By Niels Haverkorn, senior vice president for Connected Automotive at Irdeto
As we stand on the cusp of a revolution in the automotive industry, the stakes for data security have never been higher.
A Global Automotive Cybersecurity Report by Upstream revealed a staggering increase of over 50% in cyberattacks as disclosed by the media between 2018 and 2023.
What seems even more unsettling is that, during 2023 alone, a significant 95% of such incidents were conducted remotely, requiring absolutely no physical connection to the vehicle.
A considerable portion of this worrisome trend can be traced back to the inherent complexity of managing the massive scale and density within vehicles, one of the most critical hurdles in the automotive industry.
Modern cars, akin to complex networks on wheels, are equipped with over 100 million lines of code and numerous connectivity features, such as Bluetooth, USB, GPS, Wi-Fi, and in-car networks, creating an extensive and diverse attack surface for cybersecurity threats.
For reference, this number is forecasted to surge up to 300 million lines of code already by 2030, while a passenger plane only has around 15 million.
However, managing the security risks only within in-vehicle systems is not enough. With these weapons on wheels roaming in cities and being plugged into the EV charging infrastructure, the security challenge stretches well into the broader network – namely, the whole electricity grid.
Here, interoperability—the collaboration and communication between diverse devices and applications—is paramount.
However, subject to the absence of cohesive international standards and regulations, its current state creates a rather fragmented ecosystem with a robust attack vector and no room for comprehensive end-to-end security - a landscape opposite to the one we should be thriving towards.
Power play in EV charging networks and business data
Among the myriad of emerging challenges - such as maintaining software architectures and mitigating cybersecurity threats - it is the management of networking complexities that stands as a glaring concern.
This domain, arguably one of the most complex within the ecosystem, has garnered increasing attention over recent years, particularly regarding privacy.
To give you a glimpse, in 2023 alone, data and privacy breaches accounted for a dramatic 22% of all automotive-related cyber incidents, proudly marking itself as the second most common type of cyberattack, according to Upstream’s 2024 Global Automotive Cybersecurity Report.
While the conversation tends to normally center around consumer data protection, protection, there is an aspect just as critical that nonetheless remains largely in the shadows - the safeguarding of business data.
Consider Roaming Hubs: these platforms aim to simplify the management of multiple roaming agreements by connecting multiple Charge Point Operators (CPOs) and e-Mobility Service Providers (eMSPs) through a central platform.
Acting as an intermediate trust figure, a roaming hub inadvertently becomes a repository of sensitive business data through every transaction between CPOs and eMSPs.
This information, including everything from comparative reliability metrics of charging points to pricing trends and service usage patterns, is invaluable for operational insights but also poses a significant risk if not adequately protected.
The absence of industry-wide standards for repository data use, which is currently the case, enables the creation of service provider rankings that can sway customer preferences and alter competitive dynamics.
For instance, data analysis by a roaming hub may show Charging Network A as more reliable than Network B, swaying customers towards A and disadvantaging B. This preference could occur despite B’s extensive network, which naturally presents more challenges.
If A had early access to this data, they could also leverage it for targeted marketing, undermining B’s market share and possibly fostering a monopoly, which could diminish competition and drive-up prices for consumers.
Navigating the future
The data paints a clear picture: vehicles have transitioned from standalone entities to integral parts of a complex digital network, and the inflicted shift demands cybersecurity solutions that are as advanced and adaptable as the threats they aim to counter.
Yet, the establishment of a governance model for managing EV infrastructure data and contracts is still pending, leaving us with more questions than answers.
What is clear, however, is that it may be time for businesses to recognize that not all revenue models should revolve around data monetization, and perhaps even explicitly choose not to resort to it.
While data is an undeniably valuable asset, companies must consider diverse revenue streams and value propositions, such as offering enhanced services, improving customer experience, or contributing to sustainability goals, which can be particularly relevant in the context of EV infrastructure.
Login to comment
Comments
No comments have been made yet.