Automated & Connected

Report reveals cybersecurity challenges faced by automated and connected vehicle industry

A new report highlights critical cybersecurity challenges and deficiencies affecting many organizations in the automotive industry. Securing the Modern Vehicle: A Study of Automotive Industry Cybersecurity Practices, was released last week by Synopsys and SAE International.

This report is based on a survey of global automotive manufacturers and suppliers conducted by Ponemon Institute, and shed light on how auto organizations do not feel they are quite up to the task of securing the modern automated and connected vehicle.

According to the report, 84-percent of automotive professionals have concerns that their organizational cybersecurity practices are not keeping pace with evolving technologies. In fact, the survey pointed out that 30-percent of organizations do not have an established cybersecurity program or team, and 63-percent test less than half of the automotive technology they develop because of perceived security vulnerabilities.

“SAE, in partnership with Synopsys, is pleased to present the findings of this study, as it provides real-world data to validate the concerns of cybersecurity professionals across the industry and highlights a path forward,” said Jack Pokrzywa, SAE International Director of Ground Vehicle Standards. “SAE members have sought to address cybersecurity challenges in the automotive systems development lifecycle for the last decade and worked together to publish SAE J3061™, the world’s first automotive cybersecurity standard. Armed with the findings of the study, SAE stands ready to convene the industry and lead development of targeted security controls, technical training, standards, and best practices to improve the security, and thus the safety, of modern vehicles.”

Other key findings from the report highlight several areas where organizations struggle with cybersecurity:

  • Lack of cybersecurity skills and resources - More than half of respondents say their organization doesn’t allocate enough budget and human capital to cybersecurity, while 62 percent say they don’t possess the necessary cybersecurity skills in product development.
  • Proactive cybersecurity testing is not a priority - Less than half of organizations test their products for security vulnerabilities. Meanwhile, 71 percent believe that pressure to meet product deadlines is the primary factor leading to security vulnerabilities.
  • Developers need cybersecurity training - Only 33-percent of respondents reported that their organizations educate developers on secure coding methods. Additionally, 60 percent say a lack of understanding or training on secure coding practices is a primary factor that leads to vulnerabilities.
  • Cybersecurity risk throughout the supply chain - Seventy-three percent of respondents expressed concern about the cybersecurity of automotive technologies supplied by third parties. Meanwhile, only 44-percent say their organization imposes cybersecurity requirements for products provided by upstream suppliers.

You might be interested in:

Learn more

Matt De Reno is SAE MOBILUS web portal manager at SAE International. His interests include automated and connected vehicles, micromobility, smart cities, and automotive cybersecurity.