Cybersecurity requirement for connected vehicles

Cyber attacks on connected vehicles present a real threat to the safety of road users, both for their physical safety and data and privacy. Much like passive safely, as a “hidden” quality of the motor, cybersecurity is only perceived by the user after an event.

In order to protect users, solutions are needed to test and analyse potential threats and to perform a risk analysis to define countermeasures. Applus+ IDIADA has developed a methodology and tool to deploy an assessment service that is capable of evaluating the cybersecurity of a vehicle similar to other consumer testing protocols (Euro New Car Assessment Programme (Euro NCAP)). This tool evaluates it and has the capacity to do this in an optimal and automated manner.

The system developed by Applus+ IDIADA makes it possible to assess the extent to which a vehicle is cybersecure, allowing original equipment manufacturers (OEMs) and TIERs to identify solutions and avoid potential market recalls. The system responds to the growing need in the automobile sector for a comprehensive solution that facilitates the development of cybersecure connected cars. As well as meeting current needs, it is flexible enough to expand to encompass future new attack vectors, fulfilling the requirements of (new) standards and certification programmes. Although cybersecurity issues do not always affect the physical safety of users, they may affect the automobile’s privacy and/or functionality. Critical vulnerabilities were found in some of the targeted vehicle systems but not in others. This implies that these vehicles were not tested for those areas but, had they been tested, these vulnerabilities could have been detected and corrected.

The cybersecurity evaluation tool created by Applus+ IDIADA combines various hardware tools, together with software that enables automated operation. The tool analyses connectivity vectors in the automobile that may affect the functionality, safety or privacy of it and/or the user in the event of a cyber attack. The solution also includes a web service that contains the algorithms, stores tests and their results, and launches the software. At the end of a test, the system can generate automatic reports for further documentation.

To date, the industry has responded to this complex issue through development and validation methodologies based on the evaluation of risk, with an associated significant impact on the implementation of both hardware and software. However, in recent years, media reports on hacking in general and in cars in particular, have raised awareness among wider society, focusing attention on cybersecurity in the automobile sector.

Any effective solution must ensure a level of cybersecurity and data privacy in vehicles in order to assess whether they are properly protected against attacks by third parties. Applus+ IDIADA has shown innovation with a new methodology paired with a tool that allows the level of cybersecurity of a connected car to be evaluated against a wide range of attacks and intrusions. This generates a reliable “certificate of guarantee” with the vehicle’s performance.

Applus+ IDIADA will continue to provide support to the development and design of cybersecurity measures in the automobile environment, as well as collaborating in the development of new ISO standards and regulations for it.

The threats to automobile cybersecurity are real and could see users unprotected against malicious third parties if vehicle systems are not validated and evaluated appropriately. The objective of the Applus+ IDIADA service is to provide quality assurance on cars, thus helping drivers and road users to feel safe and protected.