Hack-Proof Your Ride: Cybersecurity Standards & Best Practices for Modern Vehicles

Welcome to the "Automotive cybersecurity & AI" Podcast, the show where we dive deep into the world of modern cars. As vehicles become smarter, more connected, and increasingly reliant on software, they also become more vulnerable to cyber threats. From remote hacking risks to vulnerabilities in driver assistance systems, the road ahead is full of challenges that demand attention.

Join me as we explore the latest cybersecurity threats, role of AI and uncover what it takes to keep modern vehicles safe from digital attacks. Whether you're a security professional, a car enthusiast, or just curious about the future of automotive technology, this podcast is your go-to source for insights and discussions on protecting the cars of tomorrow.

Buckle up and stay tuned—because cybersecurity isn’t just for computers anymore. It’s for the cars we drive every day.

We’ve explored the potential threats and hacking risks in previous discussions—but does that mean we’re doomed? Absolutely not! I’m here to shed a positive light on the measures in place to keep our cars secure.

From rules and standards to best practices, there are strong defenses against cyber threats. While no modern car is completely unbreakable, understanding the technology and the regulations that protect us helps minimize risks and keep us safer on the road.

So, let’s dive deeper into this important topic!

From Manufacturer: "First, let’s talk about the measures manufacturers are already taking—and the ones they should be implementing—to enhance vehicle cybersecurity.

securtiy-by-design - security is not a feature to be integrated at a later stage. OEMs must develop vehicles with security in focus from the conception till the production and maintanence phase.

Manufacturers need to make sure things like the braking control, engine, airbags, and highly critical powertrain (HCP) ECUs are properly secured.

When it comes to in-vehicle network communication, it’s important to send data with signatures, use encryption, and have systems in place for intrusion detection and vehicle recovery if something goes wrong.

Now, thinking about the overall E/E architecture, we should be isolating systems that have external access, like the infotainment control unit. It’s also key to restrict access to authorized users when it comes to things like OBD connectors.

For software updates or any changes made to the vehicle, using role-based authorization and SFD (Secure Firmware Distribution) ensures that only the right people can make those changes. Plus, Over-the-Air (OTA) updates need to be secure and encrypted, installed only on authorized devices. It is also vital to verify updates on both the cloud and the target device to keep things tight."

Key Management systems: Keys are generated, distributed and maintained securely by a key management system. Using the keys to encypt the data and for authorisation is important. This prevents an easy access to a bad actor and vulnerabilities.

User data protection

confidentiality and protection against data theft must be ensured. Subham and Sam - Subaru hack involved breaching into starlink admin portal and accessing user information. The cloud services, mobile applications and all the portals where customer information is stored must be protected and privacy rules must be applied.

Testing the vehicle and components:

Rigorous tests for various software and known vulnerabilities. A security team to audit the product and do pen test.

Security updates:

Regular findings and updates of sw. informing the users about the updates. if OTA is not available a plan to plug-in and physical update must be available.