Driving Competitiveness, Cutting Costs & Ensuring Vehicle Security

According to a 2024 Gartner study, there is a 600% increase in vehicle cyber threats over the last four years. The exponential increase in the number of software-defined vehicles (SDVs) hitting the road further exacerbates this problem from a diagnostic and mitigation perspective. With most OEMs currently relying heavily on cloud-based detection and uploading vast amounts of data to the vehicle security operations centre (VSOC), transmission costs have escalated to around US$2.1 million per month, creating a significant financial strain. Moreover, as vehicles integrate complex software, effective troubleshooting becomes harder and more expensive for an industry that has traditionally been hardware-focused.

Therefore, SDV manufacturers started adopting novel technologies, processes, and business models to curb costs, while ensuring vehicle safety and security.

Edge AI: Many OEMs are utilising edge AI to reduce dependency on expensive cloud solutions. The technology essentially equips vehicles with the intelligence to autonomously learn, detect threats, and, if necessary, defend themselves. Each vehicle’s architecture is integrated with the foundational capabilities of an entry-level VSOC, allowing it to detect threats directly at the edge using advanced computing resources like central processing units (CPUs), neural processing units (NPUs), or graphics processing units (GPUs). By minimising dependency on the cloud, edge AI reduces costs and ensures that data remains secure onboard. The reduction in data transmission also results in lower VSOC operational costs and integration and maintenance costs.

Cyber Security Standards: Automotive industry standards such as the ISO 21434, UNECE R155/R156, etc., and related principles such as Secure Software Development Life Cycle (SSDLC) and Security-by-Design play a key role in enabling a more secure and cost-effective smart mobility ecosystem. These standards were developed to ensure that OEMs and suppliers incorporate cyber security protocols and solutions at every step of the product lifecycle, from the concept phase to retirement. This ensures that potential vulnerabilities are detected and mitigated during the early stages, reducing the risk of costly recalls. Importantly, investing in measures such as the ISO 21434 helps OEMs realise significant cost savings by preventing data breaches, system failures, regulatory fines, and potential litigationCyber Security Management Systems (CSMS): Under a recent regulation by the United Nations (UN), SDV OEMs are required to implement cyber security management systems (CSMS) to “guarantee vehicle safety and data protection through rigorous cybersecurity measures.” One such solution is cyber security platforms such as the one offered by Israeli DevSecOps platform provider C2A Security to companies such as Daimler Trucks, BMW, Marelli, NTT Data, Siemens, and Valeo. These platforms automate cyber security features and implement efficient processes such as OTA updates, thereby facilitating cost-effective and efficient compliance with regulations.

Zero-Trust Model: Zero-trust is a new cyber security model that replaces the traditional one by recommending continuous verification of users, devices, and applications, whatever their position or origin. OEMs are fast recognising the benefits of adopting this model to reduce the attack surface and prevent lateral movement cyber without relying on implicit trust. Adopting the zero-trust principle in Intelligent Transportation Systems (ITS), especially SDVs, presents an effective solution in the face of increasing threats. From a cost perspective, the model facilitates efficient network cost management in the form of high detection rates, low false positive rates, and reduced network costs in simulation results.

Security By Design with DevSecOps: OEMs are fast recognising the benefits of integrating security measures early in the development process through the Development, Security, and Operations (DevSecOps) approach. This is because vulnerabilities detected during development are much easier to fix than those detected after the delivery of the vehicle. DevSecOps platforms speed up development and testing by adopting the shift-left and security-by-design concepts, that results in reduced time between updates, and reduced costs.