With October being cybersecurity awareness month, global provider of IT security solutions, Utimaco, announced the sponsorship of Hansen Motorsport AB’s World RX Team.
The sponsorship aims to increase awareness and draw attention to the field of automotive cybersecurity, which the company believes deserves more attention.
Alongside this, the company has recently carried out a study titled ‘Circles of Trust: How the UK Public Perceives Digital Risk’, with results showing that while members of the public across European countries are enthusiastic about digital features within their vehicles, they are also worried about the security of the features.
We spoke to Ansgar Steden, Chief Revenue Officer for Utimaco, to find out more about the ongoing issue of cybersecurity within the automotive industry, as well as what he thinks the future holds.
Just Auto (JA): Could you provide some background on the company for our readers?
Ansgar Steden (AS): Utimaco has been at the forefront of cybersecurity for a lot longer than most people would assume. We began in Aachen, Germany nearly 40 years ago – at first building Hardware Security Modules (HSMs), which are still the core of enterprise-level security operations, and now developing cloud-based and post-quantum security.
We have over 500 employees across the world, many of them experts in fields like computer science and cryptography. Our security solutions are in place in hundreds of countries and are used by major banks, governments, and companies that people interact with every day.
How did the partnership with Hansen Motorsport AB come about?
Hansen Motorsport AB is an innovator in its field. Their talented people are always pushing the boundaries and developing new technologies, so it felt a natural fit that the two companies’ combine as, like ourselves, they have an eye to the future of their field.
Further, Utimaco is placing a strategic focus on cybersecurity in the automotive space. Today, every new car sold has at least some kind of wireless connectivity. Therefore, without high-grade digital security this could be an extremely dangerous situation, but we’re making it possible for drivers to know that they are safe when driving.
How will this partnership draw attention to the increasing risks in cybersecurity?
Our solutions are used around the world by thousands of major organisations, but there is still room for more companies to be taking cybersecurity seriously, particularly when it comes to looming threats like quantum computing.
Automotive cybersecurity, in particular, has been almost completely neglected by the mainstream press, and while ordinary people are getting more used to incorporating security practices into their everyday lives, there is little to no information out there about how these issues affect your vehicle.
Your company recent published ‘Circles of Trust: How the UK Public Perceives Digital Risk’; what did the data show?
There were interesting responses to almost every question, but what really stood out was what we called the central paradox of digital life: in general, people are very enthusiastic about the possibilities of digital technology in every part of their lives, but they are also extremely worried about their safety. Imagine somebody telling you that they love their car but that they think that they’re very likely to crash it.
However, we have also found that actual cases of harm from cybercrime were quite rare. This means that organisations need to do more to communicate what they are doing to keep people safe and educate the public about the realities of cybersecurity. In almost every case damage is done not through the Hollywood-inspired idea of a ‘hacker’ breaking though digital security, which is often impossible, but through emails, fake websites and phone calls that take personal information from members of the public.
What are some of the most prominent cyber threats the automotive industry faces?
One of the interesting aspects of automotive cybersecurity is that the most damaging attacks, namely vehicle takeovers, are still extremely rare. We are relatively lucky that the motivation for the vast majority of cyberattacks is purely monetary instead of causing harm.
There are two key forms of cyberattack in the automotive space. The first is key copying. Because many vehicles use digital keys or even app-based systems for opening the vehicle’s doors and turning on the engine, it is possible to copy the data on the keys and use it to gain entry to vehicles, in order to steal them.
The second is installing spyware in vehicles in a similar way to how it is used on standard computers, and with a similar goal, to vacuum up as much information as possible to be sold. Potentially, if this spyware was sufficiently sophisticated then it could be used to harvest payment information that is stored in a vehicle to pay for toll roads.
What more could/should be done by the industry to address the threat and concerns of cybersecurity?
Firstly, more investment into cybersecurity in general, particularly in training. Security should be a part of every computer science degree, and governments should be doing more to encourage the development of cybersecurity training.
Companies need to be able to support cybersecurity professionals and train them internally – it’s a role where you can’t stop learning for even a day because new threats appear so fast.
This goes for any company, even a small one, but it should be a particular concern for automotive companies, whether they are car manufacturers or OEMs. Cars tend to have a lifespan of around fifteen years, which means that their digital systems need to be able to adapt to future threats as well as those that exist today. The systems that run the digital connectivity within vehicles therefore need to be able to be updated to the newest security standards as they develop.
What do you think the future holds for this issue?
Vehicles are only going to be more connected in the future. We’re already seeing vehicle manufacturers move beyond the ‘connected car’ model in which each vehicle is a closed system that links to the vehicle manufacturer for firmware updates.
What is possible is that vehicles will connect to each other and to the spaces they move through (cities, highways etc.), in order to share information to make travel easier. For example, sensors on a road network could see that a traffic jam is forming and update the navigation (or even self-driving systems) in vehicles to route around it, preventing the jam from even starting.
All this connectivity could create perfect conditions for cybersecurity risks if the components that enable this connectivity aren’t secured and kept secure. This is why we work and will continue to work with automotive companies.