Cybersecurity has become a major topic of research because of the number of cyberattacks that have happened over time. With cyberattacks on private networks, governments in every field going bonkers, the latest industry to be hit by this security threat is something that has caused major concerns. While the nature of the industry doesn’t seem to be an obvious victim to cyber threats, it certainly shows that no one can escape from this dominion of dangers.
Automotive industry is the industry that has become the latest victim. Advanced communications and safety features are what automakers focus on as connected car data security becomes a key in this game. But this is the same reason for facing so many risks in Cybersecurity. Data shows that there is a sharp rise in the number of automotive cyber attacks. In fact, by 2030 the number of lines of code, in about 150 electronic control units, is expected to be 300 million.
Regulators are now working on improving connected car data security as they have begun to take action to address the growing vulnerabilities and cyber attacks. To improve automotive cybersecurity and software update management, the United Nations Economic Commission for Europe(UNECE) is working on many regulations. There have been regulations set up that require manufacturers to implement measures:
- Manage vehicle cyber risks
- detecting, responding to security incidents
- providing secure software updates, ensuring that vehicle safety is not compromised
- securing vehicles by design to mitigate risks along value chain
Latest regulations define the automotive cybersecurity requirements to approve vehicles based on types like cars, vans, trucks, buses and the certificate of compliance for Cyber Security Management System(CSMS). It refers to the system that supports the manufacturer’s cybersecurity which includes every process, personnel, activity that secures the vehicle.
Basic regulations worldwide have been broken down to three main phases:
- Assessment – scoping, evaluation of status
- Implementation – define risks, people, tools, finalization of organization orchestration
- Operations – monitoring, evaluation, continuous processes
In light of the global pandemic and shifting to remote work, automakers must remotely work with UNECE cybersecurity regulations for vehicles to ensure compliance. The UNECE has made it possible to carry out assessments, review existing setups, conduct interviews with internal experts, perform a gap analysis remotely.
It has now also facilitated the setting up of organizational, processes and management systems remotely. UNECE has also allowed to technically implement process automation solutions and CSMS technologies on a remote basis. Because of the increase in cyberattacks on vehicles and risks, standard procedures and international regulations are mandated by industries.
Hence automakers from affected countries must now become more compliant with new standards of UNECE and adapt to new technologies and work conditions. Technological changes within the industry are complex and automakers should align with international regulations and standards for connected car data security practices. Thus higher level of cybersecurity can be attained in the automotive industry space.