Safeguarding Connected and Autonomous Vehicles' Cybersecurity:

In the rapidly evolving world of technology, the automotive industry is not immune to the rising tide of cyberattacks. From connected vehicles to electronic systems, software, ADAS, and AD, modern cars run on over 100 million lines of code and 250 GB of data flowing through their system.

Recognising the need for robust cybersecurity measures, ISO 21434, the Automotive Cybersecurity standard, has been established. This guideline aims to enhance cybersecurity within the automotive industry, addressing issues such as organizational and project-based cybersecurity management, managing cybersecurity with suppliers, incident response, threat analysis, and risk assessment.

ISO 21434 places a strong emphasis on continuous monitoring and the capacity for incident response, enabling timely detection and reaction to threats throughout the vehicle's lifecycle. It establishes a foundation for cooperation among all automotive supply chain stakeholders, fostering the understanding that cybersecurity is a collective responsibility.

The automotive industry is moving towards a software-defined future, where the functionality, performance, features, and value are derived from the vehicle's software capabilities rather than its hardware. This shift necessitates a holistic design approach, and companies like Bosch are at the forefront of this change. Bosch is currently working on a software solution for ADAS-capable vehicles, specialising in zonal architecture and safety measures.

However, cybersecurity is not just about protecting the vehicle from hacking or data breaches. It is essential in the automotive industry to protect the physical safety of drivers and passengers, safeguard their privacy, and maintain consumer trust. Robust cybersecurity measures can help prevent incidents like car theft, which is on the rise in many parts of North America and Europe, with thieves using methods like relay attacks, smart key hacking, and CAN injection to steal vehicles.

ISO 21434 is based on a risk-based approach, requiring manufacturers to systematically identify potential cybersecurity threats, assess their impact, and implement appropriate mitigation measures. Other standards, such as ISO 26262 - Automotive Functional Safety (FuSA) and ISO 21448 - Safety of the Intended Functionality (SOTIF), also play crucial roles in ensuring the electronic safety of vehicles and eliminating unreasonable risks caused by hazards.

In the face of increasing cyber threats, the importance of standards like ISO 21434 cannot be overstated. From the airport in Split, Croatia, where a cyberattack in July 2024 resulted in flight cancellations, delays, and passengers spending the night at the airport, to the multiple cyberattacks experienced by automotive software provider CDK Global in June 2024, causing over 15,000 dealerships across North America to go offline, it is clear that cybersecurity is a pressing concern.

Even in the realm of cryptocurrency, as evidenced by the attack on El Salvador's national cryptocurrency wallet, Chivo, in April 2024, exposing the sensitive personal information of millions of Salvadorians and releasing the wallet's source code, cybersecurity measures are essential to safeguard user privacy and maintain consumer trust.

As the automotive industry continues to evolve, it is crucial that cybersecurity remains a top priority. IATF 16949, the International Automotive Task Force quality management system standard focused on continual improvement, emphasizing defect prevention and the reduction of variation in the automotive supply chain and assembly processes, also plays a role in ensuring that cybersecurity is integrated into every aspect of the industry.

In conclusion, the rise of cyberattacks across industries underscores the need for robust cybersecurity measures. ISO 21434, with its focus on continuous monitoring, incident response, and cooperation among stakeholders, provides a strong foundation for enhancing cybersecurity within the automotive industry. As the industry moves towards a software-defined future, the importance of a holistic design approach and the implementation of standards like ISO 26262, ISO 21448, and IATF 16949 cannot be overstated. The safety, privacy, and trust of consumers depend on it.