Since the establishment of the European Commission sub-group on Cooperative Intelligent Transport systems, which aims to implement an EU-wide automotive cybersecurity infrastructure, the automotive industry has come to consider effective cybersecurity a key technological obstacle to the further automation of transport infrastructure.

A recent white paper by engineering consultancy firm Horiba Mira highlights some of the reasons why automotive cybersecurity presents unique challenges that extend through the lifecycle of a vehicle. For starters, while a certain level of assurance that a vehicle can handle cybersecurity threats can be provided pre-purchase, the capability to deal with threats must be supported through software updates and ongoing monitoring if consumer confidence is to be maintained.

Far beyond IT security

Automotive cybersecurity is often discussed through the prism of IT security, but it actually extends way beyond that.

Autonomous vehicles rely on data input to fully determine their surroundings. They lack the human awareness to judge when something bad may be happening. Any jamming, spoofing or tampering with a source of data being fed into a vehicle can be used to misuse that vehicle. Therefore, when assessing a cybersecurity threat, the real-world interactions of modern cars (even those with limited levels of automation) and the potentially life-threatening consequences of a cyber attack mean that vehicles can't be considered in the same way as other IT systems. They are more than simply ‘computers on wheels’.

As Horiba Mira highlights, the sources of cyber-attack on a vehicle extend way beyond those experienced by computers. Examples include the manipulation of onboard sensors and external data sources that can falsify a vehicle’s ‘awareness’ of its surroundings. Traditional IT-based measures can’t be used to effectively mitigate against this, as those approaches are typically based on intrusion detection. Any threats that don’t require interference with onboard systems can be used to provide spoofed inputs to a vehicle.

Even with the modern vehicle (one with potentially limited automation but multiple data inputs) there are many ways in which onboard electronics can be accessed to maliciously take control. A story ran by Wired in 2015, detailing how a Jeep Cherokee’s transmission was remotely cut by hackers, is testament to the level of control that can be obtained.

Obtaining control of a vehicle has the potential to cause considerable damage and risk to life if this enables nefarious activity to be carried out. Such physical consequences generally aren’t faced in the IT security world.

A rich tapestry of threats

One of the other reasons for the uniqueness of the challenge posed by automotive cybersecurity is the number of threat agents that can be identified. The potential impact of a hack on the autonomous vehicle network means that everyone from dishonest users to rogue states could pose a threat. Therefore, as the autonomous and connected vehicle network develops, a wide range of strategies must be considered when developing solutions to the cybersecurity problem. On the plus side, this provides rich potential for innovation in solutions to protect both the network and the vehicles it supports.

Protecting yourself

It’s important to note that the protection available for cybersecurity innovation is wide-ranging. A solution designed to protect the entire network against a hack from a rogue state is very different from a solution that aims to stop a single dishonest user from physically accessing a particular vehicle, but both are essential to maintain the network and safeguard its users, and both could potentially be patented.

If you’re developing any type of technology in this field, a patent application could enable you to obtain exclusivity for your innovations and protect your R&D investment.