Addressing increased Cybersecurity Risks in new vehicles
FEV has created a new so-called SPORT (Strategy, Processes, Organization, Resources, and Technology) framework to enable suppliers and OEMs to act quickly, stay ahead of hackers, and prevent cybersecurity threats.
FEV’s SPORT framework provides a holistic approach to cybersecurity preparation. FEV says its strategy part takes the OEM’s or supplier’s corporate vision, mission and culture into account. Aligning the cybersecurity strategy with the corporate strategy and describes its impact on the current and future product portfolio and the customer base.
The Process step incorporates development processes, e.g. the Security Development Life Cycle and knowledge management and audit and training processes, supported by a dedicated change management workstream.
The organization deals with the cybersecurity teams' structure and develops a reporting structure with clear roles and responsibilities. Simultaneously, the Resources part defines the necessary team size and takes care of the talent acquisition and outsourcing strategies.
The Technology step incorporates
• A highly secured hardware and software strategy
• Technical measures (constructive and analytical)
• Available tools and infrastructure
The development of the automotive industry and the increasing incorporation of information technology into vehicles have made FEV’s SPORT framework a valuable service for automakers: In 2010, a premium car had up to 100 million software code lines. Today it is close to 150 million lines. By 2030, the number of lines is expected to be >300 million. This increase in software content presents significantly more entry points for cyberattacks.
In recent years, the importance of cybersecurity has already made its way onto large players' financial statements in the automotive and technology industries. High-profile attacks have directly resulted in a drop in stock prices, as well as a hit to business performance and reputation. As one example, a remote attack in 2015 resulted in a recall of nearly 1.5 million vehicles. This led to estimated costs of $600 million and an estimated $4 billion loss in market cap for this OEM.
With increasing vehicle complexity, these events can likely become even more common. More consumer information will be saved and accessible through the vehicle, raising the stakes for future attacks.
“Cybersecurity will continue to play an increasingly important role for global automakers in the coming years as vehicles become more connected and automated,” said Mayank Agochiya, managing director of FEV Consulting, Inc.