Automakers are ramping up efforts to battle the fast-growing threat of cyber attacks, as experts warn the industry is facing an “inflection point” on cybersecurity.
Internet-enabled cars and advanced technological developments are increasing risks to consumer privacy and even safety as the number of attacks rises “rapidly” year-on-year, according to a report from cybersecurity firm Kaspersky.
In a now-infamous showcase in 2015, two security researchers Charlie Miller and Chris Valasek were able to remotely hack into a Jeep on a US highway, forcing an emergency stop at high speed and prompting the recall of nearly one and a half million Fiat Chrysler vehicles.
But since then, the number of cybersecurity incidents have skyrocketed. Upstream’s 2022 global automotive cybersecurity report found a collosal 225 per cent jump between 2019 and 2022.
Honda last year warned that hackers had found the means to unlock doors and even kickstart the engine of some of its models by overriding keyless entry systems.
Cara Haffey, UK automotive leader at PwC, told City A.M. the industry had reached an “inflection point. While internet connectivity is now commonplace, we are seeing how both privacy and safety could be compromised.”
Automakers have stepped “up their game to meet consumer demand” for more connected cars in recent years, but this has created a “critical” need to remain “laser focused” on the issue, she warned.
MPs have warned of ‘mass casualty’ events
Top level executives in the automotive industry are deeply concerned over its exposure to cyber-related incidents.
Kaspersky’s research found nearly two thirds of c-suites’ believe the automotive supply chain is vulnerable to attack, with 34 per cent highlighting car ‘infotainment systems’ – which include voice control, interactive map access and entertainment systems – as their top concern.
Further technological developments in the electric vehicle (EV) and self-driving space are also on the horizon and adding their own risks.
Earlier this week, MPs on the commons Transport Select Committee warned that cyber-attacks on new self-driving cars could cause “mass casualties” if terrorists and nation states targeted the nascent technology.
EV battery packs, which give huge amounts of data on how they operate and can be accessed and monitored by qualified mechanics while in use, are similarly presenting problems.
Dr Paul Robertson, cyber resilience partner at EY, told City A.M. that “without security in the design and operation there are risks to that component being manipulated or the data being available to non-authorised people.”
Experts argue action is urgently needed before first of its kind UN regulations come into force next July, which will threaten carmakers with shutdown of vehicle production if they fail to meet requirements.
Mike Hawes, chief executive of the UK automotive trade body the SMMT said, “security is a priority for the automotive industry and vehicle manufacturers are investing significantly in new features to help keep cars safe from cyber-crime.”
“Industry is also working closely with government and security agencies to help implement further safeguards to ensure current and future generations of connected cars remain resilient to cyberattacks.”