Automotive Cybersecurity This may be one of the hottest topics in the industry, primarily because the UN R155 regulation has become mandatory, and consequently, ISO 21434 is also becoming obligatory in order to comply with that regulation. There are many challenges in automotive cybersecurity, mainly, how to protect something that is widely accessible to the general public. On one hand, there's that broad exposure, and on the other hand, there's a global shortage of skilled professionals. Modern vehicles today are complex assets that combine both IT and OT. This means you need to consider cloud infrastructure, software, web, and networks on one side, and hardware, firmware, and sensors on the other. To cover all of this, a multidisciplinary team is needed, one that understands security by design, security throughout the software development lifecycle, penetration testing, and even safety aspects when working with the OT side. From a technical perspective, embedded engineers are often unaware of the problems that can be caused by using standard functions like memcpy. While some might claim it's obsolete, in reality, it's still widely used. Engineers often resort to shortcuts; not because they lack knowledge, but because they're under pressure. In addition to low-level programming errors, another critical issue is access to the CAN network, especially from infotainment systems. An attacker can override the CAN bus and send high-priority messages directly from the infotainment unit. Even more concerning are aftermarket systems, which are often poorly tested or not tested at all, and are installed simply to provide more features. Moreover, in 2023, the highest volume of attacks targeted telematics systems i.e., remote attacks, showing just how unprepared the industry is for what lies ahead. In the future, and already today, cars will become increasingly digitalized. Every new feature increases the attack surface. Therefore, this issue will need to be taken seriously, because with the popularization of any technology comes the popularization of its darker side as well.
Selma Kunosic
7mo
The issue is already being taken seriously. Companies are building entire teams and departments to meet all the requirements and make vehicles as safe as possible. However, one thing is certain: like with any system, the more you go digital, the more vulnerable you become to attacks. No matter what you build, there will always be people trying to break into your system—whether it's a car, computer, mobile phone, or literally anything else. In the end, it depends on how much you're willing to invest to secure your system (even though nothing can ever be 100% safe), or whether you want to go 20 years back and make vehicles offline—and fall far behind your competition. The struggle is real. :)
Interesting read - especially for those of us outside the core of the automotive cybersecurity field. It’s striking (and frankly a bit alarming) how vehicles are evolving from mechanical machines into complex digital ecosystems and yet many of the same human patterns remain: shortcuts under pressure, fragmented accountability, and a reactive rather than proactive approach to risk. It reminds me of a broader truth in tech: with every layer of innovation, we unintentionally widen the surface for vulnerabilities - unless we embed security thinking from day one.