Blog Posts Business Management

Mastering the critical art of cybersecurity in Automotive

Blog: Capgemini CTO Blog

Welcome to a brand-new era of automotive, which promises nothing short of seamless, personalized, and connected mobility. No longer is it acceptable (or profitable) for OEMs and suppliers to focus purely on how their vehicles drive. Instead, those that want to succeed are adopting a broader lens, creating cars with sophisticated software that integrate perfectly into a consumer’s digital ecosystem.

Think infotainment systems: navigation, audio, voice assistants, Bluetooth; personalized comfort, such as automatic cooling and seat adjustment with memory; and, perhaps most importantly, unprecedented driver assistance, accident prevention systems, and autonomic driving systems.

But each new line of code that goes into these software-enabled cars brings with it new vulnerabilities, exposing vehicles and the organizations behind them to malicious cyberattacks. But, while cyberattacks can have serious consequences across all industries, hacking in the automotive realm poses a much more sinister and potentially life-threatening risk.

It becomes a matter of safety, not just security. Take, for example, an attack on driver assistance systems, which control braking, speed regulation, blind spot detection, or even geo-positioning functions. A malfunction here could mean devastating and fatal consequences, not only to those operating the vehicles, but also to those in the surrounding vicinity.

Alarmingly, the automotive sector is underdeveloped in cybersecurity. A recent report from the Capgemini Research Institute highlights how most automotive OEMs face growing compliance and cybersecurity challenges as the industry moves to highly connected and software-driven vehicles and systems:

As OEMs jostle to satisfy customers and establish themselves as frontrunners in the constantly adapting industry, cybersecurity needs to be repositioned to center stage. OEMs must therefore create a strong technology foundation of data privacy, security, and cybersecurity requirements. However, over a third (37%) do not collect any data related to vehicle cybersecurity and out of those who do collect data, 25% do not analyze it to uncover patterns and insights.
Fortunately, there is no need to reinvent the wheel, as there are mature technologies, tools, and critically, lessons, to be gained from other industries and markets.

So what are some of the best practices that can lead automotive OEMs to safe and secure connected success?

Get the organization on board

The new automotive era goes well beyond the vehicle and into the manufacturing and business model of an automotive organization. Ensuring that security underpins all aspects of the product lifecycle and supply chain will be essential. And how do you enable this? With a concrete, well-defined, end-to-end strategy, understood by all stakeholders in the delivery chain and the whole team.

To this end, OEMs will also need to look at ensuring they have the right team members in all areas of the organizations. OEMs are currently staring at a skills gap of 40–60% in key software-defined areas such as software architects, cloud management experts and cybersecurity experts, which means building and retaining will be critical to creating a cyber-secure organization.

Test, secure, repeat

The average modern high-end car software has a staggering 100 million lines of code – a mind-blowing number when you learn that a Boeing 787 only has 13.8 million. So ensuring that security is built-in at every step is no mean feat. Conducting regular risk assessments and surveys on most critical components of a car system will help establish strong security rules and frameworks. Developers can then rely on these strong security practices while their code is produced and tested, avoiding inherent vulnerabilities.

Don’t put all your eggs in one basket

Defense in depth is a core principle of cybersecurity, already applied in several fields such as aeronautics or industrial systems. Protecting important assets using a multilayered security approach will help OEMs reduce the impact of a successful intrusion. Technological diversity will ensure that pain points across the whole product lifecycle – from in-vehicle applications to network architecture and supply chain actors – are kept siloed. An obvious target? Interfaces connected with the external world, including Bluetooth or over-the-air (OTA) applications. Decoupling these from other pain points will negate a security monoculture and avoid attack propagation.

Dedicated to the cause: establishing a global cybersecurity standard

As cybersecurity remains a relatively new topic for the automotive sector, a list of best practices to guide OEMs is underdeveloped and in general, missing. The global automotive industry as a whole will need to collaborate to develop well-established standards to guarantee that processes and implementations are compliant with shifting regulations and to reinforce the overall security of products. Cross-pollinating existing defense measures and technologies will help lead OEMs in the right direction.

The number of connected cars globally is growing by more than 70 million per year. As the majority (80%) of OEMs express plans to invest significantly in connected services in the next five years, cybersecurity is set to evolve into an even more critical and complex issue. OEMs who want to prosper, protect their customers, their teams, and the future of their business need to recognize the potential of becoming not only an automotive company – but a cyber-secure one too.

Want to learn more about the urgent steps OEMs need to take in order to get ahead of cyber threats and achieve this goal? contact our team today.

Follow Geert van der Linden on LinkedIn and Twitter.

Leave a Comment

Get the BPI Web Feed

Using the HTML code below, you can display this Business Process Incubator page content with the current filter and sorting inside your web site for FREE.

Copy/Paste this code in your website html code:

<iframe src="" frameborder="0" scrolling="auto" width="100%" height="700">

Customizing your BPI Web Feed

You can click on the Get the BPI Web Feed link on any of our page to create the best possible feed for your site. Here are a few tips to customize your BPI Web Feed.

Customizing the Content Filter
On any page, you can add filter criteria using the MORE FILTERS interface:

Customizing the Content Filter

Customizing the Content Sorting
Clicking on the sorting options will also change the way your BPI Web Feed will be ordered on your site:

Get the BPI Web Feed

Some integration examples