Automotive Cybersecurity Trends

Cybersecurity Trends

• The automotive industry is undergoing a profound transformation, with advancements in connected and autonomous vehicle technologies, electrification, and shared mobility services.
• These changes bring unique cybersecurity challenges, making the field of automotive cybersecurity highly dynamic.
• Here are key trends in automotive cybersecurity from today (2024) through 2030:

Reference(s):

Rusch, Paul (2024, May 2). Autonomous Vehicle Cybersecurity: An overview. CYRES Consulting. https://www.cyres-consulting.com/autonomous-vehicle-cyber-security-overview/

The importance of cyber-security in autonomous vehicles (AVS) and some potential methods of enhancing security. SWForum.eu. (2023, July 5). https://swforum.eu/online-sw-forum/cyber-physical- systems/23/importance-cyber-security-autonomous-vehicles-avs-and

Increased Connectivity and V2X Communication

• Trend: Vehicles are becoming increasingly connected, with Vehicle-to-Everything (V2X) communication linking cars to infrastructure, other vehicles, pedestrians, and networks. This opens vulnerabilities across multiple interfaces, requiring robust cybersecurity measures.
• Impact: Ensuring the security of communication protocols like DSRC (Dedicated Short Range Communications) and 5G / 6G will be critical to protecting against adversary-in-the-middle attacks, spoofing, and data manipulation.

Reference(s): B. M. ElHalawany, A. A. A. El-Banna and K. Wu, "Physical-Layer Security and Privacy for Vehicle-to-Everything," IEEE Communications Magazine, vol. 57, no. 10, pp. 84-90, October 2019, doi: 10.1109/MCOM.001.1900141.

Autonomous Vehicles and AI Cybersecurity

• Trend: The rise of autonomous vehicles (AVs) introduces new cybersecurity risks, as they rely heavily on artificial intelligence (AI), sensors, and software for decision-making. Securing AI systems against adversarial machine learning and ensuring software integrity will be key.
• Impact: The need for secure over-the-air (OTA) updates, real-time threat detection, and the development of resilient AI models capable of handling data manipulation or tampering will be at the forefront of AV cybersecurity strategies.

Reference(s): Sadia Yeasmin, Anwar Haque, Amir Sayegh. A novel and failsafe blockchain framework for secure OTA updates in connected autonomous vehicles, Vehicular Communications, Volume 43, 2023, ISSN 2214-2096, Retrieved from https://doi.org/10.1016/j.vehcom.2023.100658. (https://www.sciencedirect.com/science/article/pii/S2214209623000888)

Software-Defined Vehicles (SDVs) and Cybersecurity

• Trend: Vehicles are becoming increasingly software-driven, with frequent updates and new features being deployed post- purchase. Software-defined vehicles (SDVs) will dominate the market, but they increase the attack surface and introduce vulnerabilities that require constant patching.
• Impact: Need to focus on secure software development, DevSecOps practices, and incident response strategies for continuous software deployment. Emphasis on securing OTA update mechanisms will also be critical.

Reference(s): Xie, G., Wu, W., Zeng, G., Li, R., & Hu, S. (2021). Risk Assessment and Development Cost Optimization in Software Defined Vehicles. IEEE Transactions on Intelligent Transportation Systems, 22(6), 3675–3686. Revieved from https://doi.org/10.1109/

EV Charging Infrastructure Security

• Trend: The shift to electric vehicles (EVs) brings cybersecurity concerns related to the security of charging stations and vehicle- grid interactions. Vulnerabilities in charging infrastructure could be exploited for data breaches or even cause grid disruptions.
• Impact: Cybersecurity for EVs will need to focus on securing the vehicle-to-grid (V2G) communication protocols, preventing unauthorized access to EVs through charging points, and securing charging station infrastructure from cyberattacks.

Reference(s):

Sarieddine, K., Sayed, M. A., Assi, C., Atallah, R., Torabi, S., Khoury, J., Pour, M. S., & Bou-Harb, E. (2024). EV Charging Infrastructure Discovery to Contextualize Its Deployment Security. IEEE eTransactions on Network and Service Management, 21(1), 1287–1301. Retrieved from https://doi.org/10.1109/TNSM.2023.3318406

Parameswarath, R. P., Gope, P., & Sikdar, B. (2023). A Privacy-Preserving Authenticated Key Exchange Protocol for V2G Communications Using SSI. IEEE Transactions on Vehicular Technology, 72(11), 1–16. Retrieved from https://doi.org/10.1109/TVT.2023.3281371

Regulatory Compliance and Standards

• Trend: Governments and regulatory bodies are increasingly mandating cybersecurity standards for automotive manufacturers. Key standards like ISO/SAE 21434 (Road Vehicles Cybersecurity Engineering) and UNECE WP.29 (Cybersecurity and Software Updates) will play a larger role in vehicle development and lifecycle management.
• Impact: Emphasis on understanding and implementing global cybersecurity regulations, including certification processes for compliance with ISO/SAE 21434, WP.29, and similar standards.

Reference(s): Mathew, A. (2024). Secure Over-the-Air (OTA) Update Mechanisms for ADAS. International Research Journal of Innovations in Engineering and Technology, 8(4), 34–38. Retrieved from https://doi.org/10.47001/IRJIET/2024.804004

Threat Detection and Incident Response

• Trend: With the increase in vehicle connectivity and software complexity, there is a growing need for advanced threat detection and incident response capabilities in vehicles. Monitoring systems like Security Operations Centers (SOCs) for fleets and real-time telemetry-based threat detection will become commonplace.
• Impact: Developing automotive-specific intrusion detection systems (IDS), intrusion prevention systems (IPS), and secure telemetry will be key areas for cybersecurity professionals. Real- time monitoring, anomaly detection, and incident response tailored to automotive environments will be critical.

Reference(s):

Lampe, B., & Meng, W. (2023). Intrusion Detection in the Automotive Domain: A Comprehensive Review. IEEE Communications Surveys and Tutorials, 25(4), 1–1. https://doi.org/10.1109/COMST.2023.3309864

Jichici, C., Groza, B., Ragobete, R., Murvay, P.-S., & Andreica, T. (2022). Effective Intrusion Detection and Prevention for the Commercial Vehicle SAE J1939 CAN Bus. IEEE Transactions on Intelligent Transportation Systems, 23(10), 17425–17439. https://doi.org/10.1109/TITS.2022.3151712

Blockchain for Vehicle Security

• Trend: Blockchain technology is being explored for use in securing vehicle data, managing digital identities, and ensuring secure communication between vehicles and networks. It offers the potential to create tamper-resistant logs and enhance data privacy.
• Impact: Understanding blockchain applications in automobility, such as vehicle-to-vehicle communication, secure firmware updates, and distributed identity management, will be important for future cybersecurity professionals.

Reference(s): M. Kim, I. Oh, K. Yim, M. Sahlabadi and Z. Shukur, “Security of 6G-Enabled Vehicle-to-Everything Communication in Emerging Federated Learning and Blockchain Technologies,” IEEE Access, vol. 12, pp. 33972-34001, 2024, doi: 10.1109/ACCESS.2023.3348409.

G. Bendiab, A. Hameurlaine, G. Germanos, N. Kolokotronis and S. Shiaeles, "Autonomous Vehicles Security: Challenges and Solutions Using Blockchain and Artificial Intelligence," IEEE Transactions on Intelligent Transportation Systems, vol. 24, no. 4, pp. 3614-3637, April 2023, doi: 10.1109/TITS.2023.3236274

Privacy Concerns and Data Security

• Trend: As vehicles collect more data from drivers, passengers, and the environment, ensuring data privacy becomes a major concern. Regulations such as GDPR in Europe and other regional privacy laws will require automakers to safeguard personal and location data.
• Impact: The need to be familiar with data protection strategies, encryption methods, and privacy-by-design principles to ensure compliance with evolving privacy regulations while maintaining robust security practices.

Reference(s):

Stancke, J., Plappert, C., & Jäger, L. (2024). An automated consistency management approach for a privacy-aware electric vehicle architecture. Microprocessors and Microsystems, 109, 105074-. Retrieved from https://doi.org/10.1016/j.micpro.2024.105074

Supply Chain Security

• Trend: The automotive supply chain is complex, with multiple third-party vendors contributing hardware and software components. Vulnerabilities in the supply chain can lead to compromised parts being integrated into vehicles.
• Impact: Focusing on secure supply chain management, component validation, and third-party risk assessment will be crucial. Emphasizing secure procurement practices and the need for transparency in software bill of materials (SBOMs) will grow in importance.

Reference(s):

Zhang, X. (2022). Enterprise Supply Chain Risk Assessment Based on the Support Vector Machine Algorithm and Fuzzy Model. Security and Communication Networks, 2022, 1–7. Retrieved from https://doi.org/10.1155/2022/3692628

Cybersecurity in Shared Mobility and Fleets

• Trend: As car-sharing and ride-hailing services grow, shared mobility fleets will require heightened cybersecurity. These services often involve multiple users accessing the same vehicle, creating a larger attack surface.
• Impact: Developing strategies to secure vehicle access, authentication mechanisms, and user data across shared mobility platforms will be vital. Ensuring secure data transmission and privacy protection in fleet management systems will also be emphasized.

Reference(s):

Guo, S., Hu, X., Zhou, Z., Wang, X., Qi, F., & Gao, L. (2019). Trust access authentication in vehicular network based on blockchain. China Communications, 16(6), 18–30. Retrieved from https://doi.org/10.23919/JCC.2019.06.002

Quantum Computing and Future-Proofing

• Trend: Quantum computing poses a potential long-term threat to current encryption standards used in vehicle communication systems. Though still in its infancy, post-quantum cryptography will be an important area for future cybersecurity efforts.
• Impact: Implications of quantum computing on encryption and the need for research into post-quantum cryptographic algorithms to protect automotive systems in the future.

Reference(s):

Imran, M., Abideen, Z. U., & Pagliarini, S. (2020). An Experimental Study of Building Blocks of Lattice-Based NIST Post-Quantum Cryptographic Algorithms. Electronics (Basel), 9(11), 1953-. Retrieved from https://doi.org/10.3390/electronics9111953

Digital Twins for Security Testing

• Trend: Digital twins (virtual replicas of vehicles) are being used for testing vehicle security, simulating attacks, and performing vulnerability assessments. This allows for more thorough cybersecurity testing without compromising actual vehicles.
• Impact: The concept of digital twins and their application in automotive security testing, particularly for conducting simulated cyberattacks and validating security measures in a controlled environment.

Reference(s): C. He, T. H. Luan, R. Lu, Z. Su and M. Dong, "Security and Privacy in Vehicular Digital Twin Networks: Challenges and Solutions," IEEE Wireless Communications, vol. 30, no. 4, pp. 154-160, August 2023, doi: 10.1109/MWC.002.2200015.

Additional References

• Rusch, Paul (2024, May 2). Autonomous Vehicle Cybersecurity: An overview. CYRES Consulting. https://www.cyres-consulting.com/autonomous-

  vehicle-cyber-security-overview/

• Oka, D. K. (2024). Building Secure Automotive IoT Applications : Developing Robust IoT Solutions for Next-Gen Automotive Software (First edition.). Packt Publishing.

• Kyounggon Kim, Jun Seok Kim, Seonghoon Jeong, Jo-Hee Park, Huy Kang Kim. “Cybersecurity for autonomous vehicles: Review of attacks and defense”, Computers & Security,Volume 103, 2021,ISSN 0167-4048. Retrieved from https://doi.org/10.1016/j.cose.2020.102150. (https://www.sciencedirect.com/science/article/pii/S0167404820304235)

• Guirrou Hamza, Youssef Taher, Mohamed Zeriab Es-sadek, Amal Tmiri. "Cybersecurity in Autonomous Vehicles: A Comprehensive Review Study of Cyber-Attacks and AI-Based Solutions," International Journal of Engineering Trends and Technology, vol. 72, no. 1, pp. 101-116, 2023. Retrieved from https://doi.org/10.14445/22315381/IJETT-V72I1P111

• Giannaros A, Karras A, Theodorakopoulos L, Karras C, Kranias P, Schizas N, Kalogeratos G, Tsolis D. Autonomous Vehicles: Sophisticated Attacks, Safety Issues, Challenges, Open Topics, Blockchain, and Future Directions. Journal of Cybersecurity and Privacy. 2023; 3(3):493-543. Retrieved from https://doi.org/10.3390/jcp3030025

• Mordor Intelligence. (2024). Cybersecurity for cars market - Trends, size & share. Retrieved from https://www.mordorintelligence.com/industry- reports/global-market-for-cybersecurity-of-cars-industry

• RINF.tech. (2024). Top 10 automotive cybersecurity trends 2024. Retrieved from https://www.rinf.tech/top-10-automotive-cybersecurity-trends- 2024/

• Tata Elxsi. (n.d.). Securing the future of mobility: The role of cybersecurity in autonomous vehicles. Retrieved from https://www.tataelxsi.com/news- and-events/securing-the-future-of-mobility-the-role-of-cybersecurity-in-autonomous-vehicles

• Toptal. (n.d.). How machine learning can enhance cybersecurity for autonomous cars. Retrieved from https://www.toptal.com/insights/innovation/how-machine-learning-can-enhance-cybersecurity-for-autonomous-cars

• National Highway Traffic Safety Administration. (2016). Cybersecurity best practices for modern vehicles (Report No. DOT HS 812 333). Washington, DC: Author. Retrieved from https://www.nhtsa.gov/sites/nhtsa.gov/files/documents/812333_cybersecurityformodernvehicles.pdf

Cybersecurity Automobility Project Plan

Project Plan Proposal (10%):

• Organize into teams of five (5) maximum
• Propose a hypothetical scenario
• Submit a project plan for review (Week 7)
• Follow a project methodology and address the entire lifecycle of a project

Must include:

• Project Objectives / Scope
• Tasks
• Deliverables (Lessons Learned)
• Milestones
• Schedule

Assignment 1 (5%)

Title: Cybersecurity Assignment for a Connected Vehicle System Tasks (5):

1. Define Project Scope
2. Work Breakdown Structure
3. Timeline(GANTT)
4. Waterfall Schedule
5. Agile Schedue