Why do we need cyber security in the automotive industry?
Before we look at why we need cyber security in the automotive industry, we need to first define cyber security.
Cyber security commonly refers to the safeguards and actions that can be used to protect the cyber domain, both in the civilian and military fields, from those threats that are associated with or that may harm its interdependent networks and information infrastructure. Cyber security strives to preserve the availability and integrity of the networks and infrastructure and the confidentiality of the information contained therein.
(European Commission 2017)
A cyber attack is therefore an attack using computers, undermining the integrity and availability of networks and infrastructure and the confidentiality of information that resides on it.
Advancement in vehicle features requires more connectivity that needs to be protected from cyber attacks. Unfortunately, many components in modern-day vehicles are designed with little consideration of cyber security as their prime requirement. Many known vulnerabilities can be exploited by the attackers to launch attacks.
Some may say that when the automotive industry was growing, vehicle hacking was not considered and the focus was on developing fast, comfortable and safe cars. Security was not investigated at an advanced level and there was no legislation forcing manufacturers to build highly secure vehicles.
As cars are getting more interconnected with other vehicles and the environment around them, the security threats continue to increase. The ideas of connected and autonomous vehicles and intelligent transportation are fascinating but risky. The communication between vehicle-to-vehicle/vehicle-to-infrastructure needs confidentiality, integrity and availability (CIA). CIA is discussed in Week 2.
Reflecting on the point about vehicle connectivity being inevitable and the associated increase in security threats, share your thoughts on the following question:
If the software of a vehicle cannot be updated because it does not have remote updates enabled and instead needs to be taken to a service centre or car garage, whose responsibility is it if the outdated software causes an accident?
European Commission (2017) Commission’s Top Scientific Advisers Publish Opinion on Cybersecurity in the Digital Single Market [online] available from https://ec.europa.eu/research/index.cfm?pg=newsalert&year=2017&na=na-240317 [29 October 2019]
© Coventry University. CC BY-NC 4.0