"The Industry should learn from the Software Sector" - Challenges for Automotive Cyber Security

Add bookmark

Automotive IQ had the opportunity to interview Dr. Siraj Ahmed Shaikh, Reader in Cyber Security from Coventry University, who was the chairman at this years' cyber security conference, on the current challenges within the industry.

Mr. Shaikh, where do you see the main challenges these days for automotive cybersecurity? 

The problem of automotive cybersecurity is multifaceted. It’s a technical problem but also a policy problem. It has to do with how drivers, passenger or users relate to the product itself. It’s also about trying to reflect on how best we are set up as a supply chain to address those problems. 

The one thing to say is that my overall context from the opening was innovation. The ultimate aim for any event such as IQPC’S Automotive Cybersecurity is that we know that things are changing – new problems, new everything. And to respond to these changes we will have to change policy and  behavior technology. And change is about innovation. So how do we innovate? How do we get even better at doing something? 

During the conference you pointed out that the issue of cybersecurity needs to be addressed from four different directions: product evolution, supply chain, customers and policy regulation. So, where do we start? 

It’s difficult to say, because we’re still in the early days. From what we’ve seen here, and from discussions, we know that this is something that almost all of the industry players will be affected by in some form or another. A lot of them are beginning to take a very sincere interest. Some are doing something and we don’t even know – I don’t think we will ever know. The question is, how do we all work together to make it easier? So how do we resolve the threat or put in the process that manages the threat more easily, more quickly and with better results? 

From the discussions you had so far, what do you think are the areas where participants were lacking the most knowledge?

We had Marc Stanley, founder of the Stanley Law Group from Texas. He talked about what they do in the US about legislation and the way they’re challenging the automotive industry. It’s probably the most direct, not aggressive, but challenging punch that you see. I think the legal issues are very important and people will take at deep interest there, because there are so many different users and stakeholders.

[inlinead]

We know that OEMs and suppliers put a price on every product and every service. So implementing cybersecurity safeguards into products, be it software or hardware, is most certainly something to be discussed. Did the costs come up in the discussion?

We probably need more economists in the room, to draw parallels from other sectors, because today, we may not have a full economic cost implication. We had discussions though about the cost to the company and the supply chain. 

But let’s step back a little and think about the overall cycle costs, the overall policy-related and regulation-related elements, and eventually, the costs to you and me? From a customer perspective, many people might enjoy all the latest fancy connected car features but only few are willing to pay more for enhanced protection or a security patch. And what about the costs in terms of higher insurances or higher taxation? Those consumer issues apart from the legal side of things need to be discussed. 

What kind discussions would you like to see amongst OEMs and researchers moving forward in cybersecurity?

It’s almost always a question of technology, fundamentally. Although the solutions are there we still need to think about bigger challenges, about vehicle architectures, about testing etc. The technology problem has only just started.

Finally, the automotive industry should learn from the software sector. They are way ahead, because they’ve had to deal with security issues for a long time. It is simply not feasible for carmakers to take patching and updating frameworks and applying them to cars.  This event has convinced me that we have a consensus, but it is not simply a matter of buy there and sell here. We need fresh thinking to move forward. 

Thank you

RECOMMENDED