Data Privacy: Why Automakers Should be Proactive About Securing Their Chips
READ MORE: DARPA Funds Hardware Cybersecurity that Turns Circuits into Unsolvable Puzzles
The automotive industry must remain proactive and vigilant as the ongoing inclusion of connective technologies and the implementation of greater cybersecurity standards changes the way road vehicles evolve.
The auto industry is projected to lose $505 billion by 2024 due to cyberattacks, according to Upstream’s 2022 Global Automotive Cybersecurity Report. And as road vehicles continue to incorporate Bluetooth, Wi-Fi, cellular and USB interfaces as part of manufacturers’ pivot toward connectivity, threats are evolving as rapidly as the vehicles.
Statista projects there will be 76.3 million connected cars by 2023, while Fortune Business Insights expects there will be a $191.83 billion market by 2028. Road vehicles today contain as many as 150 electronic control units and about 100 million lines of software code, according to UNECE. Vehicles are expected to have 300 million lines of code by the start of the next decade.
That is a sprawling attack surface in which threat actors can jeopardize the safety and privacy of consumers. And while vulnerabilities in software can be patched, it is more difficult to address those in the hardware, especially on the semiconductor chips on which the software operates.
Given these developments, original equipment manufacturers (OEMs) will soon be required to improve cybersecurity from inception through delivery via new processes and standards. They will need to build upon ISO 26262, a specification that governs the functional safety of electrical and electronic systems, by adopting ISO 21434 (published July 2021) to account for emerging cybersecurity threats.
With the demand for connected cars growing and production returning to pre-pandemic levels, here are three reasons why the security of semiconductor chips manufactured for the automotive industry is paramount.
1. There is No Easy Fix for Semiconductor Chips
Patches were issued and vehicles returned to the road when Mercedes-Benz USA recalled more than 40,000 SUVs in the North American market because a software error caused a front wheel to pull to one side during an automated braking maneuver. That would have been a far more challenging repair if a defect occurred in the vehicle’s hardware.
Unlike mechanical failures, electrical failures require significantly more testing before deployment of any replacement hardware (and associated firmware), as well as confirmation checks after deployment. But similar to mechanical failures (and unlike software failures), the cost is much more significant as it does involve physically replacing one or more components in the automotive system.
READ MORE: Build Resilience to Hardware Vulnerabilities
Secure software and firmware alone do not create tamper-proof road vehicles, nor do any necessary over-the-air updates. OEMs need to know what has been done to secure the chips that are being used and what potential weaknesses exist. Taking a post-deployment reactive approach to hardware security exposes them to significant risk.
A hardware bill of materials (HBOM) tracks and documents components’ security vulnerabilities. It guides supply-chain security so defective or compromised chips are not used, and it creates transparency from development through circulation so manufacturers can make informed decisions before purchasing semiconductor chips.
Robust semiconductor chip security is more pertinent as more advanced electronics are being used in road vehicles. Integrated circuit breaches expose critical data and jeopardize safety, and businesses are impacted until the damage has been assessed and the threat has been resolved. That can be costly for automotive manufacturers when liability and brand reputation are considered.
Chip security has not been seen as a significant concern because most cyberattacks target software. But software can be patched and rebooted once vulnerabilities are identified. As software becomes more secure, hardware is now getting more attention from attackers, especially as this additional hardware tends to have internet connectivity. Semiconductor chips are expected to last more than a decade, and that lifecycle comes with an increased cost given that security must be flexible yet well-built to protect against more sophisticated attacks expected during its lifecycle.
2. Higher, More Uniform Standards are Being Established
There are many benefits to driving a connected car, including navigation systems, self-driving capabilities and features oriented toward comfort and luxury. Yet, as those technologies have been incorporated, vehicles’ safety standards—especially regarding cybersecurity—have been inconsistent, incomprehensive and insufficient.
The publication of ISO 21434 and the near-simultaneous adoption of UNECE UN R155 will require road vehicles’ cybersecurity to be standardized. It will not be long before OEMs and their supply chains must show their hardware and software development processes meet those standards that cover “concept, product development, production, operation, maintenance and decommissioning of electrical and electronic systems in road vehicles, including their components and interfaces.”
Regulators are beginning to ensure OEMs have evaluated the cybersecurity features of new road vehicles and consider them throughout the manufacturing process. That’s being done to prevent enterprises from introducing vehicles to market that affect consumers’ privacy or safety, leading to significant consequences.
OEMs must begin assessing their existing cybersecurity processes and examining how adequately they align with the ISO and/or UNECE standards. They must also consider the incorporation of emerging technologies in connected cars and how each additional component dramatically increases the attack surface area. A gap analysis can determine their preparedness for these new requirements and the implementation of a CSMS should be underway as industry-wide standardization nears. Understanding the threats and attack surface is vital to ensuring potential weaknesses are addressed.
3. Threats to Hardware Continue to Emerge
Dramatic instances of semiconductor chip vulnerabilities have come to light in recent years, including things that seemed inconceivable just a short time ago.
The “Augury” flaw in Apple’s M1 chips, introduced in 2020, and their unpatchable “Pacman” hardware vulnerability demonstrate how difficult it can be to secure modern chips. In the case of phones and tablets, the internal processor cannot simply be replaced once a product has reached consumers. This puts much more emphasis on identifying and designing to mitigate any potential vulnerabilities.
READ MORE: Giving Semiconductor Foundries a Needed Edge
The semiconductor chip threat landscape has rapidly changed since the Rowhammer attack in 2014 and the Meltdown and Spectre vulnerabilities identified in 2018. Semiconductor chip manufacturers must anticipate vulnerabilities by simulating scenarios in which chips can be compromised.
Any chip vulnerability detected by an OEM late in the design cycle will delay the introduction of the road vehicle to consumers. Although not every attack can be anticipated, transparency along the supply chain will offer assurance that weaknesses were probed and eliminated during the manufacturing process.
Remember, attacks on semiconductor chips do not always require physical access to be successful. One emerging security concern with electric vehicles (EVs) centers on connecting them to public charging stations. How do you know that physical link is secure and that vulnerabilities in the EVs are not being exploited while you are away from your vehicle? The evolving nature of hardware attacks will lead to privacy implications and security concerns that can result in physical injury and significant financial damages. As road vehicles continue to incorporate artificial intelligence (AI) and machine learning (ML) systems, the chips they are based on will emerge as an appealing target for attackers.
End-to-end Protection Ensures Long-Term Viability
Vulnerabilities in semiconductor chips are creating a larger attack surface for cybercriminals, especially as road vehicles continue to incorporate increased means of connectivity throughout their development.
OEMs must ensure security from design through manufacturing, throughout the supply chain, and during the lifespan of a semiconductor chip or system. That can be difficult as components are assembled globally by a variety of companies and are expected to be viable for a decade or longer.
The increasing demand for connected cars and the return of their production to pre-pandemic levels underscores the importance of end-to-end cybersecurity throughout the automotive industry and supply chain. The semiconductor chips used in road vehicles must be rigorously tested to ensure they comply with industry standards. OEMs must also be proactive with flexible design and functionality as a reactive approach will expose them to significant risk.
Mitchell Mlinar is vice president of Engineering, Cycuity, based in San Jose, Calif. The company focuses on security verification throughout the lifecycle of hardware product development.