a COMCODE initiative

secure. AUTOMOTIVE. INDUSTRIES


A holistic approach to secure the automotive ecosystem.

Learn more
Current State

Current State


With the increase of interconnectedness, complexity, and automation of vehicles, the risk of cyber-attacks is rising.

Particularly relevant in this context are

  • functions such as connection to cloud services
  • applications
  • wireless updates of vehicle electronics
  • data exchange between vehicles and their environment

Cybersecurity is becoming a core requirement for vehicles and their components and legislators have started to respond to this. Regulations and standards such as UNECE and ISO 21434 are obligating manufacturers, tier 1&2 suppliers, as well as other partners in the eco-system to take digital security into account. At the same time, companies and their internal IT structures and production environments are under immense pressure with regard to cyber-attacks. This means that all market participants are facing several major challenges simultaneously.

Smart & secure solutions and joint efforts are of the essence!

What is secure. AUTOMOTIVE. INDUSTRIES?

What is secure. AUTOMOTIVE. INDUSTRIES?


  • secure.AUTOMOTIVE.INDUSTRIES (SAI) is a thematic platform with the goal of securing the digital automotive future through collaborative and interactive efforts.
  • SAI brings together representatives from different areas within the automotive world to work on challenges and projects.
  • SAI acts together with partners and contributors in various activities such as SAI events, participation in trade shows & conventions (e.g. with bayme vbm at Automatica 2022), and R&D projects.
  • SAI bundles experience, skills, and capacities in joint projects to deliver smart solutions to companies – from medium-sized businesses to large corporations. #AutomotiveCyberSecurity

Summary The Automotive Ecosystem Diagram

Summary


Starting in May of 2022, COM|CODE began following the rapid development of the automotive industry and its security implications. The automotive industry has an intricate network of supply chains, numerous companies operating on a global scale, and myriad components being developed at a flat-out pace. This growth has resulted in the modern connected vehicle and its surrounding ecosystem. As vehicles are developed with advanced capabilities including Wi-Fi hotspots, over-the-air updates, mobile application controls, and mid-tier automated driving systems (for example, assisted parking functionality, and lane change assistance), drivers are more connected than ever before. Along with this explosion of connectivity comes increased security concerns—and having to deal with the fallout of inevitable cyber-attacks. Automotive cybersecurity and automotive digital forensics are more examples of our transition into an increasingly digital world, and with it, the need to protect people from the threats that follow. Billions of people stand to be impacted by advents in vehicle technology, especially with the introduction of internet access to cars and remote management features.

Automotive Cybersecurity UN Regulation No. 155: Map of the immediate scope before global adoption Automotive Cybersecurity Cyberattack timeline relevant to the automotive industry

Automotive Cybersecurity


Back in May 2022, COM|CODE continued researching relevant automotive cybersecurity standards and regulations to determine their impact on relevant parties such as OEMs and suppliers, such as the early scope of UNR-155 (See Figure 2). It quickly became clear that automotive cybersecurity is forever changing the automotive industry, forcing all players to re-evaluate their methods, responsibilities within the supply chain, and outcomes following cyberattacks (See Figure 3). COM|CODE developed a visual of the connected automotive ecosystem (See Figure 1): Mapping out many of the interconnects between vehicle components and exterior assets such as the cloud, mobile phones, charging stations, etc. With this vast body of research, COM|CODE seeks to inform the ever-growing crowd of those who are impacted by the need for automotive cybersecurity.

Automotive Digital Forensics


Automotive digital forensics is still in its infancy—the limited information available to the public makes it difficult for companies and individuals to determine what they can do should they face cyberattacks on their part of the automotive ecosystem. The information currently available suggests that automotive digital forensics is heading in the same direction as automotive cybersecurity, meaning that it will face significant growth in the coming years. With the rate of vehicle and connected vehicle service hacks on the rise, demand for forensic services will also increase dramatically. The breadth of scope in this field is truly awe-inspiring: every company and individual that relies on automobiles either directly (ex. Fleet services) or indirectly (such as shipping dependencies) is impacted by automotive digital forensics—should a database, application, or component be compromised, whether it be via a supply chain attack, direct vehicle compromise, or connected service hack, millions of people are inevitably impacted—and therefore potentially benefit from automotive digital forensics. Currently, automotive digital forensics is especially utilized in criminal investigations, but there are countless other applications throughout the automotive industry, especially in areas of development, production, fleet use, and rentals. Of utmost importance to COM|CODE is understanding exactly who falls under the scope of automotive digital forensics. It’s also important to ask what use cases they might have. For example, how might they be impacted by future regulatory requirements? How would they best respond to a cyberattack? This field is emerging and therefore companies need to be proactive in understanding how automotive digital forensics will affect their business. If people are caught unprepared without knowledge of the developing automotive ecosystem and associated forensic technologies, an unnecessary number of resources may be spent on disaster recovery.

SAI projects & activities

International VDI Conference Cyber Security for Vehicles

28. – 29.6.2023

Presentation at VDI Conference: The Necessary digital Forensic Capabilities for the Automotive Ecosystem.

Learn more

it-sa expo

25th-27th October
in Nuremberg

Hall 7
Booth 302


Learn more

Munich Cyber Security Program – Project #AutomotiveCyberSecurity

R&D projects with the following focus topics:
  • Security regulations
  • Security architecture
  • Vulnerabilities & security Incidents

Stay in contact with us & we’ll keep you updated about our latest activities: