What You’ll Learn
- Benefits of OTA Updates: Explore the advantages of over-the-air updates, including convenience for consumers and cost savings for manufacturers.
- Vulnerabilities in OTA Updates: Understand the potential security risks associated with OTA updates, including both accidental glitches and intentional cyberattacks.
- Emerging Regulations: Learn about new regulations like UNECE R155 and R156 that aim to enhance the security of OTA updates and manage cyber risks in the automotive sector.
- Cybersecurity Lifecycle Phases: Discover the three critical phases of cybersecurity regulations—development, production, and post-production—and how they relate to OTA updates. Best Practices for Protection: Identify key strategies and practices to safeguard OTA updates and ensure compliance with emerging regulations.
These are exciting times for car manufacturers. At-home services are increasing, with car manufacturers enabling over-the-air (OTA) updates that can upgrade a vehicle with new features, or even fix faulty vehicle software by remote. The data speaks for itself. According to a comprehensive research report by Market Research Future (MRFR), the market is projected to be worth $14.47 billion by 2030, registering a CAGR of 18.72% during the forecast period (2022 – 2030), up from $2.89 billion in 2021.
Seemingly, the OTA service is a win-win for both consumers and manufacturers. Consumers can save lots of time and money, not to mention the bother of going to service stations. Manufacturers can save lots on expenses by handling software glitches by remote.
Automotive OTA Updates Are Susceptible to Vulnerabilities
But is it as good as it sounds? Have you ever had your computer stop working or your phone start malfunctioning after an upgrade? Think about if that were to happen while driving on a major highway at 90 miles per hour. What if the same malfunctioning updates were introduced to thousands of vehicles at a time? The cases described above highlight automobile malfunctions due to software glitches or bugs.
But what about intentional cyberattacks? During 2021, we have seen numerous cyberattacks and an increase in vulnerabilities hitting the automotive sector. Special attention seems to be coming from ransomware threat actors. The threat grows for connected vehicles to be compromised by hackers, even more so when software or firmware updates are involved, and especially during OTA updates.
New Regulations Are Emerging to Help Protect Automotive OTA Updates
According to the UNECE, cars contain up to 150 electronic control units and approximately 100 million lines of software code, four times more than a fighter jet. This is projected to rise to 300 million lines of code by 2030. Once, hacking a car was a difficult task, requiring advanced knowledge of the vehicle’s internals. But hackers are getting better, and automotive security concerns are growing. It’s not only possible for hackers to gain remote control access to an automobile’s steering, acceleration, and brake control, but they can mine a connected car for personal information about the owner or driver.
For this reason, and due to growing threats, new regulations are emerging to manage vehicle cyber risks, and to provide safe and secure updates during over-the-air updates to on-board vehicle software. These regulations such as R155 and R156 establish performance and audit requirements for cybersecurity and software update management for new passenger vehicles. WP.29 incorporates into its regulatory framework technological innovations to make vehicles safer and to provide safe, secure software updates that do not compromise vehicle safety. There are three lifecycle phases specifically described in the cybersecurity regulations: development, production, and post-production, which include monitoring, detecting, and responding to cyberattacks.
Ensure Automotive Security Compliance with Cybellum
In recent months, more and more customers who are receiving at-home services are becoming aware of the security issue, in no small part due to high-profile hacks that have made the news. They are starting to question their service providers about the security practices and how they can guarantee safe updates from remote. Cybellum is supporting OEMs and Tier-1 automobile manufacturers around the globe to safeguard their customers from vulnerable software and cyberattacks. Learn more about automotive regulations and compliance with UNECE WP.29 AND ISO/SAE 21434 in the eBook entitled:
The Blueprint of a Vulnerability Management Profgram
Key Takeaways
- OTA Advantages: OTA updates offer significant benefits but come with new security challenges that need to be addressed.
- Security Risks: The automotive sector faces increasing threats from cyberattacks targeting OTA updates, making robust security measures essential.
- Regulatory Compliance: New regulations like UNECE R155 and R156 provide frameworks for secure software updates and lifecycle management, crucial for automotive manufacturers.
- Cybellum’s Solutions: Cybellum supports OEMs and Tier-1 manufacturers in implementing effective security practices to protect against vulnerabilities and ensure compliance with industry regulations.
- Future Focus: Staying ahead in automotive security involves understanding and adhering to evolving regulations, and adopting best practices for managing OTA update risks.