In recent years, various attacks have been performed to highlight security concerns about evolving smart cars. In particular, remote hacks took a lot of attention in 2015 when two security researchers hijacked the car’s infotainment system and demonstrated how to manipulate smart car functions. Such attacks elevate the risks associated with the smart car systems and indicate that there have to be diligent measures taken before rolling out these vehicles on the road. That’s because doing so has a direct impact on human lives.

In November 2019, the European Union Agency for Cybersecurity (ENISA) published a report that provides a baseline for comprehensive cybersecurity and privacy challenges related to smart cars, outlining the good cybersecurity practices by determining the challenges, threats, risks and attack scenarios. The objective of this comprehensive study was to identify the main assets and threats subjected to the ecosystem of connected and autonomous cars with actionable practices to address cybersecurity issues. The report also provided European as well as international legislative, standardization and policy initiatives to foster harmonization.

ENISA Asset and Threat Taxonomy

The study provides an asset taxonomy that covers the smart car functions to identify the associated risks and threats. The functions of the smart cars have a direct impact on the safety of passengers. Therefore, the security of smart cars is of prime importance.

However, the range of these technologies, components, and functions covers sensors as well as computational, communication, functional auto parts of the vehicle. This aggregation is exceptionally sophisticated when it comes to interoperability.

By leveraging all these technologies for automation and connectivity, the smart car’s ecosystem opens a new landscape for even more severe cyber threats. The target of these cyberattacks can be any part of the ecosystem from a smart car to the backend remote server. Therefore, it (Read more...)