Cybersecurity a risk in auto industry
THE proliferation of software, connectivity and other emerging technologies in automobiles has made cybersecurity a major challenge for the industry, according to a report by Synopsys Inc and SAE International, a global association of engineers and technical experts in the aerospace, automotive and commercial vehicle industries.
Based on a survey of global automotive manufacturers and suppliers conducted by the Ponemon Institute, the report highlights critical cybersecurity challenges and deficiencies affecting many organisations in the automotive industry.
The survey found 84 per cent of automotive professionals have concerns that their organisations’ cybersecurity practices are not keeping pace with evolving technologies.
The study also found 30 per cent of organisations do not have an established cybersecurity programme or team, and 63 per cent test less than half of the automotive technology they develop for security vulnerabilities.
“SAE members have sought to address cybersecurity challenges in the automotive systems development life cycle for the last decade and worked together to publish SAE J3061, the world’s first automotive cybersecurity standard,” said Jack Pokrzywa, director of ground vehicle standards with SAE International.
“Armed with the findings of the study, SAE stands ready to convene t he industr y and lead development of targeted securit y controls, technica l training, standards, and best practices to improve t he securit y, and t hus t he safet y, of modern vehicles.”
‘Need for fundamental shift’
The Ponemon Institute, a USbased IT securit y research organisation, sur veyed 593 professiona ls from globa l automotive manufacturers, suppliers and ser v ice prov iders. All respondents are involved i n assessing or contributing to t he securit y of automotive technologies, including infotainment systems, telematics, steering systems, cameras, driverless and autonomous vehicles, and technologies such as WiFi and Bluetooth, among others.
“This study underscores the need for a fundamental shift – one that addresses cybersecurity holistically across the systems development life cycle and throughout the automotive supply chain,” said Synopsys Software Integrity Group co-general manager Andreas Kuehlmann.
Other key findings from the survey included:
Lack of cybersecurit y sk ills and resources – more than half of respondents say their organisation doesn’t allocate enough budget and human capital to cybersecurity, while 62 per cent say they don’t possess the necessary cybersecurity skills in product development.
Proactive cybersecurity testing is not a priority – less than half of organisations test their products for security vulnerabilities. Meanwhile, 71 per cent believe pressure to meet product deadlines is the primary factor leading to security vulnerabilities.
Developers need cybersecurity training – Only 33 per cent of respondents reported that their organisations educate developers on secure coding methods. Additionally, 60 per cent say a lack of understanding or training on secure coding practices is a primary factor that leads to vulnerabilities.
Cybersecurit y risk throughout the supply chain – Some 73 per cent of respondents expressed concern about the cybersecurit y of automotive technologies supplied by third parties.
Meanwhile, only 44 per cent say t heir organisation imposes cybersecurit y requirements for products prov ided by upstream suppliers. To download a free copy of the report, “Securing the Modern Vehicle: A Study of Automotive Industry Cybersecurity Practices”, visit www.synopsys.com