With increasing autonomy and electrification, more
cybersecurity measures are needed – creating a $1b software
supplier sector.
Connected and autonomous vehicles have repeatedly proven
vulnerable to cyberattacks by “white hat” and more malevolent
infiltrators - making it essential to equip cars with more robust
and effective cybersecurity solutions. OEMs, suppliers, and
software companies are moving quickly to address the challenges
involved in securing vehicles that are ever-more connected to the
Internet of Things. As a result, the automotive cybersecurity
market is booming.
Whether it is via vehicle diagnostics, ADAS systems, V2V
connectivity, over-the-air software updates, wi-fi, and cellular,
or telematics and infotainment systems, there are numerous portals
for hackers to gain unwanted access to a vehicle – whether just for
fun, or for more malicious reasons like stalking, personal data
acquisition, or vehicle takeover.
The rise of electric vehicles (EVs) introduces new
vulnerabilities, particularly their connectivity to EV charging
stations and entry into the power grid. This aspect highlights the
need for hacking countermeasures, not just for the vehicles
themselves, but also for the infrastructure and systems.
In S&P Global Mobility’s latest Cybersecurity Survey,
automotive suppliers indicated secure communications and updates as
their main priority to protect their vehicles and customers, as
well as to comply with impending regulations associated with OTA
software update systems.
Conversely, OEMs are focusing on software protection and open
architecture that is more efficient and cost-effective for
developing and deploying cybersecurity technologies to meet new
security requirements.
“The threat of cyberattacks on a single vehicle or a fleet of
vehicles is indeed real, either by individuals or groups,” said
Manuel Tagliavini, principal research analyst at S&P Global
Mobility. “Software companies will be challenged to keep the
vehicle parc secure from external bad actors, that have nowadays
more opportunities to access the vehicle.”
Client software volumes are projected to achieve a compound
annual growth rate (CAGR) of 36% from 2021 to 2028. With more
electric vehicles on the roads, the revenue growth of electrical
control units (ECU) cybersecurity client solutions looks to grow by
an astonishing 72.9% CAGR over the same period. As a result,
overall cybersecurity software revenues are likely to exceed US$1
billion by the end of the period.
This growth is also driven by compliance factors. Worldwide
regulations such as the WP29 and China’s Personal Information
Protection Law are making cybersecurity a mandatory requirement for
new-vehicle platforms. These have led to a surge in cybersecurity
spending from both automakers and suppliers.
Moving from distributed to centralized electronic architectures
has led to shorter development cycles for new vehicles – creating a
need for the ongoing protection of vehicles due to regulations on
maintenance periods. This creates chances for automakers and
suppliers to potentially use a subscription-based cybersecurity
plan that covers the life of the car. Initially, most cybersecurity
updates will be for parts inside the car, transitioning in 2030 to
include a more advanced connection with the cloud.
Automotive OEMs are realizing the importance of adopting a
comprehensive approach to automotive cybersecurity – both in their
in-house software design and development processes and across the
entire supply chain. Instead of relying on traditional intrusion
detection and prevention systems (IDPS), it’s key for companies to
develop intrusion detection and response systems (IDRS) that can
counter cyber threats in real-time – including the ability to
analyse and process data both within the vehicle and in the
cloud.
Currently, there are limitations to being able to perform those
onboard functions. Due to the limited processing capabilities of
most automotive ECUs, only some of the data collected is analysed
in the car before being sent to the cloud for further processing.
This is where security operation centres and AI machine learning
can help detect anomalous behaviour that indicates a cybersecurity
threat. With the development of AI-based sensor fusion solutions
and data fusion across vehicles and cloud devices in the future,
there is potential to aggregate data from multiple cars to analyse
big data for potential threats.
Automotive product cycles moving at a glacial pace compared to
rapidly changing software and hacking technologies. Collaboration
between automakers, technology providers, and security experts will
be essential for fostering innovation and developing effective
cybersecurity solutions.
This article was published by S&P Global Mobility and not by S&P Global Ratings, which is a separately managed division of S&P Global.
