A Tech Lyceum episode

Securing the Future: Navigating the Complex Landscape of Automotive Cybersecurity

Guest Speaker:
Sumit Mehrish
Senior IT Executive
Vipin Jamwal
Global Head, Cybersecurity Services
Transcripts

Hello, and welcome to Tech lyceum. My name is Neerja, and this is your guide through the Business and Technology frontier, if I may say so exploring everything from cutting edge innovations to some of the trends to look towards and especially with the new year, this being the first podcast of 2024, we're going to be talking about securing the future, navigating the complex landscape of automotive cybersecurity. Now to break this down for us we have two experts, starting with Sumit Mehrish. Now Sumit has been on a remarkable 26-year journey excelling in both customer and service provider domains. He currently leads the new business initiation team with a manufacturing business unit at Birlasoft. And his expertise lies in outsourcing solutions, playing a crucial role as Rainmaker. His leadership extends to driving digital transformations specializing in digital technologies, ERP CRM, data analytics and cloud infrastructure cybersecurity solutions.
Hi, Sumit. Thank you for being here. And welcome to the show.

 
Follow Us On
Spotify
Google
Social
Apple Podcast
birlasoft_podcast
0
16:08
 
Securing the Future: Navigating the Complex Landscape of Automotive Cybersecurity
Speaker – Sumit - 01:18
Hi, Neerja, thank you for having me.
Speaker – Neerja - 01:20
We also have Vipin Jamwal who is a true veteran in the field. Now Vipin has a proven track record starting with the Indian Army and having navigated diverse roles and industries. Currently, Vipin is the Global Head for cyber security services at Birlasoft and brings a wealth of experience to the table. Welcome Vipin and thanks for joining us.
Speaker – Vipin - 01:42
Thank you so much Neerja. Excited to be here.
Speaker – Neerja - 01:45
Absolutely. We're very excited to be speaking to you gentlemen. So let me invite you first, Vipin to set the context a bit. Tell us
Q: How has the threat landscape in the automotive sector evolved in recent years? And what types of cyber threats are particularly relevant to the automotive industry?
Speaker – Vipin - 02:04
Thanks for that interesting question Neerja. When I look back technology in cars has come a long way. From a completely manual mechanical machine to an autonomous connected vehicle. The journey has been phenomenal technology in Fusion FEC in cars has also led to an increased attack surface. With the rise of connected autonomous vehicles as we call it C AV. The cars are now more exposed than ever to external networks, making them vulnerable to a range of cyber threats. The vehicles also started communicating more with external infrastructure, like traffic signals, speed governors, other vehicles, car owners and even pedestrians. Because of this, the attack surface broadens this vehicle to everything communication, as they call it, can be a target for interception or manipulation. Man the middle is a common example of an attack. Modern vehicles also rely heavily on software and the vulnerabilities they're in and be exploited by cyber attackers, leading to safety risks and these bikers. Also, vehicles collect a vast amount of data. This data can be a target for cyber criminals looking to exploit personal information or breach privacy of users and the car drivers like another important factor is the supply chain vulnerabilities which are there in the system nature and automakers stores up to 90% of the parts from third parties right? Following a high cybersecurity standards for all suppliers is extremely important. Like we all know, at the end of the day, a chain is as strong as its weakest link. electric vehicle charging infrastructure is another area right? So when we connect our vehicles to a charging infrastructure, it is it stays connected for a long time. And that provides an extended window to the adversity to strike and it's not only charging that is happening there are electric vehicle charging infrastructure, which also take care of your updates over the air updates or through your vehicle connectivity, that is that is inbuilt or through your Sims which are available. This leads to you know, an opportunity for the adversity. You asked about specific types of cyber threats, which are there right So, some examples I'd like to share remote hacking and key jacking up few examples. Ransom and malware attacks, while they are less relevant to the users more relevant to the automaker's but yes, these are prevalent attacks. GPS spoofing. This can disrupt navigation systems leading to safety risks. Data breaches unauthorized access to sensitive data can have privacy as well as financial implications for the automakers. Denial of Service attacks is very common and you know this can even disrupt vital communication systems and online services provided by manufacturers. automotive companies are responding to these threats danger by investing in multiple cybersecurity measures which we shall discuss further in this podcast.
Speaker – Neerja –04:57
It's also necessary to understand why automotive cybersecurity is needed and valued.
You've just laid that out for us a little bit. Sumit,could you take us through this further?
Q: What does automotive cybersecurity entail and why is it crucial in today's connected vehicles
Speaker – Sumit –05:14
True Neerja. Thank you for your question. I'm excited to talk about cybersecurity in automotive world and its critical importance. So in a rapidly evolving landscape of automotive technology, the concept of automotive cybersecurity has become of paramount importance. Automotive cybersecurity encompass a broad range of measures and technologies, which are designed to safeguard connected vehicles and their onboard systems from any kind of digital threat, thus ensuring a secure and safe transportation ecosystem. Now it can range from stringent regulatory compliance to building secure architectures. Effective automotive cybersecurity extends to credential lifecycle management and continuous monitoring of security operations and control. In today's interconnected world, cybersecurity infiltrates every aspect of life, including our professional endeavors and personal activities. Connected vehicles have evolved into a software defined asset. So it's mostly software which is running the car. And these parts are now featuring Driver Assistance technologies, emergency braking systems, and advanced communication mechanism. The OEMs are dedicating a significant portion of their R&D budget to fortify aspects around cybersecurity. Just for an example, Neerja, the market size of this industry of cybersecurity is going to grow from $2.8 billion to $6 billion industry in 2027. Signifying the importance of this area, or for the auto OEMs. Key areas of focus and research will be in the field of secure and rapid firmware updates, and addressing the critical need for timely and secure software enhancements. Now, the urgency of you know having this robust cybersecurity measures arises from several factors, some of which my colleague Vipin talked about. One of them is network and semi autonomous cars, which are now truly wonderful. They were never these cars in the past. If you look four years back, these cars are not connected. So well. existing standards for cybersecurity engineering in a connected vehicle are not comprehensive. So this is such a new field. The cybersecurity laws itself are redefining every almost six months to eight months, there are safety concerns from passengers, as connected vehicles have become autonomous, right. So there are safety concerns around how the autonomous car moves around with the environment around it. A lot of personal data gets exchanged in today's connected vehicle, including your preferences, and protecting this from data theft and trampling is critical. But you know, for making sure that the consumer trust the vehicle, and apart from the consumer trust the financial implications in case there is data theft and piracy. These are some of the critical things Neerja I think why cybersecurity is paramount for connected vehicles and ecosystem. I hope I answered your question.
Speaker – Neerja - 08:21
Absolutely. I mean, there's clearly a lot of time and effort going into ensuring automotive safety. And that brings me back to you Vipin
Q: How are automakers utilizing ethical hacking and penetration testing to identify and address vehicle vulnerabilities? Can you also perhaps share some examples of successful Ethical Hacking initiatives in the automotive sector?
Speaker – Vipin -08:44
Sure, Neerja. There have been many examples. In fact, ethical hacking and penetration testing has been extensively used in the IT environment and the OT environment for long in automotive industry too with increase in attack surface and external connectivity, automakers are using this methodology to stay ahead in the game and ensure that they catch and fix the vulnerabilities before the adversaries find and exploit it. There are specialists pen testers who simulate cyber attacks under control conditions to identify vulnerabilities in software, communication systems and even physical hardware of the cards. bug bounty programs leverage global cybersecurity communities to identify potential threats and other way of doing it as automakers partner with cybersecurity firms specializing in automotive security. Now, these firms conduct thorough assessments and tests to find weaknesses in the system and to lay down a roadmap for improvement. Most of the large manufacturers in fact, I would say all of the large manufacturers have dedicated in house cybersecurity teams that conduct regular penetration testing, continuous monitoring of vehicle systems. What is important here is regularity in your testing, and the shorter the cycle of testing. The better is your identify And then the remediation thereafter, shift left and security testing is also very important and that is ensured by instituting security into the development process dev SEC ops as we call it. Talking about examples, there are multiple examples available in public domain of successful Ethical Hacking initiative by automakers. Tesla's Hackathon is well known for its proactive approach to cybersecurity. And then General Motors vulnerability disclosure program, as they call it for research is another example. Here at Chrysler is initiated a bug bounty program to encourage the discovery and reporting of vulnerabilities, Audi and Volkswagen groups, they collaborate with security researchers to ensure high standards of security. Similarly, BMW partnered with a security researcher lab called Tencent keen security, which resulted in identification and rectification of vulnerabilities enhancing their overall security posture, Tata technologies partnering with Acadamia a closer to home example in this domain. So these initiatives demonstrate that automotive industry is recognition of the importance of ethical hacking in ensuring the safety and security of modern vehicles is very, very, very, very high. And they are using this technique of ethical hacking and penetration testing to ensure that you know, they have a strong security posture overall, whether their vehicles are concerned or their OT environments or their IT environments.
Speaker – Neerja -11:25
Well, thanks for taking us through that Vipin. One last thing to address in this conversation and Sumit this one's for you. Privacy and Security have never been more important, right. So with the rise of connected vehicles, how do manufacturers ensure the security of communication networks within and outside the vehicle and what steps are being taken to prevent unauthorized access to incar systems
Speaker – Sumit - 11:50
to neuter developing and deploying smart and safe transportation systems hinges on the security of communication networks both within and outside connected vehicles. Manufacturers are implementing various strategies and technologies. So if you look back two years, some of the things were at very nascent stage, but now far more well developed, and they're doing it on a regular basis. So first and foremost is encryption for fast and secure data exchange between the connected vehicle and the OEM and other networks. So if you're driving in your car, and you have a phone connected, and you're talking to somebody or you're getting a update on your car from the OEM, this has to happen fast and in a secure manner, because it carries sensitive information such as location and your user preference, and factors are also working on intrusion detection and prevention systems. In real time, these systems swiftly identify and block any suspicious activities, thereby enhancing the overall security posture of the connected vehicle. The other thing is implementing secure boot process and firmware verification. These measures act as a barrier against installation of malicious software and enhancing the cybersecurity resilience of your connected vehicle. Obviously, even now in computers, so definitely in connected vehicles, multifactor authentication, strengthening of access control mechanisms and using things like biometric verification, they all contribute to a robust authentication process. So this helps safeguard against unauthorized access and ensure that only authorized individuals can interact with vehicle systems over the air updates. The OEMs have made a very good progress, but they continue to work because they want the time to send the secure over the air update very quickly. It should be authentic, untampered, and free from any malicious alterations to this is now pretty good signs which the OEMs have worked out, obviously, they keep working on it, to make sure that it's fast and swift, regular audits and penetration testing that explains for itself. I mean, you know, the OEMs like weapons said they are now running Ethical Hacking tricks to make sure that running audits or doing penetration testing on a fairly regular interval to make sure that their security measures they have deployed are effective. And last but not the least. I think it's the cybersecurity training and awareness. Educating stakeholders, including manufacturers, users and maintenance personnel is crucial. Because the folks who are wanting to get into these kinds of systems are on the lookout for any vulnerability. The moment they find it, they will make it so the training the staff who deal with these vehicles, whether it's in service mode or in built mode, is going to be critically important. I think you know, using AI ML for threat prediction is also a very good new science developing new just so these are some of the things which the OEMs are doing on a regular basis now to make sure that the security of communication networks within and outside the vehicle are well taken care of.
Speaker – Neerja - 15:17
That's interesting. You know, like we mentioned at the start automotive cybersecurity is a complex matrix of information and innovation. But Vipin Sumit, you've certainly made it much easier for us to understand so as we wrap this up, do you have any parting thoughts you'd like to leave us with Vipin let me start with you.
Speaker – Vipin - 15:37
Sure Neerja. You know, it's important to ensure that approach towards security is proactive, and continuous.
This is tech Lyceum, a podcast from Birlasoft.
Speaker – Neerja – 15:51
Well, thank you all for joining us on another episode of Tech Lyceum, lots of takeaways today and we'll be back with more next time until then, it's me you just signing off.
You were listening to tech Lyceum podcast from Birlasoft