Digital attackers are increasingly targeting the automotive industry. In its 2020 Automotive Cybersecurity Report, for instance, Upstream found that the number of annual automotive cybersecurity incidents had increased by 605% since 2016, with the number of incidents has doubled in 2019 alone.

More than half (57%) of those security incidents involved cybercriminals who attempted to disrupt businesses, steal property and demand ransoms by targeting keyless entry systems, backend servers and mobile apps. Together, those attacks compromised companies in every stage of the automotive supply chain including original equipment manufacturers (OEMs), fleets, telematics and after-market service providers.

The Changing Automotive Security Landscape

International institutions are taking steps to help automotive organizations to defend themselves against black hat hackers and other digital threats. On June 23, for instance, the United Nations Economic Commission for Europe (UNECE) World Forum for Harmonization of Vehicle Regulations adopted two new regulations designed to help organizations confront the cybersecurity threats confronting connected cars.

Those regulations, which entered into effect in January 2021, provide organizations in the automotive sector with a framework for identifying digital security risks, regularly update risk assessments and respond to digital attacks, along with implementing other processes.

Automotive digital security is also on the minds of individual nation-states. An example of this the Trusted Information Security Assessment Exchange (TISAX). Since 2017, TISAX has acted as an assessment and exchange mechanism through which organizations can submit to audits in compliance with the information security requirements catalogue developed by German automotive group Verband Deutscher Automobilindustire (VDA).

That catalogue, known as the VDA Information Security Assessment (VDA ISA), applies to companies that touch any point of the German automotive supply chain. Its industry-wide enforcement applies to auto manufacturers and OEMs, but it reaches further than that to encompass partners and suppliers, as well.

Even if companies aren’t (Read more...)