The era of the Connected Car is here but the next big step of autonomous driving requires multiple layers of security against malicious cyber-attacks and enhanced data privacy, which are largely absent from carmakers’ offerings. However, in the wake of the recent car hacking events (Jeep hack, BMW, GM and Tesla), regulatory action has started to move faster in the US, with other advanced car markets expected to follow.
Recent hacking events will accelerate mandatory fitment of cyber security solutions in advanced car markets
With the SPY Act proposing rule-making within 18 months and final regulations within 3 years of the act’s enactment, there is high probability that fitment of cyber security solutions in new vehicles in the US will become mandatory before 2020.
We expect that regulatory action in Europe and Japan will follow, but after some clear requirements have been established in the US. The ENISA has already agreed with BMW to work on Connected Cars, whereas in Japan the IAC Ministry is working on car cybersecurity guidelines. As fitment of cyber security solutions becomes mandatory, demand for both software and hardware-based solutions will be strong over the next decade and new business models for connected devices will emerge.
Timeline of key cybersecurity regulatory events in 2015
Feb 2015 | The SPY Act was introduced to the US Senate by US Senators Edward Markey (D-Mass) and Richard Blumenthal (D-Conn)
Jul 2015 | The Alliance of Automobile Manufacturers’ Auto-ISAC will begin operations in S2-2015
Sep 2015 | The Japanese Internal Affairs & Communications Ministry works on car-hacking guidelines
Oct 2015 | The US Senate passes the (S.754) Cybersecurity Information Sharing Act
Oct 2015 | The European agency ENISA will start working on car data cybersecurity in 2016
Nov 2015 | Rep. Ted Lieu, D-Calif., introduced the Security and Privacy in Your Car Study Act
Nov 2015 | Toyota, Tesla and GM testified before the House Committee on Oversight and Government Reform on the “Internet of Cars”
Dec 2015 | SAE International announced its guidelines (J3061) on Cybersecurity
Cyber security product integration in early adopters’ vehicles to come as early as 2016
Responding to recent car hackings, several OEMs, such as Tesla Motors and Daimler, have assigned third parties to conduct threat-penetration and vulnerability analysis in their vehicles. Demand for penetration testing & vulnerability assessments is peaking momentum according to our interviews with executives from Automotive Cyber Security solution suppliers. We expect that by the end of 2016, most of the currently ongoing or announced penetration tests will have finished, similarly to product evaluation for most OEMs. Therefore, talks about product integration will begin for their next-generation vehicles.
Enhanced supply of software, hardware-based solutions and services-frameworks
More cybersecurity solutions are now available to carmakers as new companies have entered the marketplace in the past 5 years. Most companies are head-quartered in developed car markets, such as the US, Germany and the UK, and in Israel; one of the leading hubs for cyber security globally. Moreover, some of the solutions offered by Cyber Security companies are cutting-edge. There are frameworks that could assist OEMs mitigate cyber security threats, as well as a number of software and hardware solutions that OEMs could embed (or integrate) into their offerings.
Automotive Cyber Security needs to be proactive to dis-incentivise attacks in the in-vehicle network by organised crime
With Connected Car penetration rising fast but car cybersecurity still relatively weak, cars are susceptible to cyber-threats from organised crime. Additionally, the proliferation of personal data stored and transmitted in the car increases organised crime’s incentive to attack vehicles. Therefore, ‘’proactive’’ cyber-attack protection substitutes ‘’keep them out’’ as the leading strategy. This trend will benefit suppliers of detection and prevention cyber security solutions.
What does that mean for growth in the Automotive Cyber Security market?
We assess that in the wake of the recent car hacks by cyber security researchers and US Senator Markey’s report on the vulnerability of modern vehicles to malicious attacks, Automotive Cyber Security will unfold as the key topic in OEMs and suppliers’ agenda for the immediate future. We also expect that the competitive landscape will alter significantly from its current status through M&A and the formation on new partnerships.
The key challenges here are how quickly the level of security and privacy in Connected Cars will rise to sufficient levels to avoid having vulnerable vehicles. Furthermore, how the cost of embedding cyber security solutions to new vehicles will affect OEMs, consumers and other key automotive stakeholders.
For more information read our new report: