There is a clear growing demand for increased cybersecurity in the automotive industry. The United Nations Economic Commission for Europe (UNECE) responded by issuing a new regulation (UN Regulation No. 155) for vehicle Cyber Security Management System.
What is Thales new certification mean for the industry?
This ultimately covers risk and security assessment, threat detection, and vulnerability monitoring over the entire vehicle lifecycle. As a result, the industry is implementing a mandated cybersecurity standard (ISO/SAE 21434) that applies not only to global car manufacturers, but also to all vehicle cybersecurity suppliers like Thales. Being compliant in this highly regulated environment reinforces Thales’ leadership in automotive cybersecurity.
The ISO certification ensures Thales offers solutions with the highest level of security for car makers, integrators, and by extension users, and this starting from the vehicle development. It outlines the many procedures that should be followed to secure road vehicle cybersecurity.
As a consequence, this ISO certification demonstrates that the complete process of developing Thales cyber solutions has been evaluated and certified. Identifying the vehicle’s cybersecurity needs, designing and implementing cybersecurity measures, and continuously monitoring and updating the cybersecurity system are all part of the proven expertise.
Thales’ ‘security-by-design‘ approach is applied to all of its onboard solutions designed, built, and implemented in cars. This comprises embedded secure elements, credentials management and storage, authentication systems, firmware update etc. It establishes strict vulnerability monitoring and risk assessment for a secure future-proof maintenance.
What does the new certification mean for Thales?
Also, this ISO certification reinforces the trust that Thales provides in the data management throughout the connected vehicle’s lifecycle. This is crucial because car makers must provide remote application and embedded device upgrading, patching, and improvement in connected vehicles. This data protection capability protects vehicles from cyberattacks while also increasing customer trust in the +300 million connected cars expected by 2027.
“Automotive connectivity and digitization provide end-customers with numerous service opportunities. But to benefit from the services, drivers and passengers must trust the safety, security and privacy of their vehicle,” said Christine Caviglioli, VP Automotive at Thales.
“We consider the impact of ISO certification as highly positive for the market. Obtaining this certification makes us feel even more proud in a climate where cyber has become vital and indisputable. At Thales, we are all set to continue supporting our customers in the face of this new security challenge by providing certified ‘ready to use’ solutions,” Caviglioli further said.
What is the wider industry context of this product news?
The automotive industry is becoming increasingly connected, with vehicles now containing a vast amount of software and data. This connectivity has opened up new opportunities for hackers, who are now able to target vehicles in a variety of ways.
Here are some of the top automotive cybersecurity threats in 2023:
- Infotainment system attacks: Infotainment systems are the most common target for hackers, as they are often poorly secured and contain a wealth of personal data, such as music playlists, contact information, and even financial data. Hackers can use this data to steal identities, commit fraud, or even blackmail victims.
- Brute force network attacks: Hackers can use brute force attacks to try to guess passwords or other security credentials. This is a particularly effective attack vector for connected vehicles, as they often have weak passwords and security measures in place.
- Phishing attacks: Phishing attacks are another common way for hackers to gain access to vehicles. In a phishing attack, hackers send emails or text messages that appear to be from a legitimate source, such as a car dealership or a manufacturer. The emails or text messages often contain links that, when clicked, install malware on the victim’s computer or mobile device. Once the malware is installed, it can be used to steal data, control the vehicle, or even disable it.
- Compromised aftermarket devices: Aftermarket devices, such as GPS tracking devices or diagnostic tools, can also be used to hack into vehicles. These devices are often not properly secured, and they can be used by hackers to track vehicles, disable features, or even take control of the vehicle.
- Ransomware: Ransomware is a type of malware that encrypts a victim’s data and demands a ransom payment in order to decrypt it. Ransomware attacks are becoming increasingly common in the automotive industry, as hackers can use them to extort money from vehicle owners or dealerships.
These are just a few of the top automotive cybersecurity threats in 2023. As vehicles become more connected and complex, the risk of cyberattacks will only increase. It is important for vehicle owners and dealerships to be aware of these threats and to take steps to protect their vehicles from attack.
Here are some tips for protecting your vehicle from cyberattacks:
- Keep your software up to date. Software updates often include security patches that can help to protect your vehicle from known vulnerabilities.
- Use strong passwords and security measures. Avoid using the same password for multiple accounts, and make sure to change your passwords regularly.
- Be careful about what links you click on. If you receive an email or text message from an unknown sender, do not click on any links in the message. Instead, contact the sender directly to verify the authenticity of the message.
- Do not install aftermarket devices unless you are sure they are from a reputable source.
- Back up your data regularly. This way, if your vehicle is hacked and your data is encrypted, you will not lose everything.
By following these tips, you can help to protect your vehicle from cyberattacks.
Gerald Ainomugisha is a business news reporter and freelance B2B marketer with over 10 years of experience in writing high-converting copy and content for businesses of all kinds, especially SaaS providers in the niches of HR, IT, fintech, eCommerce and web3. Since joining Upwork in 2012 (back when it was still eLance), Gerald A. has delivered great results for hundreds of clients, maintaining a 98% Job Success rate as well as 5+ years of Top Rated Plus rating (and Premium Writers Talent Cloud membership). Book a meeting with Gerald A. today to get the powerful SEO content you need!
