Updated:

Automotive Industry’s Cybersecurity and Threats Case Study

Exclusively available on Available only on IvyPanda® Made by Human No AI

Background Information

Cybersecurity is focused on computer systems that is why the representatives of the general population rarely associate it with the automotive industry. However, the connected car was not a part of sci-fi for a long, and it is offered by 15 brands already (Francisco, 2014). Many people can experience the advantages provided by in-car infotainment systems today. With the help of Wi-Fi and Bluetooth-enabled devices, drivers can use additional functions and adapt the environment around them to their needs (Griffor, 2016). Cybersecurity in the automotive industry also deals with connected parking and after-market services, etc. Thus, it must ensure privacy and security. Not so long ago, it was revealed that hacker groups attacked smartphones, which influenced the connected car (Francisco, 2014). These issues attracted the attention of professionals and made them reconsider the extent of cybersecurity threats.

Threat Assessment

The Vehicle Software

Explanation

The infotainment system represents the main set of computer systems that can be found in the vehicle. It gathers both hardware and software, which means that different security approaches are to be addressed. This system has a low barrier to entry, which makes it vulnerable to attacks. Users have an opportunity to download and install software themselves, gathering it from those websites that do not guarantee a high-quality product.

Risk

Cars tend to have a lot of sensors that make them more vulnerable. The attack surface increases, which makes it easier for hackers to find a gap in security. In addition to that, the software installed by the owner may contain an electronic threat, alter sensitive data, affect the productivity of the system negatively or even remove some significant for proper operation software.

Recommendation

With the help of a trusted secure boot, professionals can ensure that their clients’ software that is already installed is good enough and does not require any changes. It is better to partition operating systems so that if hackers affect one of them, others remain secure. If some updates are needed with time, it is significant to make sure that owners can use virtualization and software containers. In this way, they can alter individual functions and do not implement changes in the whole system. It may also be beneficial to make it impossible for the owners to add/delete the software. However, the possibility to develop some kind of assessment tool for new software seems to be more advantageous because it will not deprive the owners of their privileges but will still ensure security. Authentication is used to make sure that a car is used by its owner but not by some other person. It gathers one’s individual information and provides access on its basis. A physical key that is still often used in the automotive industry cannot provide such benefits, which proves the value of this alternative.

Network Security

Explanation

The majority of hackers who have experience of exploiting desktop systems have no difficulties with targeting the automotive industry focusing on its software. That is why it is often given the greatest priority. A vehicle can be affected through Wi-Fi and Bluetooth connectivity, which means that the attack can be maintained from a distance. It is significant to ensure the security of this system because it focuses not only on the audio and video entertainment but also allows to control navigation system and manipulate the behavior of the car. Hackers do not even need to get close to a vehicle if they want to move wheels, for instance.

Risk

The Internet attacks are currently treated as something ordinary so that the representatives of the general public do not consider them to be very critical. The usage of unsecured legacy protocols can affect the integrity and authenticity of data. Among the main vulnerabilities in the implementation of Bluetooth technology. With its help, a car can be aligned with a smartphone, which is a great advantage for the owner because it simplifies the usage of network systems. However, the device used for the connection can belong to a hacker as well. To minimalize this issue, the majority of companies that operate in the automotive industry use the CANbus network, which is focused on the behavior of a car. However, it fails to provide total security, making it possible for hackers to manipulate a vehicle and threaten people’s lives (Francisco, 2014).

Recommendation

Organizations should maintain monitoring of the behavior of a car. It will be advantageous to implement anomaly detection. In this way, it will be possible to see if a car was approached by a hacker. In addition to that, updated models of network encryption should be used because they are likely to protect the data that is critical for the safety of clients. Device authentication should be maintained because it ensures that a vehicle is approached by its owner. It can be beneficial to restrict network communications. Defining preferred behavior, a client will be able to see if something unusual happened.

The Vehicle Hardware

Explanation

Companies must ensure that the vehicle hardware is well-protected. The way the software operates depends greatly on the condition of hardware and its security. Hackers can obtain access to a vehicle and damage seatbelts or airbags. In addition to that, they can affect the engine firewall.

Risk

Some hardware components have no built-in security features, which means that it can be easily accessed by hackers (Auto Alliance, 2017). If the auto control system is not isolated, it can be approached through other systems. What is more, hackers can affect communications-based functions like navigation and satellite radio.

Recommendations

Focus on boot and software attestation can prevent unauthorized changes and invalid files from influencing client security. It requires the digital signature and product keys that cannot be easily hacked. The usage of the trusted prosecutor module can be advantageous in this perspective because it identifies a proper code and arrests other attempts to get into the system. Tamper protection also focuses on intellectual property. It allows professionals to avoid reverse engineering. It is possible to use Intel Enhanced Privacy ID technology that ensures client anonymity (Intel Security, 2016).

Cloud Security

Explanation

The majority of hackers are ready to deal with basic security when they start working. However, they are not ready to deal with additional security services, which can help to identify and correct those threats that are waiting for a vehicle.

Risk

Lack of collaboration between the stakeholders and poor maintenance of additional support services can lead to the disclosure of critical information and the possibility of obtaining hacked software updates (AUTO-ISAC, 2016). When vulnerabilities are discovered with time, the recall may be needed which can be extremely expensive for the organization.

Recommendation

It is significant to ensure the possibility of remote monitoring and updates, etc. The cloud should be approached with the help of an authenticated channel. The stakeholders should develop proper collaboration so that they can quickly share the information, respond to attacks, and prevent their repetition. The possibility of over-the-air updates should be ensured because it allows reducing expenditures needed to fix the product (CybeRisk, 2016).

Conclusion

Thus, it can be claimed that the current automotive industry is tightly connected with computer systems so that its cybersecurity is to be ensured. Vulnerabilities of connected cars can be found when focusing on their hardware and software systems as well as on network and cloud security. This issue occurs because the infotainment system that is implemented in a vehicle has much in common with desktop systems that are already thoroughly explored by hackers. The majority of risks come from the network system because it deals with the connection of cars to other devices. However, the significance of other weaknesses cannot be neglected. Professionals who operate in the automotive industry should think of the best practices that can help them to prevent hacker attacks or at least respond to them properly. In this way, both clients and companies will be protected.

References

Auto Alliance. (2017). Cybersecurity. Web.

AUTO-ISAC. (2016). Automotive cybersecurity best practices. Web.

CybeRisk. (2016). Automotive cybersecurity – vulnerabilities, challenges, industry response. Web.

Griffor, E. (2016). Handbook of system safety and security. Amsterdam, Netherlands: Elsevier.

Francisco, C. (2014). Web.

Intel Security. (2016). Web.

More related papers Related Essay Examples
Cite This paper
You're welcome to use this sample in your assignment. Be sure to cite it correctly

Reference

IvyPanda. (2020, August 6). Automotive Industry's Cybersecurity and Threats. https://ivypanda.com/essays/automotive-industrys-cybersecurity-and-threats/

Work Cited

"Automotive Industry's Cybersecurity and Threats." IvyPanda, 6 Aug. 2020, ivypanda.com/essays/automotive-industrys-cybersecurity-and-threats/.

References

IvyPanda. (2020) 'Automotive Industry's Cybersecurity and Threats'. 6 August.

References

IvyPanda. 2020. "Automotive Industry's Cybersecurity and Threats." August 6, 2020. https://ivypanda.com/essays/automotive-industrys-cybersecurity-and-threats/.

1. IvyPanda. "Automotive Industry's Cybersecurity and Threats." August 6, 2020. https://ivypanda.com/essays/automotive-industrys-cybersecurity-and-threats/.


Bibliography


IvyPanda. "Automotive Industry's Cybersecurity and Threats." August 6, 2020. https://ivypanda.com/essays/automotive-industrys-cybersecurity-and-threats/.

If, for any reason, you believe that this content should not be published on our website, please request its removal.
Updated:
This academic paper example has been carefully picked, checked and refined by our editorial team.
No AI was involved: only quilified experts contributed.
You are free to use it for the following purposes:
  • To find inspiration for your paper and overcome writer’s block
  • As a source of information (ensure proper referencing)
  • As a template for you assignment
Privacy Settings

IvyPanda uses cookies and similar technologies to enhance your experience, enabling functionalities such as:

  • Basic site functions
  • Ensuring secure, safe transactions
  • Secure account login
  • Remembering account, browser, and regional preferences
  • Remembering privacy and security settings
  • Analyzing site traffic and usage
  • Personalized search, content, and recommendations
  • Displaying relevant, targeted ads on and off IvyPanda

Please refer to IvyPanda's Cookies Policy and Privacy Policy for detailed information.

Required Cookies & Technologies
Always active

Certain technologies we use are essential for critical functions such as security and site integrity, account authentication, security and privacy preferences, internal site usage and maintenance data, and ensuring the site operates correctly for browsing and transactions.

Site Customization

Cookies and similar technologies are used to enhance your experience by:

  • Remembering general and regional preferences
  • Personalizing content, search, recommendations, and offers

Some functions, such as personalized recommendations, account preferences, or localization, may not work correctly without these technologies. For more details, please refer to IvyPanda's Cookies Policy.

Personalized Advertising

To enable personalized advertising (such as interest-based ads), we may share your data with our marketing and advertising partners using cookies and other technologies. These partners may have their own information collected about you. Turning off the personalized advertising setting won't stop you from seeing IvyPanda ads, but it may make the ads you see less relevant or more repetitive.

Personalized advertising may be considered a "sale" or "sharing" of the information under California and other state privacy laws, and you may have the right to opt out. Turning off personalized advertising allows you to exercise your right to opt out. Learn more in IvyPanda's Cookies Policy and Privacy Policy.

1 / 1