The evolution of automotive software has transformed the vehicle industry. The development of vehicle software has played a significant role, causing some of the biggest disruptions in the automotive industry - connectivity, autonomous, shared mobility, and electrification (CASE). The vehicle has now moved from being a traditional piece of machinery to a software-defined vehicular experience. While the hardware has become standardised across most OEM manufacturers, the key differentiator among them, are now the digital products – particularly the software. This is coupled with the dramatic shift in customers’ preference to shared mobility over owning the vehicle forever.
Within connected vehicles, the software-defined vehicles require integrated, open, and scalable architecture with hardware, software, Advanced Driver Assistance Systems/Autonomous driving (ADAS/AD) stack solutions, and robust connectivity. This has introduced new potential vulnerabilities and requires stronger cybersecurity controls.
As per the 2023 Global Automotive Consumer Study, the key highlight was the global shift to electric vehicles. Though the range of adoption differs across the globe, issues of affordability, range anxiety, and safety concerns remain as significant barriers to adoption. The electric vehicle additionally has introduced cybersecurity gaps in the battery management system, charging system and the overall ecosystem consisting of utility providers, grid owners, mobility suppliers, etc. Due to the rapid pace of digital transformation, these automotive cybersecurity risks have not been addressed satisfactorily.
As the landscape shifts, automotive players who lack sufficient software and vehicle security face major risks. There is a need to introduce security at every stage of development and secure the vehicle.
Some key components for the future of mobility are:
♦ Product: We need to weave security at the start i.e. at the research and development stage, as this stage includes a high risk of IP theft. During production stages, component testing is the key factor, leading to the final stages of secure post-production and disposal.
♦ Plant: The transition to electric, self-driving and shared vehicles will also bring in changes to the way vehicles are manufactured in the plant with innovative data, software and robotic automation playing a key role. There is a need to secure the entire development lifecycle and supply chain, as well as a cultural transformation to help shift towards the industrial revolution.
♦ Workforce: Embedding security and privacy in the future of work, workforce, and workplace is essential. This includes cyber training and awareness, workforce management, secure hybrid working and data protection.
♦ Consumers: Aware and evolving consumers are choosing goods and services that give them confidence in their physical and logical security and privacy. As per the reports, barring Japan where vehicle features are the driving force behind choosing a brand, consumers largely rely on a perception of product quality when making a purchase decision. This drives the need to ensure that all safety checks are in place.
♦ Ecosystem: The digital ecosystem is designed through an interconnected network of various software, hardware and service providers who fulfil the customer needs and provide customer experience. With increased players and connectivity, there is a need for them to be able to trust each other on security and confidentiality through secure communication, data, and connectivity.
♦ Regulations: There are currently various existing regulations across vehicle, plant, data which the OEMs need to comply with. In addition, due to the rapid pace of digital development, there are new regulations currently underway for regulating emerging technologies.
To effectively set standards that can secure tomorrow's varied mobility options, a diverse consortium of security factors from across ecosystems is needed. Companies should strive to achieve the three cardinal virtues of cyber risk management throughout the development process: becoming secure, vigilant, and resilient.
The future of the automotive industry and cyber are tightly connected. Automotive organisations require digital trust, a well-built brand reputation, customer loyalty, and operational stability to prosper. With emerging technologies and increased threat areas in the vehicle, there is an urgent need to create effective cyber strategies and embed cyber into the design, planning and implementation stages for all business activities.
Authored by: Praveen Sasidharan, Partner, Risk Advisory, Deloitte India and Anupa Subrahmoni, Manager, Risk Advisory, Deloitte India