Cybersecurity in the automotive industry: new challenges and solutions
Technological change in the automotive industry, which is being driven by the integration of connectivity, automation and electrification, not only opens up new opportunities, but also brings with it considerable challenges in the area of cybersecurity. Cyber attacks on cars and their infrastructure are on the rise, and the industry is facing new threats and vulnerabilities.
Increase in cyber attacks
The number and complexity of cyber attacks on the automotive industry have increased dramatically in recent years. According to the 2024 Global Automotive Cybersecurity Report by Upstream Security, the number of large-scale cyber incidents in 2023 increased 2.5-fold compared to 2022. These attacks often target telematics and application systems, with 43% of attacks occurring in these areas.
A worrying trend is the increase in attacks on infotainment systems, which almost doubled in 2023 and now account for 15% of all attacks. These systems offer an extensive target, as they are often connected to the Internet and other vehicle components throughout the in-vehicle network. In addition, almost 65% of activity on the deep and dark web related to the automotive and smart mobility ecosystems was reported in 2023.
A particularly serious example of the growing threat is the CAN injection attack, which has become a preferred method among vehicle thieves. Attacks like this enable control commands to be sent directly to the vehicle’s electronics, allowing security measures to be bypassed.
Influence of AI
Artificial intelligence (AI) plays a dual role in the field of cybersecurity. On the one hand, AI is used by cybercriminals to automate and optimize attacks. On the other hand, it also offers powerful tools for defense. Modern AI-supported security systems can analyze large amounts of data, detect threats in real time, and take proactive measures to ward off attacks.
The use of AI in the field of cybersecurity in the automotive industry has therefore become indispensable. According to VicOne’s report, activity on the deep and dark web related to automotive and smart mobility ecosystems has increased by 165%. This development underlines the need to implement advanced AI-supported security solutions.
Vulnerabilities in EV charging stations
With the increasing spread of electric vehicles (EVs), the importance of charging station security is also growing. This infrastructure is an attractive target for cyber attacks as it is often connected to the power grid and other critical infrastructure. Attacks on charging stations can not only disrupt operations, but also compromise security-relevant data.
The study by Upstream Security shows that EV charging stations are increasingly being targeted by cybercriminals. Securing this infrastructure requires comprehensive cybersecurity measures, including the regular assessment of risks and the implementation of protection solutions.
Strategies for improving vehicle security
- Regulatory compliance
Compliance with regulations such as UN R155, which defines security measures for newly manufactured cars, is essential. These regulations come into force in July 2024 and aim to increase vehicle security. UN R155 places requirements on manufacturers’ cybersecurity management systems (CSMS) and demands that security risks are continuously assessed and managed. - Cybersecurity management systems (CSMS)
Implementation of CSMS is crucial in order to continuously identify and manage security risks. These systems should be updated regularly to meet the latest threats. According to VicOne, companies must continually invest in developing processes, organizations and talent to effectively implement cybersecurity. - Safety awareness and training
Cybersecurity training for employees and partners is essential. Companies can only respond effectively to attacks if they have a comprehensive understanding of threats and best practices. Training programs should be updated regularly to reflect new threats and technologies. - Investments in technology
The use of advanced technologies such as AI and machine learning can help detect and combat threats at an early stage. These technologies make it possible to analyze security incidents in real time and take automated defensive measures. By integrating technologies such as these into their security strategies, companies can strengthen their defense mechanisms and be better prepared for future threats.