Cybersecurity is a layered approach, there is no one model that answers all the questions of security.
While automakers have stepped up their game to meet consumer demand for connected vehicles, what is needed is a collective effort between cyber experts, automakers and their suppliers to redesign the supply chain so that compatibility between components and security is thought of from the design stage all the way through to the production stage and then after, while the vehicle is on the road.
Adopting this mindset will allow manufacturers to keep their competitive position while controlling their cost and long development cycles.
After all, they cannot allow themselves to release an unsecured product and given their complex supply chain, mitigating cyber risks closer to start-of-production or at any stage afterward, becomes a complex task of identifying the source of the risk, tracing the specific supplier that is responsible for its introduction and fixing it in time not to hinder the release date.
While it is clear from the introduction of WP 29 regulation and ISO/SAE 21434 standard that regulators are challenging automotive manufacturers to consider the cybersecurity elements of their future vehicles, automakers and suppliers are tasked with finding their own way around this challenge, to make sure they secure the cars of our future.
On our end, we at Cybellum have created the very first automotive Cyber Digital Twins (CDT) platform to combat the rising cyber risk to connected vehicles.
This risk assessment platform allows manufacturers to map and trace any potential cyber vulnerability that lies within the hundreds of thousands of lines of code that run a vehicle, and present the software "fix,", to maintain security throughout its life cycle. CDT captures all the information that is required for the ongoing risk management, and therefore allows for a detailed, accurate cyber analysis of the code that runs the car.