January 29

Electric vehicles are undeniably the future of the automotive industry and will have a heavy influence on the world in 2023 and beyond.

Within the next five years, the electric vehicle (EV) and charging station markets are projected to rise tremendously. Thirty percent of all vehicles sold globally are projected to be electric or hybrid by 2025.

EVs will change the world as we know it, and not just in the mobility space.

However, with increased connectivity, the EV ecosystem is also impacting the cybersecurity threat landscape, cracking open new opportunities and potential targets for hacker innovation.

The 9 top trends driving electric vehicle security in 2023
C2A Security CEO Roy Fridman. Photo courtesy of C2A Security

Consumers will want to know more about how their vehicles are protected when making decisions about which vehicle to purchase. Since a cyberattack could impair a vehicle’s ability to operate safely, IT security is no longer about stolen data but could also relate to real-life danger.

The following list highlights some of the leading trends and cyber risks that will affect the industry, the business sector and consumers.

1. The hyper-connected intelligent car: hackers’ new target

The hyper-connected world of IoT will continue to evolve in 2023. Cars are becoming increasingly more complex and the demand for autonomous, environmentally conscious, 5G connected vehicles are soaring.

With the alternatives to traditional motor vehicles requiring enhanced connectivity, vulnerability to new cybersecurity risks is escalating. With the rise of 5G technology and the increasing number of connected electric vehicles, we will see more complex relationships between vehicles and their outer environments (V2X, – vehicle-to-everything) leading to increased cybersecurity threats.

2. Large, heavy vehicles will be the first attacked

Commercial vehicles (freight and commercial operation)are a backbone of the world economy. As technology continues to innovate the supply chain, we’ll see more and more autonomous, electric truck fleets hitting the highways to meet the demands of a stressed logistics sector.

Their electronic systems are increasingly digitized, boasting hundreds of lines of code and complex, vulnerable software systems. Moreover, their connectivity to the cloud tremendously expands the potential cyberattack surfaces.

Hackers will target fleets, especially with ransomware, because that is where the money is.

3. Shortage of cybersecurity experts will drive new ways to handle security

Software solutions have become an essential part of the automotive industry, and like any computer, connected EVs need relevant cyber protection.

However, the global cybersecurity industry is short 3.4 million workers, according to the recent (ISC)² Cybersecurity Workforce Study. This lack of cybersecurity professionals will force companies to rethink how they handle the situation and adapt innovative solutions based on intense automation.

4. Charging stations: hotbed for hackers

The introduction of completely electric vehicles requires charging stations to become a part of critical infrastructure globally, including public, external and underground parking lot stations.

Put simply, the charging station is just a front for far more complex, intricate infrastructure. Though it is grid-connected, the most vulnerable point is its backend, a central control unit (CCU) that essentially turns the station into an IoT-connected device.

Through the CCU, the station can communicate using a machine-to-machine wireless network. It manages data collection, including location and demographic data like email addresses, credit cards, and IP addresses that are of particularly high value to cyber hackers.

Because many OEMs and utility companies manage EV charging payment via an app on mobile phones, the attack surface could even extend to data collected by your cell phone, including location data and online behavior history.

5. Danger in the infotainment system

Apps are becoming more and more common in vehicles. These apps can gain permission to use vehicle assets and sensors, which leave the vehicle with an extended cyberattack surface.

In addition, the infotainment system in the vehicle acts as a connected device and can create vulnerabilities resulting in malicious attacks. Using open-source packages is also part of the application development, exposing part if not all of the applications to a potential attacker.

6. Digital transformation of automotive industry will mandate DevSecOps

To create agile and efficient development cycles for the software-defined vehicle while embedding security at an early stage, the adoption of DevSecOps will become a requirement. (Editor’s note: DevSecOps is a trend in application security where security is introduced earlier in the software’s development.)

This new approach will give developers creative freedom to focus on innovative products and features, help organizations innovate faster, and be competitive, without compromising on security and quality. 

It also means being able to manage software at scale in the software-defined vehicle era, supporting an organization of thousands with a lean and mean cybersecurity workforce that relies on true automotive DevSecOps.

7. Growth and transformation of ridesharing

One of the ridesharing trends of 2023 includes the increasing electrification of ridesharing fleets and their connectivity. This is something we have seen before.

Last September, an unknown hacker managed to trick the systems of the largest taxi service in Russia, Yandex Taxi, to send dozens of cars to the same address, causing a traffic jam in the center of Moscow.

Users of ridesharing apps will start demanding that operators make sure the fleet is secured and well-protected. 

8. Autonomous delivery vehicle services

Autonomous delivery services will be impacted by cyber hackers, causing daily delivery delays, potentially serious traffic jams, and vulnerability to cyber hackers.

Even today we are seeing creative ways these attackers are affecting autonomous delivery fleets with the most recent example coming from Amazon. Amazon delivery drivers — gig workers outsourced by the company — penetrated the scheduling system and re-routed deliveries so they didn’t reach their final destinations. In the coming year, expect to see many more incidents like this.

9. Cybersecurity compliance: driving a shift to new strategies

It’s a time of change in the automotive industry. OEMs, Tier-1s, and industry suppliers are under pressure from international and regional regulators to incorporate new ISO 21434 standards and WP.29 R155 regulation without impacting vehicle development timelines — requiring them to scale cybersecurity capabilities across the supply chain and ensure compliance in new vehicle models.

Meanwhile, the United States NHTSA, ENISA in Europe, and member trade association AutoISAC have issued best practice guidelines for industry leaders to follow. Manufacturers and suppliers will prioritize cybersecurity as a safety issue in a way that they have not before.

The new regulation is offering an opportunity for cybersecurity teams to do away with old practices and implement a more methodical, systematic approach to cybersecurity across all organizations.

Roy Fridman is the CEO of C2A Security, a leading provider of automated cybersecurity solutions for connected, autonomous, and electric vehicles.