+353-1-416-8900REST OF WORLD
+44-20-3973-8888REST OF WORLD
1-917-300-0470EAST COAST U.S
1-800-526-8630U.S. (TOLL FREE)


Cybersecurity in the Connected Car: Technology, Industry, and Future

  • ID: 4117870
  • Report
  • March 2017
  • Region: Global
  • 63 pages
  • Autelligence
1 of 4


  • Aerolink
  • Arxan
  • Miller
  • NXP
  • Symantec
  • MORE

Technology trends, solutions and standards and future in automotive cybersecurity, with expert interviews, exclusive case studies, and latest developments

Advanced connectivity, electronics and software are hallmarks of modern vehicles. A typical connected car contains up to 70 ECUs, and about 100 million lines of code. As vehicles expand in terms of technological complexity, they become an attractive target for cyber-criminals.

Security demonstrations such as the famous Miller and Valasek Jeep Cherokee example have provided enough evidence that connected cars should be viewed as a potential attack target. But how does an industry built around making and selling cars pivot to delivering secure software and services?

“Cybersecurity in the connected car: technology, industry, and future” examines the security implications of increasing connectivity and software complexity in connected & autonomous vehicles. It discusses the following elements of automotive cybersecurity:

  • Attack surfaces in connected and autonomous vehicles
  • Core vulnerabilities
  • Regulations and policies (US, EU, China, Japan)
  • Existing market solutions (OTA updates, IDPS, firewalls etc.)
  • Emerging solutions (ECU Consolidation, app sandboxing, autonomous security)
  • Security by design

Key questions addressed

The report addresses the following strategic questions, the answers to which will determine future of vehicle cybersecurity in the near foreseeable future:

  • What does the automotive cybersecurity landscape look like today?
  • What makes vehicles vulnerable?
  • What’s in it for the hackers?
  • What are the worst-case scenarios?
  • Where should automakers invest to cyber-proof connected vehicles?
  • Can the CAN bus be secured?
  • What is the relationship between security and privacy?
  • Is legislation the answer to raise the bar of security standards in modern vehicles?
  • What standards are being developed around vehicle cybersecurity?
  • Can security by design ever be a commercial reality?
  • What are the available market solutions and who are the key players?

Who is the report for?

  • Automotive OEMs and suppliers
  • Cybersecurity solutions providers (IoT, automotive, mobile)
  • Regulatory bodies
  • Mobile Network Operators (MNOs)
  • Independent Software Vendors (ISVs)
  • System integrators and application developers
  • Consortiums & alliances built around connected vehicles


  • Primary research and analysis: Original interviews and surveys of automotive executives, conference presentations at events throughout 2016, academic or commercially available literature
  • Secondary research: researching and synthesizing of company data, technology initiatives, strategic analysis of leading companies in the sector

What the industry is saying

“Carmakers have to be right every time while hackers only need to be right once, so making a hack-proof vehicle that is still affordable is next to impossible. But they can make a car that is difficult enough to hack with such low payback that most hackers will look for easier targets.” - Gene Carter, director of product management, Security Innovation

“Investing in cybersecurity should not be assessed based on an ROI equation. Vehicular safety systems are intrinsically dependent upon cybersecurity technologies. Those companies that overlook or delay implementation of cybersecurity measures will not be allowed to do business within the transportation industry of the future.” - David M Uze, Chief Executive Officer, Trillium Inc.

Note: Product cover images may vary from those shown
2 of 4


  • Aerolink
  • Arxan
  • Miller
  • NXP
  • Symantec
  • MORE

Chapter 1: Introduction

Chapter 2: The problem

2.1 Research experiments and demonstrations
2.2 Early industry and media responses
2.3 Consumer concerns
2.4 Hackers’ motivation
2.4.1 Vehicle and property theft
2.4.2 Information and identity theft
2.4.3 Remotely taking control of a vehicle

Chapter 3: Connected car technology and its vulnerability

3.1 ECU proliferation
3.2 CAN and other bus systems
3.3 Code proliferation
3.4 Specific cyberattack surfaces
3.4.1 The on-board diagnostic (OBD-II) port
3.4.2 Infotainment head units
3.4.3 Bluetooth
3.4.4 USB/CD player/paired devices
3.4.5 In-car Wi-Fi hotspots
3.4.6 In-vehicle apps
3.4.7 Remote keyless entry systems
3.4.8 Tyre pressure monitoring systems (TPMS)
3.4.9 Dedicated short-range communication (DSRC) receivers
3.4.10 Electric vehicle charging port
3.4.11 Cyber-physical systems
3.5 Autonomous vehicles
3.6 Over-the-air (OTA) software updates
3.7 Supply chain security

Chapter 4: Industry responses

4.1 Justifying cybersecurity investments
4.2 Establishing cybersecurity departments
4.3 Collaboration with third-party security providers
4.3.1 Case study: Uber ‘bug bounty’ program
4.4 Software updating

Chapter 5: Legislation and standards

5.1 Government initiatives
5.1.1 The US NHTSA’s Vehicle Cybersecurity Research Program
5.1.2 The 2015 US SPY Car Act
5.1.3 The European Commission
5.1.4 Japan
5.1.5 China
5.2 Industry initiatives
5.2.1 SAE vehicle engineering and cybersecurity guidelines
5.2.2 Auto-ISAC

Chapter 6: Future directions

6.1 Security by design
6.2 Vehicle cybersecurity in layers
6.3 ECU consolidation
6.4 Increased specificity in requests for proposals from suppliers
6.5 Lessons from other industry sectors
6.6 Suggestions for the automotive industry

Appendix 1: High-quality automotive cybersecurity products and services

1 Harman 5+1 Cybersecurity Framework
2 Symantec Anomaly Detection for Automotive
3 NCC-SBD ‘V’ model: Automotive Secure Development Lifecycle (ASDL)
4 Argus Multi-layered Security Protocol
5 Security Innovation Aerolink
6 I AM THE CAVALRY Five Star Cybersecurity Ratings
7 Trillium SecureCAR
8 Karamba Autonomous Security
9 Rambus CryptoManager
10 Arxan Application Security

Table of figures

Figure 1: Miller and Valasek remotely hacking the Jeep Cherokee
Figure 2: KPMG 2016 Consumer Loss Barometer Study
Figure 3: Consumer safety concerns while driving
Figure 4: A mystery device ‘relay’ attack
Figure 5: The main ECUs in a modern vehicle
Figure 6: Reduced wiring connections enabled by CAN bus
Figure 7: Reverse engineering the CAN bus
Figure 8: Trillium’s SecureCAR cybersecurity components
Figure 9: Software complexity in modern vehicles
Figure 10: Remote attack surfaces on a connected vehicle
Figure 11: The Zubie in-car device connected to the OBD-II port
Figure 12: Apple Lightning digital connector for media devices
Figure 13: Nissan Leaf Smartphone app for remote vehicle access
Figure 14: Samy Kamkar’s Rolljam device
Figure 15: TPMS sensors
Figure 16: A V2X ECU connected to ADAS ECUs
Figure 17: Sensor constellation on an autonomous vehicle prototype
Figure 18: Participants at a June 2014 Bosch ‘hackathon’ in Berlin
Figure 19: Automotive industry software recalls during 2015
Figure 20: Data privacy principles: US GAO and EC
Figure 21: US NHTSA budget request for vehicle safety and security research, FY 2016/17
Figure 22: NXP 4+1 cybersecurity framework
Figure 23: The Auto-ISAC task framework
Figure 24: US NHTSA information sensitivity levels
Figure 25: Automotive cybersecurity investment components
Figure 26: The security maturity curve
Figure 27: Security by domain separation
Figure 28: ECU consolidation via software integration
Figure 29: A favourable ecosystem for Tier-1 suppliers
Figure 30: Harman 5+1 Cybersecurity Framework
Figure 31: NCC-SBD Automotive Secure Development Lifecycle
Figure 32: Karamba Autonomous Security
Figure 33: Components of Arxan’s Application Security

Table of tables

Table 1: Vehicle cyberattack types, motivations and attackers
Table 2: Common in-vehicle networking protocols
Table 3: Analysis of cyberattack surfaces
Table 4: Uber ‘bug bounty treasure map’
Table 5: Auto-ISAC cybersecurity best practices overview
Table 6: Cybersecurity investment analysis
Table 7: A layered approach for securing connected vehicles

Note: Product cover images may vary from those shown
3 of 4


4 of 4
  • Aerolink
  • Apple
  • Argus
  • Arxan
  • Bosch
  • Harman
  • KPMG
  • Karamba
  • Miller
  • NCC-SBD Automotive
  • NXP
  • Nissan
  • Rambus
  • Samy Kamkar
  • Symantec
  • Trillium
  • Uber
  • Valasek
  • Zubie
Note: Product cover images may vary from those shown