Just when you thought it was safe to get back in the EV.
In terms of quality, global automotive cybersecurity programs represent a mixed bag. There are major differences across the automotive industry value chain.
Malicious software attacks can begin in a supplier's internal systems. They then extend to a service providers' networks and loop back to the car manufacturer's corporate network.
US network experts at Cisco Systems said that while hackers primarily target high-value car manufacturers, the threat extends to all participants in the value chain. Suppliers, dealers, and other stakeholders are also at risk because of network attacks.
Dystopian
EV Engineering said that by intercepting and manipulating genuine signals, hackers can achieve full control over an EV's controller area network (CAN), focusing on regenerative braking, ADAS, and crucial powertrain elements. These assaults have the potential to induce abrupt acceleration or halts, thermal runaway incidents, and misinterpretations in pedestrian detection, it added.
The key issue lies in the complexity of the entire automotive supply chain and the incomplete nature of cybersecurity defense systems. For hackers, finding vulnerabilities and exploiting them is relatively easy and can lead to significant disruption.
Automotive industry attacks have been on the rise in recent years. When hackers attacked electronic component suppliers in February 2022, Toyota was forced to halt production of 13,000 vehicles.
In April 2022, General Motors (GM) was attacked. Hackers leaked customer data and reward points from gift cards. Despite security measures, Continental was attacked by hackers who stole some data from its information systems.
In the first half of 2023, Tesla was targeted. The assailants seized partial control over several of the vehicle's functions.
Internet-connected vehicles carry around 12 key attack vectors, and each vector has multiple entry points, including various control devices, safety in driver-assistance areas, transmission, and communication systems. Charging infrastructure is an EV's Achilles heel for potential attacks.
As Germany's Center of Automotive Management (CAM) explained, the risk will continue to rise. As software-defined cars, electric vehicles, self-driving cars, and networked supply chains become more prevalent, the risk of cyber threats continues to increase, it said.
The letter of the law
Recent European cybersecurity regulations have forced many popular older European models out of the market. Upcoming Chinese models will likely be affected by the new regulations.
Supply chain operators say those wanting to expand into Europe must do their homework. This includes obtaining the necessary qualifications such as ISO 26262 and 21434.
Chinese car manufacturers wanting to take their wares to Europe need to make sure they are up to standard.