Chapter 1: Why Automotive Cybersecurity?

Chapter Overview

The goal of this chapter is to provide the background of my journey into the Automotive Industry and the path I took to recognize the challenges faced by the automotive sector from the lack of Cybersecurity. I also introduce the APMA (Automotive Parts Manufacturing Association) & the APMA CSC (Cyber Security Committee). We go through the CSC’s main objectives and how it has played a critical role in enabling the awareness of cybersecurity at a global level. Also, I detail the creation of Vehigilla Inc. to address the challenges in the operations side of the Automotive sector. I have also included the importance of the Automotive sector in the current world economy and how much it can impact global prosperity. Finally, I have enumerated the readers who can benefit from reading this book.

Background

Although, I had been exploring cybersecurity relating to Connected & Autonomous Vehicles (CAVs) for some time, I got a truly remarkable challenge and a great learning opportunity to explore this area as the Co-Chair of the Cyber Security Committee (CSC) of the APMA (Automotive Parts Manufacturing Association) Canada. I was someone whose only interaction with a vehicle had been to buy an awesome car and then enjoy the drive in it. I had no previous detailed knowledge of the components and the processes that made such an amazing machine work. Also, my main exposure to the engine of any car that I had owned was to open the hood to add wiper fluid to it. Thus, my knowledge of the inner workings of vehicles was minimal.

However, as a Cybersecurity professional for the last 20 years, I had always understood the critical need to fully comprehend any eco-system that required protection from cyber-attacks and other cyber incidents. This eco-system might be a single computer, a corporate network, an entire Data Center, a Payment system Cardholder Data Environment (CDE), or in this case, an eco-system built around a connected vehicle. This led me on a journey to understand the modern vehicle, i.e., the Connected Vehicle (CV) and the soon to be ubiquitous, the Autonomous Vehicle (AV), also known together as the Connected & Autonomous Vehicles (CAV). My book is the result of this journey.

APMA CSC

I first became familiar with the term Automotive Cybersecurity in mid-2018 when I started interacting with Colin Dhillon at the APMA. As the Chief Technology Officer of APMA, Colin was also leading APMATEC, the Auto-tech arm of APMA. Our discussions centered upon the lack of awareness and the need to advance Cybersecurity in the Automotive sector in Canada. We discussed various ways of addressing this challenge and our discussions led to the formation of an APMA Cyber Security Committee (CSC) at the beginning of 2019. This committee was Co-Chaired by Colin and myself. It’s core objective being to make Canadian automotive companies competitive in a globally changing environment by enhancing the awareness of Cybersecurity in the Canadian Automotive sector and providing guidance on enabling Cybersecurity in the automotive organization.

Below is the original mission of the Cyber Security Committee (CSC) of the Automotive Parts Manufacturing Association (APMA):

"The CSC would assist with providing guidance and best practices to Canadian automotive part suppliers. To help support the safety/security culture by providing best practices throughout individual organizations. Our companies and organizations need to understand how cybersecurity risk affects a company’s bottom line and can drive up cost and affect revenue. CSC should provide its expertise in determining the best practice for securing not only the products being manufactured within a factory, but the buildings, its employees and all IoT equipment. The threat is real and our factory floor systems, the engineering offices are all weak links in safeguarding technical/intellectual property information.

We are laying the foundation for a safety/security culture. CSC will look to provide a governance model framework, a scorecard and what could be best described as a 'toolkit.'"

Throughout 2019 and 2020, the APMA CSC worked towards enabling a culture of cybersecurity in the automotive sector. A major initiative was the APMA Cyberkit 2.0, which provided a roadmap for automotive organizations to enable cybersecurity. We also had cybersecurity panels in APMA’s annual conference in 2019 and then had our own Cybersecurity conference later in that year. Later, a toolkit came out which included modules on ISO 21434 Self-Assessment (Authored by me), V2X, Hardware Security and OT Security. Finally, during the COVID-19 pandemic, APMA CSC took on a leadership role and delivered webinars to help the APMA membership to address the new cybersecurity challenges. These webinars covered a range of important cybersecurity topics such as Work-From-Home Cybersecurity, Manufacturing Cybersecurity, and Cloud Security.

Establishment of apmalAC

The APMA Institute of Automotive Cybersecurity (apmalAC) was founded in May 2020 during the COVID-19 crisis to further the journey of the Automotive sector towards a Cybersecure mindset. Since we started the journey through the APMA CSC, and during COVID-19 Work-From-Home, it became clearly evident that organizations needed more guidance on enabling cybersecurity in their environment. The creation of apmalAC was a direct result of this appreciation.

apmalAC had four pillars:

  • Governance: Enabling Governance Frameworks in the field of Automotive Cybersecurity
  • Assessments: Using Assessments against specific Governance Frameworks to highlight and understand the gap
  • Education: Furthering the knowledge of Automotive Cybersecurity
  • Technology: Enabling new technological solutions to meet the challenges of Automotive Cybersecurity

apmalAC also launched the Cyber Mobility Awards, which were the first global awards to recognize achievements in Automotive Cybersecurity. These were awarded in October 2020 to celebrate the month of Cybersecurity awareness, the awards were greatly acclaimed throughout the Automotive sector.

Establishment of Vehiqilla Inc.

Vehiqilla³ Inc. was founded in June 2020 to address the dearth of companies concentrating on automotive cybersecurity. Although, there are many companies concentrating on providing generic cybersecurity services, they are all focused on the specialized needs of cybersecurity in Connected & Autonomous Vehicles (CAV).

Vehiqilla provides a range of cybersecurity services across the entire spectrum of cybersecurity requirements for the automotive sector. These include Cyber Governance, Vehicle Incident Management, ECU / APP Security Assessments, V2X Security, Penetration Testing & Vulnerability Assessment. However, at its core, the company operates the Vehiqilla application. One component of the Vehiqilla application is the Vehi-SOC module that has been developed to provide real-time cybersecurity monitoring of fleets of CAVs and forms the underlying foundation of the company’s Vehicle Security Operations Center (VSOC). Another major component of the Vehiqilla application is the Vehi-Assure Program, which focuses on enumerating the cyber risks inherent in the electric and electronic components of the CAV. Extensive research has also been started on the Vehi-Protect range of products, which focus on protecting the data-in-flight from the vehicle.

Establishment of GSMC

The journey continues with the establishment of the Global Syndicate for Mobility Cybersecurity (GSMC) in mid-2021. The Global Syndicate for Mobility Cybersecurity (GSMC) is an independent and impartial not-for-profit global organization focused on advancing mobility cybersecurity by bringing together all forms of transportation (of people and goods) through unified security, privacy, and cyber-safety transformation. GSMC will be the centralized global hub, working collectively with multiple jurisdictions on:

  • Global Standards & Regulations
  • Public and Private Partnerships (P3s)
  • Academic Research and Cyber Innovation
  • Cyber Workforce

GSMC SECTORS

Survive & Thrive in a Connected World through Cybersecurity Resilience

  • Automotive
  • Marine
  • Aerospace
  • eVTOLs
  • Railway
  • Micro Mobility
  • Mining
  • Submerged Vessels
  • Space

Industry Recognition

During the last few years, I have been able to work with various industry stakeholders to further automotive cybersecurity. This includes participating in various panels, conferences, podcasts & webinars to enumerate the challenges we face as a society if we do not address automotive cybersecurity. I was invited as a contributor to several workshops arranged by regulatory bodies such as Transport Canada⁵ & ENISA⁶ (European Union Agency for Information Security). I was truly humbled when all this effort was recognized by Automotive News Canada⁷ when this respected auto sector publication named me among its 2020 All-Stars as a Cybersecurity Champion. Another such moment came at the end of 2021 when APMA awarded me the prestigious Donald S. Wood Award for being a Cybersecurity Leader in the automotive sector. I am truly thankful to both APMA and Automotive News Canada for recognizing the importance of Automotive Cybersecurity and ensuring this critical message is heard across the sector.

Aim of this Book

This book aims to educate two different types of audiences about Automotive Cybersecurity. The first group is those who have been working in the automotive field and for whom Cybersecurity is a new learning curve. This group already understands automotive terminology, especially when it comes to Connected and Autonomous Vehicles (CAV), but has no knowledge of Cyber concepts. The second group is composed of Cybersecurity Subject Matter Experts (SMEs), like myself, who might have years of Cybersecurity experience but are not aware of the nature of the Automotive Sector and the components that together create the modern vehicle. Thus, the intended audience of this book are all stakeholders involved in building the "new" Automotive industry and making it cyber resilient.

Some examples of the roles in the Automotive sector who might benefit from insights in this book are:

  • Chief Executive Officers (CEO)
  • Chief Financial Officers (CFO)
  • Chief Operating Officers (COO)
  • Chief Information Officers (CIO)
  • Chief Information Security Officers (CISO)
  • Information Technology Managers
  • Vice Presidents (Information Technology)
  • Vice Presidents (Information Security)
  • Information Security Managers
  • Cybersecurity Managers
  • IT Security Managers
  • Research & Development Managers
  • Innovation Managers
  • Automotive Technology Entrepreneurs
  • Automotive Industry Association Executives
  • Supply Chain Management executives
  • Information Security Auditors
  • Cybersecurity Architects
  • Vehicle Security Architects
  • Vehicle Security Managers
  • Fleet Incident Managers

What is the Automotive Industry?

Today, there are almost one and a half billion cars and light trucks around the world. Every year, more than 90 million new vehicles are added to our roads. This leads us to the question of who exactly is involved in enabling this flow of transportation in our society and how to define the automotive industry in today’s world.

The term "automotive" was created from Greek "autos," and Latin "motivus" to represent any form of self-powered vehicle. This term was proposed by SAE (Society of Automotive Engineering) member Elmer Sperry and first came into use in 1898.

The automotive industry covers a broad range of companies and organizations engaged in this sector. These include organizations involved in the design, development, manufacture, marketing, and selling of motor vehicles, motorcycles, and mopeds. However, the term automotive industry generally does not include industries dedicated to the maintenance of automobiles following delivery to the end-user, such as repair shops and motor fuel filling stations.

It is one of the world's most important economic sectors by revenue and is critical to the economy of many developed countries. As per Behzad Saberi⁸ in International Robotics and Automation Journal

"According to the world association of car manufacturers "OICA" in 2017, 73.4 million cars and 23.84 million trucks were produced in the world. According to international estimates, the average annual turnover of the world automobile industry is more than 2.75 trillion Euro, which corresponds to 3.65% of world GDP. In the automotive industry over the last ten years (2007-2017), there was a 25% increase in production. Cars are one of the world’s largest export products, surpassing oil revenues. For example, world car exports by country in 2016 were estimated at 698.2 billion US dollars. The industry is also a major innovator, investing more than 84 billion euros in research, development, and production."

The above excerpt shows that the automotive sector plays a critical role in the economies of many countries. Indeed, for developed countries, the share of the automobile industry in the GDP ranges from 5% to 10% if the consumption of output from related industries is included.

The below table shows the production statistics for 2020 given by OICA (International Organization of Motor Vehicle Manufacturers).

The COVID-19 pandemic has had a significant impact on the production of vehicles worldwide. However, as we come out of the pandemic, the automotive sector will continue to be a driver for job creation, job growth, innovation, and economic prosperity for the global economy.

Automotive Industry & this Book

This book is meant for all stakeholders of the coming wave of new CAVs. We already have millions of Connected Vehicles on our roads, but soon these will become ubiquitous. In addition, Autonomous Vehicles are being tested by many companies and before long, driverless vehicles will start getting deployed in several jurisdictions. Thus, everyone involved in the rollout of these vehicles as well as their operations, maintenance, and disposal will need to comprehend the security & safety of these vehicles. This includes policy makers, regulators, engineers, OEMs, dealers & distributors, maintenance workers, fleet owners, insurance companies, municipalities, and indeed, the "driver" of the CAV. Only by ensuring this detailed understanding of the Cyber realities of our Connected Vehicles, will we benefit from this transformation in Mobility.

What you Learned in this Chapter

This chapter was aimed at clarifying the following:

  • My journey into Automotive Cybersecurity through the creation of APMA CSC, apmalAC, Vehigilla Inc., and GSMC.
  • The aim of this book, i.e., to educate the Automotive sector about Cybersecurity and to educate the Cyber SME about the Automotive sector.
  • The intended readers of this book.
  • The importance of the Automotive Sector for the growth of the current world economy.

Reference

  • https://apmaiac.ca
  • https://vehiqilla.com/
  • https://gs4mc.org/
  • https://tc.canada.ca/en
  • https://www.enisa.europa.eu/
  • https://canada.autonews.com/
Last Updated: