2023 witnessed a surge in cybersecurity incidents within the automotive sector: major US automotive supplier victim to ransomware, Porsche Macan sales halting due to cybersecurity non-compliance, recurring hacker intrusions into infotainment systems at Tesla, Hyundai, Ford, and others. The trend continues into 2024, with a new focal point: the applicability of UN R155 and R156 to all vehicles, encompassing not only new models but also newly manufactured former models. Cybersecurity is evolving beyond a safety or operational concern for OEMs; it is now a compliance risk that demands attention. One essential pillar of regulation consists of managing risks adequately, timely and efficiently. Adequately, because the risks must be identified and assessed, including the complexity due to functions and components interactions. Timely, the risks must be continuously re-evaluated before and after production, to follow software changes and to adapt to the threat landscape. Efficiently, because risks mitigated via security controls must be tracked down along the development process, to ensure good implementation and alignment between theoretical artefacts and real residual in-vehicle risks. Unfortunately, many OEMs are not ready to deal with it. Poor methodologies associated with outdated tooling jeopardize the whole security chain. In this paper, we will discuss pitfalls, upcoming challenges for stakeholders in 2024 and how to build viable solutions for efficient vehicle security.
Session:
Poster
|