Given the dramatic increase in the sale numbers of new electric vehicles (EVs) and the deployment of charging stations, it is clear that the automotive industry is undergoing a revolution.
In 2022, EV sales as a percentage of global car sales surpassed 10 percent for the first time. By 2025, electric and hybrid vehicles are expected to capture 30% of the global market share, significantly impacting the global landscape in 2023 and beyond.
EVs will change the world as we know it, and not just in the mobility space.
Along with the benefits of increased connectivity, the EV ecosystem also presents novel challenges to cybersecurity, creating new opportunities and potential targets for cyber threats.
Vehicle manufacturers and their supply chains are required to comply with stringent, recently implemented international and local security regulations — without compromising on the production schedules of new vehicles.
IT security has been a central issue in the past decade, and, in recent years, has become part of mainstream conversation.
This field will develop even more rapidly among car manufacturers and mobility companies wishing to expedite the product release process while maintaining accepted standards of data security and software development.
We can expect several key cybersecurity trends to influence the industry, the business sector and consumers.
1. Regulation, regulation, regulation
UN regulation WP.29 R155, which went into effect in July 2022 for new vehicles, puts the liability and ownership of vehicle cybersecurity, throughout the supply chain, directly on carmakers (OEMs).
In July 2024, that regulation will force carmakers to have visibility into their entire fleet — new and older models. Carmakers and major suppliers are already under pressure from international and local regulators, without affecting vehicle production schedules. They must adapt cybersecurity capabilities throughout the supply chain and ensure that all vehicle models comply with the regulations.
In the meantime, the US National Highway Traffic Safety Administration, the European Union Agency for Cybersecurity and the Auto-ISAC organization have published guidelines for recommended working methods for industry leaders. Manufacturers must take steps now to ensure that their fleets will be in compliance with all these regulations.
2. Risk management
The regulatory push, coupled with the goal of staying competitive and profitable, is directing carmakers to a mindset of risk management.
Consumers and regulatory authorities will expect carmakers to be at the forefront of cybersecurity as more and more consumers understand that they are in essence driving a computer on wheels.
While it is impossible to negate every risk, or fully protect a vehicle against malicious attacks, managing that risk will be ever more important — not only to meet regulatory and market demands but also to prevent actions such as the $200 million fine recently leveled on Hyundai and Kia after they failed to take adequate measures to protect their fleet.
3. Automated DevSecOps are a necessity
The digital transformation of the automotive industry will necessitate the widespread adoption of DevSecOps (development, security, operations) solutions.
DevSecOps will be mandatory in order to create flexible and efficient product development cycles, with security embedded in the early stages by design.
This new approach will provide developers with the creative freedom to focus on advanced products and features and enable companies to innovate at a faster pace, remaining competitive without compromising on security and quality.
In addition, the era of software-defined vehicles inherently requires a company to manage large-scale software and to support its thousands of employees with a streamlined, efficient cybersecurity team that relies on automated DevSecOps.
4. The talent gap
A shortage of cybersecurity experts will drive the automotive industry to leverage automation to address security threats.
Software solutions are becoming an essential part of the automotive industry. Like computers, electric vehicles require relevant cybersecurity protections.
However, according to a recent (ISC) 2 Cybersecurity Workforce study, the global cybersecurity industry currently faces a shortage of 3.4 million professionals. This shortage will compel companies to rethink how they handle security and adopt innovative solutions based on increased automation.
5. Charging stations: hot target for hackers
The prevalence of electric vehicles requires charging stations to become a critical part of global infrastructure. This includes installing stations in public areas, outdoors, and in underground parking lots.
The charging station itself is just the external layer of a complex and sophisticated ecosystem.
Connected to the vehicle on one side, the other side of these charging stations is connected to the power grid — a critical infrastructure requiring dedicated security controls and protocols.
6. Building trust with consumers
Consumers expect rich in-vehicle experiences, with 1-click subscription, voice commands, in-vehicle payments for gas and food, integrated EV navigation with charging stations, and more.
All of those require that the vehicle store personal identifiable information (PII), including credit card details, thus increasing the incentive for malicious security attacks. In their path towards becoming mobility companies, carmakers will need to build that level of trust with consumers, similar to the trust Tesla owners or iPhone users have.
In conclusion, this is definitely an exciting time to be in automotive!
Roy Fridman is the CEO of C2A Security, a provider of automated cybersecurity solutions for connected, autonomous and electric vehicles.
Editor’s note: A previous version of this article appeared on January 29 and was updated on June 6 to reflect rapidly changing trends in the EV security field.