Cybersecurity and Its Growing Importance in the Automotive Industry

• What is Cybersecurity?
• Types of Cyber Attacks
• CIA Triad
• Application of Cybersecurity in Various Domains
• Cybersecurity in Automotive Industry
• Wrap Up

What is Cybersecurity?

In simple words, it means security from cyber threats. In this fast-moving world, everything is going digital, which also brings in the need to protect systems/data/networks from any possible cyber attacks. In this digital world, we are surrounded by technology and data, in the form of mobile phones, laptops, tablets etc., which provides immense scope for the possibility of a cyber attack, and the need to prevent them.

Now, I’ve already mentioned cyber attacks, but what does it mean? A cyber attack refers to an attempt by a hacker to gain authorized access to systems/information or even a network with the intention of harming the system to gain confidential information or even alter some data. Such attacks not only disrupt the business of an organization but also potentially cause harm to any user data stored by the company. In the recent decade, cyber attacks have become really common, with user data such as email or phone number or personal information registered and stored, for instance, to enhance user experience at a social media site. Now let us see the most common cyber attacks that take place.

Types of Cyber Attacks

Now what kind of cyber attacks can take place would be the next question. Here are the most common types of cyber attacks: 

Phishing: Phishing is basically fake mail received asking a user to open a link or an attachment, which can give an attacker access to confidential data. 

Malware Threats: An attacker can inject a virus into the system in response to a corrupted file or Pendrive or link in an email. 

Password attacks: An attacker cracks out the password of a user by some means like brute force method

DoS attacks: A DoS attack can happen when an attacker forces messages into a system/network to exhaust its resource, rendering it unavailable for further use.

Insider attacks: An insider attack is the type of attack caused by an insider of an organization and not by a third-party attacker.

Quick check – Programming Languages in Demand

CIA Triad

Now, any of the attacks mentioned above; utilized by a hacker corresponds to compromise in three basic attributes, also called as CIA Triad: Confidentiality, Integrity, and Availability. 

Confidentiality: Confidentiality refers to the security attribute where information/data is protected, so it is not disclosed. If sensitive data/information is disclosed/leaked, it implies that confidentiality of the data has been breached.

Integrity: Integrity refers to the security attribute where information has not been tampered with and retains the actual message without any modification. If any information/data has been tampered, then it can be said that the integrity of that information/data is compromised.

Availability: Availability refers to the security attribute where information is not available to the authorized users when necessary. If any information is required by an user, but not accessible, then availability of that information is said to have been breached.

This CIA triad is used to explore vulnerabilities/threats which becomes the basis of cybersecurity development. For instance, if there’s personal data associated with a system, it brings in threat of that data being hacked by a hacker. What this essentially means is that for such personal data, confidentiality of data is compromised, to prevent which, cybersecurity measures are applied to prevent its hacking.

Application of Cybersecurity in Various Domains

So far what we’ve seen about cybersecurity is generic. Lets deep dive into how exactly Cybersecurity is applied across various sectors. Banking sector, one of the sectors where cybersecurity plays a major role for obvious reasons. Banks hold confidential information relating to credit/debit card information/ money transfer/ private data, which makes it important to be secured.

Now, moving on to the health sector, another sector which is being increasingly digital to improve healthcare facilities. Attacks are also increasing in this sector to access/corrupt data where privacy relevant data of patients is at stake. An equally important segment for cybersecurity is in the defence sector, with attackers aiming to get confidential intellectual property/data that can be misused or copied. Coming to the IT sector, where enormous data is being used, data is being stored in the cloud, IT is a part of every sector directly or indirectly, making cybersecurity a crucial part. As evident from examples above, cybersecurity has really made its mark, from banking to IT, from medical to defense, from entertainment to energy embedding its importance strongly in all sectors.

Cybersecurity in Automotive Industry

How does cybersecurity fit into the picture in the automotive domain? Like all data and information in our digital devices like phones, laptops and applications like emails, social media needs to be protected, similarly cybersecurity also needs to be applied in the automotive industry. 

The number of ECU’s in a vehicle has been increasing at a rapid rate to enable high end functionalities in a vehicle. Vehicles now come equipped with advanced sensors, radars, cameras etc to enable functions in cars such as traffic sign recognition, occupant detection. Not to mention, the use of artificial technology in vehicles to provide the best user experience. Vehicles have surely come a long way, with vast development in electric and autonomous self driving domains

Before going into detail, here are a couple of articles which provide a glimpse of why cybersecurity has become mandatory in recent years. 

• Researchers Charlie Miller and Chris Valasek show how they hacked Jeep Cherokee remotely to an extent that they could even kill the engine. And this led to Fiat Chrysler recalling 1.4 million cars due to safety concerns.

• US automaker General Motors suffered a data breach due to credential stuffing attack which left customer’s private information exposed.

• Two researchers have shown how Tesla can be hacked by the use of drones and without requiring any user interaction.

With the growing need to have cybersecurity in vehicles, now there are also regulations to verify if a vehicle is cybersecurity complaint. UNECE has defined a set of regulations for cybersecurity, under UNR155 that automakers must meet. The gist of the regulation is to make sure that any vehicle on road, have already evaluated cybersecurity threats, and secured the vehicle accordingly; in addition to monitoring and responding to security attacks/threats across the vehicle fleets. [Source]

A similar suite is also being adopted by Japan and Korea requiring manufacturers to also consider cybersecurity in the lifecycle.  

Apart from regulations, International Standard Organization (ISO) has also come up with a standard, ISO 21434 which defines how cybersecurity activities are to be carried out, during development, production and post production. [Source]

Wrap Up

Hence, Cybersecurity has been gaining increasing importance in the automotive industry, with the primary goal to prevent any possible cyber attacks on a vehicle; and is definitely one sector that is going to expand in the future as well.