The last thing the planet needs is another disaster. What would the threat landscape look like if automotive manufacturers’ electric vehicles (EVs) could be hacked?
This is a question that has arised for some, but, from what we’ve seen, isn’t as common in the media. Nevertheless, EVs are predominantly powered and operated by technology, and technology can be hacked.
Cybersecurity presents enough of a risk to be noticed by the US federal government as they examine the impacts and determine their roles in cybersecurity among EVs. The organisation recognises this as a critical talking point in the US is to adopt anywhere near the number of EVs it intends.
The European Union also has a stake in this after agreeing to ban the sale of all petrol and diesel cars as of 2035 and is planning to adopt around 30 million zero-emission vehicles (ZEVs) five years earlier.
Despite questions though, it turns out that cybersecurity is a talking point for the management consulting firm, Deloitte.
Deloitte reports on EV cyber risks
Connectivity is not just an attribute of EVs. More and more automotive manufacturers have been implementing new technologies and adapting to incorporate connected devices, starting with satellite navigation and ranging to full mobile phone integration. The scope of innovation with EVs is yet to be explored in its entirety and cybersecurity is one of the aspects that organisations must consider.
Before looking at the risks, it’s important to know the benefits of cyber-enabled mobility, which Deloitte highlights in its Connecting Canada report:
- Safety - The ability of technology to predict road circumstances and monitor the threats to the driver and their passengers is crucial in allowing the World Health Organisation to reduce the impact of a recorded 1.3 million road accidents annually.
- Sustainability - The big conversation that occurs with any EV discussion is around mobility. 68% of the world’s population will be living in urban areas by 2050 and electric mobility (e-mobility) is key to ensuring reliable transportation with zero congestion.
- Labour shortage - The lack of skilled labour in the Canadian Trucking industry is a problem of its overall supply chain network—an issue that also plagues other countries. 24/7 trucking could be enabled by automation, allowing supply chains to operate more flexibly without concerns of driver health, and disruptions will be overcome more easily.
- Data-driven insights - Technology provides a less hands-on approach to vehicle maintenance and analysis. Tracking vehicles will involve more than just GPS, companies will be able to assess driving conditions, the performance of vehicles in real-time, and potential road disruptions.
The caveat to electrification is cyber risk
Human error is one of the concerns of driving these days, and with more cars on the road, the threats are still high despite the leverage of innovation that is put into creating safer cars.
Addressing these safety issues with technology comes at its own level of risk, cyber threat. EVs (and other vehicles) have become IoT devices and are embedded in the digital ecosystem. With this connectivity in place, the cyber attack surface is increased as distance is no limiting factor for a hacker.
Of the attacks reported, around 15.5% of them required physical access to the target vehicle, while the remaining 84.5% were remote. Deloitte has also seen the number of threats increasing and 50% of the automotive cyber incidents took place in the last two years.
The types of risks include targeted malware attacks, key spoofing (the ability to wirelessly ‘steal’ a key), GPS tracking, remote control of vehicles, and even control over acceleration and braking.
Recognising that the threats are real, Deloitte provides insight into the responsibilities of certain authorities within supply chains, including governing bodies, suppliers and OEMs, cloud providers, telecommunications companies, and business consumers.