Automotive
Securing the Software Defined Vehicle
Automotive
Securing the Software Defined Vehicle
Connecting Vehicles, Connecting Data
The convergence of the app economy, increased connectivity, the Internet of Things (IoT), growth of in-car screen displays and open enterprise data models is creating huge opportunities for automotive manufacturers and their service partners. APIs expose the application functionality and data that make it possible to accelerate the development of the apps that connect vehicles, mobile devices and online identities. Innovative services include the ability to remotely start or unlock a vehicle, real-time diagnostic information to prevent incidents, connection with insurance companies, to take advantage of “good driver” discounts and Integration with car part suppliers in order to better manage inventory.
Regulating for the Security Challenges
The innovations created by exposing systems via APIs creates its own set of security challenges. The sector is not immune to cyberattacks with many leading manufacturers having been subjected to ransomware attacks in the past few years.
To address these challenges various standard institutions have created a common set of cybersecurity procedures and practices specific to the manufacturing and development of the connected vehicle for all manufacturers to adhere to. The International Standardization Organization (ISO) and the Society of Automotive Engineers (SAE) recently published a “Road vehicles—Cybersecurity Engineering” standard 21434 as a framework for engineering cybersecurity into a vehicle.
In parallel, the United Nations Economic Commission for Europe (UNECE) R155 regulation requires OEMs to prove that their vehicle software and connected ecosystem have gone through rigorous cybersecurity measures during development and after production. Failure to do so means an OEM would not be able to sell their vehicles in UNECE-regulated markets until they remediate cybersecurity gaps.
Enabling the Securely Connected Vehicle
OEMs must now address cybersecurity throughout the vehicle’s life cycle, and not focus only on the development portion of a vehicle’s lifecycle. Vehicle cybersecurity encompasses multiple dimensions including the connected ecosystem, suppliers, and the vehicle lifecycle as vulnerabilities can be introduced from many different parts of the automotive ecosystem. APIs form a core part of this ecosystem and so selecting an API security solution is critical to the industry moves towards more production of software-defined vehicles and autonomous vehicles.
VicOne noted that API-related incidents contribute to 12 percent of automotive cyber attacks in the first half of 2023
VicOne, a Trend Micro subsidiary, that delivers a broad portfolio of cybersecurity software and services for the automotive industry has partnered with 42Crunch to incorporate our API Security platform capabilities into their Vehicle Security Operations Center (VSOC). View Press Release.
This partnership brings together 42Crunch’s proven expertise in API security and VicOne’s automotive cybersecurity to enable a solution engineered for the new, more complex reality for the software defined vehicle.
Blog: Buckle up and protect your ride. The importance of API security for the connected vehicle
Darren Shelcusky
Connected Vehicle Cyber
Security Manager
Ford Motor Company
Isabelle Mauny
Co-founder & Field CTO
42Crunch
Ready to Learn More?
Developer-first solution for delivering API security as code.