When you think of cybersecurity, cars may not immediately spring to mind. However, as the CEO of Jaguar Land Rover Ralf Speth said, automotive cybersecurity is one of the biggest challenges in a connected world, and “as fundamental to your safety as the brakes."
Today’s cars are packed with electronic control units, delivering mobility services, infotainment, remote unlocking, constant over-the-air software updates — and there are multiple connectivity ports like Bluetooth and WiFi through which to hack them.
Vehicles are only going to get more complex too, as we move towards autonomous driving and full Internet of Things (IOT) connectivity. A modern car contains about 100 million lines of software code, and is expected to have around 300 million lines of code by 2030. For comparison, a passenger plane has around 15 million.
Just take a look at how carmakers are wheeling out their new lines. For example, China’s Byton has designed its battery-electric M-Byte on the idea of being a smartphone vehicle on wheels.
Moshe Shlisel, co-founder and chief executive of Israeli cybersecurity startup GuardKnox, has likened cybersecurity in today’s cars to that in a 1980s computer.
“Right now, there are millions around the world that are connected and are not secured, you have computers on wheels that are going around carrying people without the relevant safety measures,” Shlisel said.
If someone is able to hack the car’s IP “out of mischief or just for fun” then they can simply take control of the vehicle and stop it or steer it off the road, according to the former Israeli Airforce Special Ops veteran.
Fleets present an even bigger challenge, as they are mostly the same vehicles with the same computer systems, all connected to the operations HQ. “So if I hack one, I hack all of them, and all of a sudden I can take control of the entire fleet,” Shlisel said. “If, for example, a whole DB Schenker, DHL, or FedEx fleet is shut down by a hack, then it is not just a logistics disruption, but a risk to the economy.”
Automotive cyberhacks could even pose a “national infrastructure risk,” he said. If electric-connected vehicles are plugged into the grid to charge and the connection between the car and the charging station is not secured, then a hacker could access the grid and cause all sorts of mayhem.
Despite the rush to catch up with security solutions, vehicle hacks are inevitable, Shlisel believes. “It’s not a question of if, it’s a question of when… for sure it will happen” he said. “I would say that it already did because no-one has any interest in revealing that it has happened, not the car manufacturer, not the hacker, not the person who was hacked.”
Automotive cybersecurity set to explode
Protecting increasingly complex vehicles is a burgeoning market. IHS Markit says that global revenue from the automotive security market was around $16m (£12.3m) in 2017 and is expected to hit $2.3 bn by 2025.
Paul Sanderson a senior specialist in cybersecurity research and consulting at SBD Automotive told Yahoo Finance UK that carmakers need to be able to stay one step ahead of the attackers, at the very least.
“As vehicles continue to increase in autonomous capability and level of connectivity, the risk of hackers causing serious incidents rises too, making robust cybersecurity more important than ever,” Sanderson said.
Security, he said, is something the customer expects, “but not something the customer is willing to pay more for, so the OEMs need to cover that cost.” While the burden and expense of integrating strong cybersecurity into cars falls on the carmakers, they are leaning on their suppliers to develop the solutions.
“It will be the most innovative suppliers, the ones that are able to come up with cost-effective solutions, that will have the most opportunity moving forward,” said Sanderson. “It is why we are seeing so many suppliers now acquiring cybersecurity start-ups, especially in Israel.”
Cybersecurity hotspot Israel
Israel is one of the leaders in this field in this relatively new field. GuardKnox, which closed a $21m Series A funding round in June, is just one of the companies vying for space in this hot branch.
Last month, Tel Aviv-based Upstream Security announced that an investor syndicate including carmakers Hyundai, Renault Venture Capital, and Volvo Venture Capital led its $30m Series B round.
“This... is a testament to the severity of the problem the industry is tackling,” said Upstream CEO Yoav Levy in a statement after the funding announcement. His company has raised a total of $41m so far.
In 2016, supplier Harman acquired Israel’s TowerSec for $70m and Continental bought Tel-Aviv based Argus Cyber Security in 2017, for an undisclosed sum, but reported to be around $400m.
Shlisel attributes Israel’s leadership in vehicle cybersecurity to a deep-seated culture of innovation and creativity, which breeds out-of-the-box thinking. “The country has had its fair share of challenges, yet has always risen above them to produce revolutionary and highly impactful technologies which know no geographical bounds,” he added. “This is a bi-product of having the Israeli Defence Forces rooted in the culture and everyday life where security is at the forefront.”
“With connected cars gaining more popularity, the number of threats that can be applied by hackers is increasing. As a result, the security component is becoming more and more crucial,” said Dealroom innovation analyst Irina Anihimovskaya.
“Besides large corporates, like Harman, Garrett Motion, that have developed solutions for automotive cybersecurity, we can see a growing number of startups operating in this area and many of them are well-funded,” she added. “We expect the investors' interest towards these companies will keep growing.“