Cybersecurity and automotive: a profound change is taking place in the automotive industry due to the growing interest of users in smart mobility and the connected car market. In Italy, in particular, the data are particularly optimistic: according to what is reported in 2021 the Global Automotive Consumer Study, 71% of Italian consumers say they are in favor of the idea of increasingly connected vehicles, against 46-44% in the United States, 42% and 33% in France and Germany. An elaboration by the Autopromotec Observatory also reports that by 2025 connected vehicles should represent about 70% of those in circulation. The automotive world is facing a digital transformation that will soon see vehicle choice influenced by the quality of the user’s digital experience.
Smart mobility and connected cars are therefore the future (and present) of the industry: vehicles destined to be increasingly connected and inserted into a smart city system, where they will be able to communicate and exchange information with public mobility, with other private cars and with manufacturing companies through connectivity infrastructures for data exchange, which include 5G and cloud platforms. A “smart city” that we are already building thanks to electric mobility and shared mobility: according to the Smart & Connected Car Observatory of the School of Management of the Politecnico di Milano, 87% of public administrations consider smart mobility to be of great importance in this area and 39% of users have used a shared mobility service at least once, especially car sharing (21%).
To ensure that this communication between vehicles, companies and users can take place efficiently and safely, there is a need for a specific cybersecurity for connected vehicles. 2022 will be a decisive year for cybersecurity in Europe: in June the Unece R155 regulation, approved by the European Union, comes into force, which defines the cybersecurity obligations for automotive companies. Car makers will be required to comply with these rules to obtain the homologation of a car in the European Union.
“Connected cars are now a reality. Therefore, cybersecurity experts will increasingly have to collaborate constructively with vehicle manufacturers and with the supply chain relating to the vehicular world, in order to guarantee the use of these technologies, connectivity and functions in complete safety “. To underline this is Gianluca Cerio, Technology Project Manager Leader of Teoresi, an international engineering services company that designs cutting-edge solutions throughout the automotive supply chain, from prototyping to the engineering of systems installed on board the vehicle.
Thanks to its transversal skills, Teoresi is able to deal with information technology (Information Technology) present in the vehicle, as well as with aspects relating to the engine and brakes (Operation Technology): the aim is to collaborate with companies and ensure the user the best experience from a performance and security point of view.
In order for the smart mobility market to develop and for increasingly efficient and reliable connected cars to be placed on the market for end buyers, automotive cybersecurity passes through 3 fundamental steps. These are also the main challenges that car makers, alongside partners like Teoresi, will have to face in the near future. Just starting from 2022.
1 – Adaptation to the legislation in force from 2022
Having legislation that is always applicable, with high levels of safety, is a necessity. For this purpose, the Unece wp.29 homologation standard was born, the result of a United Nations World Forum for the harmonization of cybersecurity in the vehicular sector. The Unece R155 regulation, approved by the European Union, will come into force in June 2022 for newly approved vehicles and in July 2024 for all other vehicles produced, defining specific cybersecurity obligations for automotive companies. It will apply to all member states and companies that want to market their vehicles in these countries will need to make sure they comply with the regulation. Strengthening collaboration with cybersecurity experts who know the legislation in detail will therefore become a priority for companies in the automotive sector.
2 – Attention to user safety
The legislation provides that, in order to guarantee the user’s safety, the most probable threats to the system are identified in the TARA (Threat Analysis and Risk Assessment), the possible damage assessed and their extent judged. Safety parameters include safety, vehicle operation, user privacy and financial damage. The standard provides for a risk analysis and management procedure, also evaluating to what extent the damage can be prosecuted and with what ease. A very important aspect: the TARA analysis accompanies the vehicle throughout its life cycle, from development to production, up to the post-production phase when it is still in circulation although no longer in production.
3 – Safety for the whole system, not just for the connected car
A connected car is immersed in a system and therefore communicates with a back-end: the cybersecurity management process, therefore, cannot only deal with vehicle management. Cybersecurity involves securing the entire back-end, typically made up of the servers that manage the vehicle, the servers that allow OTA updates and the servers that manage the user systems to interact with the car (such as the most common ones mobile phone app). The user’s privacy will become increasingly important in order to safeguard his personal data (driving style, places visited, conversations, contacts).
While the physical security of a vehicle is undoubtedly one of the main factors for buyers today, cybersecurity will be a further differentiator between car manufacturers in the near future, influencing consumer choice. Like the investments in safety equipment, companies will increasingly work on security.