Increasing vehicle automation is creating new opportunities for manufacturers and consumers. But it’s also giving rise to new cybersecurity threats. A new BSI publication, Accelerating automotive cybersecurity: Your guide to winning trust at every turn explains how automotive manufacturers can stay ahead of these emerging cybersecurity risks, ensure compliance and build trust across the industry.
By 2030, 95% of new vehicles sold globally will be connected, while the number in service will increase from 192 million in 2023 to 367 million by 2027.
The rapid rise of connected and autonomous driving is unlocking new opportunities for both manufacturers and consumers. Manufacturers are increasingly automating vehicles, for example, by using artificial intelligence and machine learning to steer them safely. Consumers are enjoying greater safety and comfort from enhanced connectivity with their vehicle via mobile apps.
But with this progress come new and increased cybersecurity threats. Connected vehicles are vulnerable to cyber attack throughout their lifecycle – from design to decommissioning. Personally Identifiable Information (PII), payment details, travel history and location data can all potentially be hacked and misused, for example, by denying drivers access to vehicles or their systems.
BSI's new publication, Accelerating automotive cybersecurity: Your guide to winning trust at every turn, explains how the automotive industry can successfully meet this challenge.
Written primarily for suppliers who develop, produce or maintain vehicles' electrical and electronic (E/E) systems, the guide outlines a holistic approach to planning automotive cybersecurity that will help suppliers build confidence and trust with partners and customers. The approach is founded on four inter-connected elements:
- Anticipating sophisticated cyberthreats to the vehicle
- Mitigating supply chain risk
- Demonstrating whole-lifecycle cybersecurity protection
- Staying ahead of automotive regulations and standards.
The guide goes on to describe five essential standards and assessment schemes for building trust and compliance across the automotive industry:
- Information Security Management Systems (ISO/IEC 27001)
- TISAX® assessment
- Vehicle Cybersecurity Requirements (ISO/SAE 21434)
- ENX Vehicle Cybersecurity (VCS) Audit Scheme
- BSI Kitemark™Certification for Secure Digital Applications.
It's worth drawing particular attention to the ENX Vehicle Cybersecurity (VCS) Audit Scheme. New in 2024, it provides standardized Cybersecurity Management System (CSMS) audits, which BSI is approved to offer.
Right now, the automotive industry faces golden opportunities from the rise of connected and autonomous vehicles. But the sector also has work to do. Recent research reveals that over 68% of 'C-suite' decision-makers acknowledge there needs to be more understanding across automotive supply chains of the implications of standards for their businesses.
In the era of connected vehicles, adopting a standards-driven approach to cybersecurity across the whole product lifecycle is crucial to building supply chain trust. As our new guide explains, it’s the cornerstone of a secure and responsible automotive industry that’s ready for the future.
