This year, I completed several courses related to Generative AI security and recently attended the Vehicle Cybersecurity (VCS) course, generously organized by DNV for auditors.
VCS focuses on cybersecurity for vehicles, including autonomous ones. It is fascinating to observe the development of standards and legislation in this field, along with audit world pioneers working at the forefront of AI technology, creating both software and hardware for autonomous vehicles expected to be on our roads only within the next decade. The industrial manufacturing sector is traditionally conservative and slow to change, meaning the developments underway today will likely only be fully implemented after extensive testing in the next 5-10 years.
What is the most pressing cybersecurity threat for vehicles and their owners right now? Surprisingly, it’s not even related to AI.
Many of you are likely familiar with annual basic information security training at work, where the importance of regular software updates is highlighted as highly important. Failing to update software for a few years exposes computers to numerous known security threats.
Now, consider that your car is like a computer that hasn’t been updated in 10-15 years. Such a car may potentially have access to all your network data, phone details, and passwords and can be easily hacked. Cars of this type would now be about a decade old, so the issue is only beginning to emerge.
As I mentioned, the industrial sector is slow-moving and heavily regulated. This situation involves not only manufacturers but also a large operations and maintenance (O&M) market that often doesn’t follow manufacturers’ standards and guidelines. Currently, the only solution involves requesting that all vendors and suppliers undergo cybersecurity audits and certification. However, most players in the O&M market are not required to comply with these standards.
One possible solution is to extend the responsibility of car manufacturers, requiring them to invest in updating software (huge investment with no return!) for older vehicles and releasing these updates free of charge for all car owners and the O&M market. This is far from to be a wise economical decision for those companies and very unlikely they will do that.
Do you have other ideas? Please share your thoughts in the comments in the LinkedIn on how this significant future issue could be better addressed.