical gap that the industry plans to secure.
Since 2018, over 80 organizations worldwide have participated in the creation of ISO/SAE 21434 “Road vehicles – Cybersecurity engineering,” which is a standard that includes a set of guidelines for securing high-level processes in the design, manufacturing, maintenance, and end-of-life phases of vehicles. While it does not focus on software development or detailing the cybersecurity infrastructure of car subsystems, it defines cybersecurity processes for the cars’ different development phases to fulfill safety level requirements.
Researchers have found a significant number of attack vectors in today’s connected cars. These modern vehicles are connected whenever they are within the range of a cellular network or via short-range radio frequency channels, much like how Bluetooth or Wi-Fi are usually enabled. Cybercriminals can abuse these existing and unpatched security gaps to intercept and steal information, disrupt the car’s normal functions, or even attack the users and endanger their lives.
Some of the current challenges and attack vectors include:
Researchers have published numerous findings documenting the techniques used to exploit security weaknesses and possible attack scenarios against connected cars such as:
The automotive industry is beginning to recognize the narrowing delineation of defenses required in the face of information technology (IT) and in-vehicle technology. And in realizing cybersecurity’s critical importance in connected cars and its related infrastructure, legislative changes could be expected after the implementation of the standard. ISO/SAE 21434 is meant to guide the automotive industry as it adopts more secure online and offline practices to ensure the safety of its users.
For more details and our insights on the standard’s guidelines, read “ ISO/SAE 21434: Setting the Standard for Connected Cars’ Cybersecurity .” The paper includes a summary of the standard’s sections and our recommendations for automotive manufacturers, suppliers, vendors, and mobility service providers.
Like it? Add this infographic to your site:1. Click on the box below. 2. Press Ctrl+A to select all. 3. Press Ctrl+C to copy. 4. Paste the code into your page (Ctrl+V).
Image will appear the same size as you see above.
In the first half of this year, cybersecurity strongholds were surrounded by cybercriminals waiting to pounce at the sight of even the slightest crack in defenses to ravage valuable assets. View the report
The upheavals of 2020 challenged the limits of organizations and users, and provided openings for malicious actors. A robust cybersecurity posture can help equip enterprises and individuals amid a continuously changing threat landscape. View the 2020 Annual Cybersecurity Report
uniccat uunicccm
