This article written by Rajeev Panicker, Business Head – Cyber Security & Privacy Services India & Middle East at DNV delves into the critical significance of cybersecurity in the mobility sector, shedding light on both the challenges it poses and the opportunities it presents.
The automotive sector relies heavily on connected and autonomous vehicles, which generate, store, and exchange substantial amounts of data and interact with various systems and devices. Cyberattacks on vehicles can compromise the safety, privacy, and functionality of drivers, passengers, and pedestrians, as well as disrupt traffic flow, cause environmental damage, and undermine public trust. Therefore, it is essential for the automotive sector to adopt a comprehensive cybersecurity strategy, which covers the entire lifecycle of vehicles, from design and production to operation and maintenance, and includes measures such as security by design, encryption, authentication, monitoring, testing, updating, and incident response. Cybersecurity is essential for ensuring the safety, reliability, and efficiency of mobility services, as well as the privacy and trust of customers and stakeholders. It is not only a technical challenge, but also a strategic, regulatory, and ethical one, as it involves complex trade-offs between security, functionality, usability, and cost.
Cyber security Challenges in the Mobility Sector
The mobility sector faces several cyber security challenges, such as:
- Growing complexity and interconnectivity: With increased interconnectivity comes a surge in potential cyber vulnerabilities, creating an expanded attack surface ripe for exploitation.
- Lack of standards, best practices, and regulations: Absence of unified cyber security standards leads to fragmented security protocols across mobility providers and operators.
- Resource and skill gaps: Insufficient cyber security awareness, skills, and resources, which limit the ability of mobility stakeholders to detect, prevent, and respond to cyber threats
- Emerging threat landscape: From ransomware attacks to vehicle hijacking, the spectrum of cyber threats is continuously evolving, posing significant risks to mobility services and data.
- Legal and ethical implications: questions regarding liability, accountability, and transparency loom large, necessitating clarity on roles and responsibilities amidst cyber incidents.
Cyber security Opportunities in the Mobility Sector
The mobility sector also offers several cyber security opportunities, such as:
- Enhancing the customer experience: Secure and personalized mobility services bolster customer satisfaction and trust.
- Operational efficiency: Improved system performance and resilience streamline operations while mitigating cybersecurity risks.
- Creating competitive advantages: Robust cybersecurity measures differentiate providers and operators, fostering market trustworthiness
- Innovation Catalyst: Cybersecurity drives innovation, facilitating the adoption of innovative technologies and business models.
- Social and Environmental Impact: By supporting the transition to a more sustainable, inclusive, and accessible mobility system that benefits people and the planet.
Regulations and Standards
There are several regulations and standards that aim to help the automotive and mobility sectors to protect cyber security of automotive services, items, and components. Some of the most important ones are:
- The United Nations Regulation No. 155 on Cyber Security and Cyber Security Management Systems, which establishes the requirements for the approval of vehicles regarding cyber security and for the approval of cyber security management systems of manufacturers. It also defines the obligations of the manufacturers, the approval authorities, and the technical services regarding cyber security.
- The ISO/SAE 21434 standard on Road Vehicles - Cyber security Engineering, which specifies the process for engineering cyber security in road vehicles and their components. It covers the aspects of cyber security risk assessment, threat analysis, security concept, security design, security testing, and security management.
- The European Union Cyber security Act, which establishes a common framework for the certification of information and communication technology (ICT) products, services, and processes, including those related to the automotive and mobility sectors. It also creates the European Cyber security Agency (ENISA), which is responsible for developing and implementing the certification schemes and providing advice and assistance on cyber security matters.
- The Automotive Information Sharing and Analysis Center (Auto-ISAC) Best Practices, which are a set of voluntary guidelines for the automotive industry to enhance cyber security. They cover the areas of governance, risk management, security by design, threat detection and protection, incident response, training and awareness, and collaboration and engagement.
Cyber security is a critical factor for the success of the mobility sector, as it affects the quality, safety, and value of mobility services and data. It is not only a challenge, but also an opportunity, as it can enhance the customer experience, improve the operational efficiency, create competitive advantages, drive innovation and growth, and contribute to social and environmental goals.
The automotive sector needs to collaborate with other mobility stakeholders, such as infrastructure providers, service providers, regulators, and users, to ensure the interoperability, compatibility, and resilience of the mobility ecosystem. By enhancing its cybersecurity capabilities, the automotive sector can not only mitigate the risks, but also unlock the potential of connected and autonomous vehicles, which can offer improved efficiency, convenience, accessibility, and sustainability for the mobility sector and society at large.
Cyber security requires a holistic, collaborative, and proactive approach, involving all the mobility stakeholders, from providers and operators to regulators and customers, to address the risks and seize the opportunities of the digital transformation of mobility.