Automakers are offering greater connectivity features in new vehicles to make driving safer and more enjoyable. Ford, for example, announced last week that all its new vehicles sold in the United States will have connectivity features by 2019; for other major markets the automaker expects 90% of new vehicles to have connectivity features by the end of this decade. Other major automakers are also focusing on offering greater connectivity in vehicles driven by to growing consumer demand for features such as Wi-Fi hotspot, turn-by-turn navigation, emergency response notification, remote vehicle controls, telematics services and more.
According to an estimate by IHS Markit, there were more than 112 million vehicles connected around the world in 2016. In the United States alone, more than half of the new vehicles sold come equipped with connectivity features. With growing focus on connectivity, it is just a matter of few years when most, if not all, vehicles will be connected. The emerging trends such as vehicle-to-everything (V2X) communication, virtual personal assistant and autonomous driving are expected to result in strong growth in connectivity in the coming years.
Greater connectivity increases exposure to cyber threats
Greater connectivity features in modern vehicles has increased their exposure to cybersecurity threats like other device such as computers or mobile phones. Telematics and embedded modems are some of the most vulnerable attack surfaces for cybersecurity threat. Cyber hackers can gain access to a vehicle through its telematics control unit (TCU) through a cellular connection. In recent years, hackers have demonstrated the capability to remotely start and unlock vehicles.
Growing complexity of in-vehicle architectures also increases cybersecurity risks in vehicles. Today’s vehicles feature up to 100 electronic control units (ECUs) and more than 100 million lines of codes to control various complex functions, from the infotainment system to critical safety and powertrain functions. The ECUs are connected via an internal network. If hackers manage to gain access to a peripheral ECU, for instance, a cars Bluetooth or infotainment system, from there they can take control of safety critical ECUs for brakes or engines. The vulnerability also arises from the fact that automakers source these ECUs from different suppliers and no one player is in control of or even familiar with all of the vehicles source code.
There have been few instances of cybersecurity risk in the recent past. In July 2015, two ‘white hat’ hackers remotely took control of a moving Jeep Cherokee and turned off its transmission. The incident, later, led FCA to recall 1.4 million vehicles globally. Experts believe such cyberattacks could become more frequent in future unless automotive industry starts working proactively in the area of cybersecurity.
Government prods industry to develop strong cybersecurity solutions
Governments and regulatory bodies of many countries are coming forward to push automotive industry to work proactively in the area of cybersecurity. In December 2015, United States government enacted Cybersecurity Act of 2015, which establishes a mechanism for cybersecurity information sharing among private sector companies, including automakers and supplier, and federal government entities.
Last year, the United States National Highway Traffic Safety Administration (NHTSA) issued a non-binding set of guidelines on best practices for automotive companies to address cybersecurity challenges. The guidance focuses on layered solutions to ensure vehicle systems are designed to take appropriate and safe actions, and recommends identification and protection of critical vehicle controls and consumers’ personal data. It also expects automakers to consider full life-cycle of their vehicles and promote rapid response and recovery from cybersecurity incidents.
This year, in August, the UK government came up with guidelines for connected and automated vehicles, which require manufacturers of smart vehicles to put in place tougher cybersecurity system to protect vehicles from hackers. The guidelines expect developers of smart vehicles to build a robust security system that feature several stages, providing protection against hackers who can try to access information or control vehicle’s control hardware such as throttles and brakes.
Automotive industry banks on collaborations to develop solutions
Automakers are increasingly becoming aware of cybersecurity risk and are taking initiatives to deal with the challenge. Many automakers already have dedicated cybersecurity departments. However, for most of these companies, cybersecurity is a fairly new area requiring new type of expertise and highly skilled employees. Apart from strengthening their in-house cybersecurity team, automakers are looking to address the problem through collaborations.
In August 2015, light vehicle manufacturers in the United States came together to establish Automotive Information Sharing and Analysis Center (Auto-ISAC), a global information sharing community to address vehicle cybersecurity risk. Auto-ISAC, whose members account for more than 99% of light-duty vehicles sold in the North America, operates as a central hub for sharing, tracking and analyzing intelligence about cyber threats, vulnerabilities and incidents related to the connected vehicles. Auto-ISAC recently expanded its members to heavy duty vehicle manufacturers, auto parts suppliers and commercial fleet operators.
Last year, Auto-ISAC released a set of automotive cybersecurity best practices for automakers and suppliers. The best practices, developed with the help of more than 50 automotive cyber-security experts, are expected to serve as a guidance in the development of automotive cybersecurity in seven key areas: governance, training and awareness, risk assessment and management, security by design, threat detection and protection, incidence response and recovery, and collaboration and engagement with appropriate third parties. Auto-ISAC is also developing supplemental materials, including a reference model and practice guides to benefit members and stakeholders.
Cybersecurity threats create new set of suppliers
The cybersecurity risk in the automotive industry has created a new set of suppliers. Many of these start-ups, including Argus Cyber Security, Karamba Security and TowerSec Automotive Cyber Security, are from Israel and were established by former cyber defense experts. These start-ups have emerged as key players in automotive cybersecurity in very short span of time. Argus, founded in 2013, provides risk assessment, embedded software, protection and constant threat monitoring for vehicles. Karamba focuses on providing deterministic scrutiny, implying once the technology is embedded in the vehicle, it will require no additional monitoring or updates. TowerSec specializes in network protection for connected vehicles. Last year, the company was acquired by Harman International to strengthen its offering in automotive cybersecurity. The US-based supplier will integrate TowerSec technology into its 5+1 security architecture to protect critical points of vulnerability in connected vehicles, including in including hardware, network and over the air (OTA) updates.
Traditional suppliers gearing up for challenge
Traditional suppliers are also gearing up to address cybersecurity challenges through collaboration. Last month, Lear and Honeywell teamed up to jointly develop automotive cybersecurity solutions. The collaboration will pair Lear’s automotive electrical distribution systems and connected gateway with Honeywell’s know-how in intrusion detection technology software and security operations centers to provide automakers with technologies to address vehicle prognostics and ensure their safety and security. September also saw Ricardo and Roke Manor Research joining forces to develop cybersecurity solutions for autonomous and connected cars. The partnership will leverage Ricardo’s knowledge in technology and innovation within the mobility sectors, and Roke’s experience in cyber-security for government and corporate clients.
Earlier in July, Japanese supplier Calsonic Kansei partnered with France-based Quarkslab to jointly establish a new company called White Motion LLC, which will focus on automotive cybersecurity solutions. The new company will leverage Calsonic Kansei's and Quarkslab's expertise in functional safety and cybersecurity. White Motion will mainly focus on developing in-vehicle security software, security evaluation of vehicle and components, security education and security consulting. The company will also work on integrating security measurers within vehicles to prevent hacking, cracking and computer viruses.
IHS Markit sees strong growth for cybersecurity solutions market
The rising cybersecurity concern in automotive industry offers tremendous growth potentials for the companies catering to this budding segment. Last year, IHS Markit published Automotive Cyber Security and Connected Car Report that also includes detailed demand forecasts for cybersecurity software and solutions. According to the report, the unit sales for cybersecurity software are forecast to grow from 5.4 million in 2016 to more than 176 million in 2023. Most cars will have more than one cybersecurity software program and the unit per car will grow steadily. Overall, IHS forecast automotive cybersecurity revenue to grow from USD11 million in 2016 to USD759 million in 2023, at a CAGR of 73%.
Automotive cybersecurity market is forecast to grow at CAGR of 73% between 2016 and 2023