The Business Impact of Weak Security for OEMs

TEAM UPSTREAM

December 10, 2018

Tesla’s recent lawsuit against a former employee for stealing confidential information has given many OEMs a much-needed wake-up call: Attacks can come from anywhere.

On top of remote attacks or ransomware, OEMs are at risk of telematics data center breaches, intellectual property theft, or DDoS attacks. They are exposed to both individual vehicle and fleet-wide hacks, and not just from strangers. Insiders with a grudge to bear could cause even more damage than clever external hackers, especially as they could have privileges that allow them access to sensitive information and controls.

OEMs are under an increasing amount of pressure to be one step ahead. As the impact of security begins to take its toll on the way the public view businesses, and regulation races to catch up with reality, what changes should manufacturers be making to stay protected?

Last May, the Financial Services Committee in the US held its third Congressional hearing in less than a year on the safety and security of connected and autonomous vehicles. There are four separate bills currently going through Congress attempting to legislate this sector more stringently, one of which hopes to create a Driving System Cybersecurity Advisory Council. If successful, they will sit directly in the Department of Transportation and establish the standards and controls that car manufacturers must adhere to when they deploy connected vehicles of all kinds.

The Business Impact of Weak Security for OEMs

Whichever regulation becomes law, one can assume that it will have a considerable amount of control to act in the interests of consumer safety. The National Highway Traffic Safety Administration already has almost carte blanche control over taking vehicles off the road in cases of safety risks. The infamous Jeep Cherokee hack, where 1.4 million vehicles had to be recalled, is a good example of this.

The threat of industry liability is a real one, yet regulatory compliance is one area that fleets and OEMs can get ahead of. Whatever rules are put into place, having visibility into your entire data stream is going to be essential.

A recent example of the importance of data is a proposed rule put forward by the San Francisco Municipal Transportation Authority which states that police can access the logs of any autonomous vehicle without a warrant if it has been involved in an accident.  t the data center is vital, as you can have end-to-end fleet visibility of any connected entity. This puts you ahead of the curve when it comes to finding answers and meeting regulatory guidelines.

With the fears surrounding connected vehicles, car manufacturers need the tools to educate consumers about vehicle safety and security

As IoT becomes all-pervasive, consumers are increasingly worried about the ability of hackers to access vital controls on their vehicles such as brakes and headlights, or break into mobile applications that allow them to steal vehicles or misuse them. Perhaps unfairly, the make up 98% of new cars sold by 2020, we anticipate this lawsuit being far from the last of its kind. It’s becoming increasingly important to protect OEMs and create the tools they need to keep their 5-star public image, as well as to respond quickly and proactively to any electric vehicle security issues.

Being able to quickly and efficiently provide insights is essential

This reality makes one thing crystal clear- An increasingly complex automotive landscape that includes dozens of third-party data streams, cars in varied stages of production both on the road and off, and attackers who come from external and internal sources- needs a new type of security. In the case of a car cyber-attack, accurate facts and analysis about its root cause and effects can be a strong foundation for regulatory compliance, as well as the difference between a devastating blow to your public image and a swift recovery.

This visibility can only be found by utilizing a single source of truth that shows you every part of the smart mobility ecosystem. This includes partners that are higher up in the value chain such as TSPs, cloud-computing solutions and mobile apps, and aftermarket integrations too. Real-time alerts can give you a heads-up to any anomalies or breaches, so that you can provide evidence for compliance, and where necessary, both educate and reassure consumers.

Newsletter Icon

Upstream’s 2024 Global Automotive Cybersecurity Report

Newsletter Icon

Subscribe
to our newsletter

Stay up-to-date on the latest trends, emerging risks, and updates

The GenAI Arms Race is Here

Listen to this blog Your browser does not support the audio element. The Automotive and Smart Mobility Ecosystem is entering a new era of GenAI,…

Read more

Upstream Participates in TISAX, Accelerating Customer Onboarding & Ensuring Data Protection

Listen to this blog Your browser does not support the audio element. In the fast-evolving landscape of the automotive industry, ensuring robust information security practices…

Read more

Revving Up Safety: UN Regulation R155 Now Covers Motorcycles

Listen to this blog Your browser does not support the audio element. On Jan. 26, the UNECE decided to include motorcycles, scooters, and electric bicycles…

Read more

NIS2 Directive’s Impact on the Smart Mobility Ecosystem

Listen to this blog Your browser does not support the audio element. The NIS2 Directive, expected to become mandatory in October 2024, aims to significantly…

Read more