It’s imperative automotive companies competing in today’s market leverage information technology to maximize production efficiency while effectively controlling and securing their informational assets, customers’ private data, and more importantly, car safety. The technology landscape is rapidly changing with the introduction of connected car technology, mobile technology, open source development, cloud computing, and more.
Managing cybersecurity threats in cars is not a simple task for any OEM. The safety of cars is at stake if risks are not mitigated at all stages of production. There are multiple entry points in a car that need to be secured from component production to design and assembly. In addition to OEMs, a number of third parties, from auto parts suppliers to technology companies, are involved in building a car. Cybersecurity needs to be addressed by each party in collaboration, and at the same level, with OEMs.
Preventing threats
Organizations value and view cybersecurity, risk, and control differently. Some of these differences are related to risk and threat profiles impacting an organization based on factors such as industry, location, product/services, etc. Other differences are related to management’s view of or commitment to security, and some are based on prior security incidents in the industry. Regardless, OEMs, auto parts suppliers, and after-market manufacturers need to evolve their security and control frameworks to meet the changing landscape.
Recognizing threats
It is just a matter of time before cybersecurity threats are realized in cars. Below are some examples of potential threats:
- Bug at auto parts supplier
- Trojan in after-market product
- Man-in-the-middle attacks at auto dealer
- Data or IP loss at OEM
- Call center phishing attack
- Car mobile app hack
- Drive-by attacks
- Exploiting known vulnerabilities
Addressing threats
To address cybersecurity threats in cars, OEMs will need to collaborate with auto suppliers, after-market suppliers, auto dealers, technology companies, and our cybersecurity experts. To assist in defining appropriate security practices or assessing existing control structures, Plante Moran has developed a comprehensive and proven methodology to assist our clients’ obligations to protect the confidentiality, availability, and integrity of their information and IT assets, as well as compliance with various security and privacy regulations. Plante Moran’s “House of Security” framework allows an organization to address cybersecurity from the IT infrastructure to the automobiles.
