The ongoing electrification process highlights the need for automated systems to counter cyber attacks. Today, the mobile devices and rolling data centres that used to be called cars are potential targets for hackers.
For a hacker looking for ways to compromise computer systems, the immediate future is a bit of a smorgasbord offering myriad connected IoT gadgets and electric vehicles feeding into the power grid.
“Electrification broadens the possible threats. We’re talking about all vehicles being connected in what is known as vehicle to grid, or V2G for short, which is to help society with its energy supply. This means communication has to take place when the vehicle is connected,” explains Tomas Bodeklint, a research and business developer at RISE.
Bodeklint compares the modern connected car to any other mobile device. Connected to the cloud not only via wireless interfaces such as 4G and 5G, but also via Bluetooth and Wi-Fi.
“What electrification adds to these systems is another attack vector. We can compare it to connecting a network cable to the vehicle when charging its battery.”
Moreover, there are many public charging points where the user is unlikely to have a good grasp of possible cyber threats.
“This could be at restaurants or shopping centres, but even at home. People connect their vehicles to their smart homes to easily transfer maps or Spotify playlists. This enlarges the attack surface. It offers more connectivity options for accessing vehicles and making inroads via various apps.”
What types of attackers are there? Bodeklint says that the entire spectrum is represented but can be roughly divided into three different groups.
Everyone needs to be aware of how cyber security works
Vehicle manufacturers are facing the introduction of a new global regulation on cyber security that will apply to all newly produced vehicles as of 1 July 2024. This will require, for example, a CSMS* and systems to automatically detect and defend against cyber attacks.
“Here at RISE, in our cyber security research work we look at things such as how systems can handle threats automatically,” says Bodeklint.
This requires systems that use AI technologies like machine learning to monitor data sets and detect suspected attacks.
“So, how can you handle something like this automatically and enter a safe mode? Understandably, a vehicle manufacturer can’t handle such attacks manually, there needs to be an automated system that helps to flag such incidents.”
Bodeklint says that today’s software-based vehicles make it especially important for cyber security to be something that encompasses the entire operations of a vehicle manufacturer.
“It’s not just security personnel who should know about this, but rather the entire organisation needs to keep it in mind when designing vehicles. Everyone who writes software for vehicle functions. Everyone needs to be aware of how cyber security works and how it affects their software. It needs to be incorporated right from the start, it can’t be added as an afterthought.”
Cyber security management system, or CSMS for short, a system for managing all cyber security processes encompassing the company and the vehicle throughout its service life.