Chapter 4: Cybersecurity Challenges in CAVs

Chapter Overview

This chapter explores the cybersecurity challenges that have manifested themselves by the development of Connected & Autonomous Vehicles (CAVs) and the conditions for enabling a secure and protected environment for CAVs. Many of these cybersecurity challenges are unknown as CAVs are still in their early developmental and experimental phase. However, the current cybersecurity gaps must be identified and need to be mitigated before CAVs can be safely and securely deployed in large numbers on our roads. Cyber SMEs can start by studying the In-Vehicle architecture and securing it. In addition, cyber domains related to effective operations of the Vehicle including cybersecurity monitoring of CAVs and incidence response protocols for breaches must also be investigated. In addition, a holistic approach should be outlined that evaluates the overall needs for Governance, Risk & Compliance for a CAV eco-system. Finally, the Cyber SME must also explore V2X security and determine the cybersecurity requirements of this new area of Automotive Cybersecurity.

Automotive Cybersecurity Defined

The transformation in the automotive sector towards enabling more technology in vehicles have been underway for almost a decade. This has meant more connectivity & automation for vehicles leading to the development of Connected & Autonomous Vehicles (CAVs). These vehicles pose unique cybersecurity challenges for all stakeholders of the vehicle. However, the current definition of cybersecurity does not fully address all aspects of automotive cybersecurity as it is only narrowly focused on Information Technology (IT) employed in any enterprise such as a financial institution, a Telco environment, or the head office of a manufacturing company. A more holistic definition of "Automotive Cybersecurity must be specified that encompasses all aspects of "people, processes & technology" involved in the CAV eco-system. Having a well-articulated definition of Cybersecurity shall ensure that a better understanding of the Cyber risks to CAVs are enumerated. These are the Cyber risks that are exhibited by the adoption of this new technology and identifying the current cyber gaps in the CAV technology ecosystem.

Based on the above, Automotive Cybersecurity can be defined to encompass all the below:

AUTOMOTIVE CYBERSECURITY DEFINED

Figure 9 Automotive Cybersecurity Defined

IT (Information Technology) Security: This is the traditional understanding of "Cybersecurity", also sometimes known as Information Security, and includes the controls within an enterprise that protect data and the flow of data for that organization. IT security is not only applicable in a manufacturing environment but also needs to be implemented in non-manufacturing environments such as Financial Institutions, Telcos, Government Organizations, Retail, and any other entity running information technology (IT) systems.

OT (Operation Technology) Security: OT Security is critical for any manufacturing environment. This discipline of Cybersecurity is focused on enabling security of Industrial Control Systems (ICS) such as SCADA, DCS and PLCS. Besides