Cybersecurity challenges and solutions in the auto industry

The core competencies of automotive OEMs include designing, developing, and producing vehicles. For example, a manufacturer may have hundreds of engineers and employees working within the powertrain division. However, “what you won’t find is the same number of people working on cybersecurity for the whole company,” according to Anthony Martin, chief engineer and head of vehicle resilience at Horiba Mira.

Engineering cybersecurity for vehicles carries considerable cost and liability. “Vehicle users don’t necessarily see cybersecurity upfront and don’t necessarily value it until there is a problem,” said Martin. As such, it is not a feature that can be tagged onto the price of a vehicle. If companies experience cybersecurity issues and have to recall vehicle models, meeting the most basic cybersecurity regulations does not protect them from having to pay out. The industry is preparing for the introduction of new cybersecurity regulations such as UNECE Regulation 155 in July 2022 and the ISO/SAE 21434 standard. Therefore, companies must explore questions like how do we approach this; how much is enough ; and how can we prove that what we did at the time was sufficient.

Horiba Mira helps companies to answer these questions. “We have a really strong handle on what is required from an engineering, test, and assurance perspective,” said Nick Tebbutt, head of global strategic sales at Horiba Mira. The company has been an active contributor to the development of key automotive cybersecurity standards and regulations, including SAE J3061, ISO/SAE 21434, and the new UNECE regulations. It has a huge range of services designed specifically to help prepare for the impact of UNECE Regulation 155. These include a UNECE Readiness Programme, peer-to-peer training, full engineering consultancy, verification and validation services, operations solutions, and a CSMS audit program to benchmark regulatory preparedness.

Horiba Mira also has many configurable, securely connected 5G Assured connected and autonomous vehicle (CAV) facilities across an 850-acre proving ground. This includes 1.5km of highway, a 300-meter circular tarmac platform, a fully connected multi-storey car park specifically for testing parking features, and a miniature city with a mix of urban junction types and infrastructure. Along with Horiba Mira’s dedicated Vehicle Resilience laboratories, including embedded system, connectivity, innovation and dynamics labs, and over 10 electromagnetic compatibility (EMC) facilities, this vast verification and validation (V&V) ecosystem is being used by the industry to test cybersecurity features in a safe and controlled environment.

Connected vehicles need to be monitored for cybersecurity until end of life under the new regulation, and automotive cybersecurity is still in the early stages of development. Horiba Mira’s work ensures that auto manufacturers can detect, understand, and react to cyberattacks while effectively protecting the value of their brand.

Attacks on factory operations can be devastating for OEMs. One cyberattack on a supplier to Toyota in March 2022 resulted in Toyota shutting down 14 production lines and losing around 13,000 cars of output. Monitoring operational technology (OT) is imperative for suppliers and OEMs alike to ensure supplies are not disrupted, and these systems are often under-protected.  

Rhebo provides Industrial Protector specifically to address this issue. The service monitors communications within the industrial control systems (ICS), providing notifications when anomalous events occur. These events can include security incidents—including novel threats such as zero-day vulnerabilities―and technical malfunctions that may lead to disruptions or decreased system performance. All these details are then made available to the user for forensic analysis.  

Rhebo introduced Industrial Protector to monitor the ICS for the German plant of one of the world’s largest automotive manufacturers. This plant had a production cell with more than 300 devices. The main challenge was maintaining complete transparency of all assets and communications while enhancing cybersecurity and reducing overall risk. Rhebo deployed Industrial Protector into the plant via mirror ports, meaning the network packets on the plant’s entire virtual local area network (VLAN) were copied and sent to another switch port for analysis. The installation and commissioning did not interrupt the production process, and the first actionable notifications were available within a few minutes. Once Industrial Protector was transferred to the phase of continuous network monitoring, the automobile manufacturer gained a clear and detailed identification of potential security threats within the ICS, including:  

• Unknown participants in the ICS with suspicious operations and configurations, some with default IP addresses, exhibiting a pattern of unauthorised maintenance devices.  
• Duplicate IP addresses by unauthorised dynamic host configuration protocol (DHCP) servers. 
• Misuse of the address resolution protocol (ARP) similar to leading indicators of a man-in-the-middle attack. 

The auto manufacturer was then able to systematically assess and validate these threats based on priority. This minimised downtime and provided information on ICS quality to support improving the company’s manufacturing process. 

Cyberattacks on IoT devices and connected vehicles have resulted in stringent regulatory requirements on a national and individual level. OEMs face an urgent need to comply with such requirements without altering their R&D processes, delaying time to market, or raising product production costs. Karamba addresses this issue with the XGuard platform by offering security for the automotive industry throughout a vehicle’s lifetime.  

The XGuard suite provides self-protection against remote code execution and malware deployments. The software allows customers to comply with the new UN R155 guideline and identify and prevent cyberattacks on their devices without changing their R&D or validation processes. It can detect all legitimate binaries, including executable files, and automatically tightens the system based on the results. It delivers in-depth forensics of attack attempts, reducing root cause analysis time. XGuard's patented middleware abstracts the integration layer to the chip and operating system (OS) layers, allowing new OS and chip platforms to be added to the supported environments with minimal effort. Built-in checks can also prevent binaries from being modified or functions from being removed. It requires no developer intervention or upgrades during the software development lifecycle.  

Karamba XGuard is compatible with both off-the-shelf and custom-built environments. It can record and report extensive root cause analysis details to security forensics professionals, allowing code owners to detect vulnerabilities that hackers try to exploit. The platform is designed for embedded devices, and the automatic full-image analysis claims to offer runtime protection with less than 5% CPU cost and a 10% increase in disc image size.