It’s been several months since we surveyed top automotive executives and insiders on the major legal issues facing the industry for our 2023 Automotive Trends Report.
As the automotive world continues to evolve and navigate a shifting legal landscape, we look at some of the major themes driving it forward… and the ones that might be in the rearview mirror.
With automotive cybersecurity progressing at lightspeed, Dante Stella, Kimberly Holmes, and Cinthia Motley predict what’s next.
As the software that connects us to our vehicles becomes more complex, so does the software that connects others to them. Eighty percent of respondents to our 2023 Automotive Trends Report viewed “ransomware and extortion tactics” as the greatest cybersecurity threat to the automotive industry—and that number may be on the rise. In the past few months alone, we can point to examples of cyberattacks hitting nearly every corner of the industry: Consumer data has been breached at manufacturers, ride-hailing applications, and even digital license plate providers. Hackers also used supply-chain attacks to target the customers of software companies by inserting malware at the point of software distribution. Practices like these underscore the urgency for more robust cybersecurity measures and proactive strategies to protect the privacy and safety of vehicle owners.
Obsolete hardware usage
Software-defined vehicles (SDVs)—in which most of a vehicle’s functionality is controlled, managed, and updated through software rather than relying on hardware components—are the new paradigm in the automotive industry. As traditional hardware becomes more standardized and the technical knowledge gap continues to shrink, the market for SDVs is expected to balloon from $36 billion in 2022 to $150 billion by 2030. But despite advantages like over-the-air updates or enhanced real-time diagnostics and patching, SDVs bring forth a rising tide of cybersecurity challenges for OEMs because they have more functionality in common with standalone PCs than they do the microcontrollers of old. When a vehicle is controlled by a commercially available CPU, it inherits the vulnerabilities of a commodity processor plus the operating system (like Linux) that runs on it plus any additional layers of software (such as OEM or third party applications). Hence, although specific obsolete hardware seems like less of a problem, newer hardware creates newer hazards, including economies of scale and larger hacker bases.