Around 80% of the APAC OEMs (original equipment manufacturers) do not monitor the security of their vehicles, according to a study by Deloitte, a well-known global consultancy organisation. The study, titled “Fasten your digital seatbelt”, was released recently.
The increase in cyber security threats brings in immense opportunity for new-age Indian service providers to get into the space, said Praveen Sasidharan , Partner, Risk Advisory Deloitte India.
Having more players, particularly Indians, will help to eliminate one of the fundamental concerns - limited number of players in the sector, according to Sasidharan.
“There is a huge potential for India-based companies to come in and service the market both from a price and quality perspective,” he said in an interview with Mobility Outlook.
Besides catering to the domestic market, this would also help the Indian OEMs to go global in a big way, he said.
“Vehicles are becoming more connected, software-driven and Indian customers are security and privacy-conscious; Indian OEMs need to look at cyber security as one of the key market drivers and focus on having safe and secure and private vehicles,” he said.
In fact, a consumer survey done by Deloitte in 2022 suggested that a majority of the Indian consumers look at security and privacy as one of the key reasons to choose a vehicle.
Other Key Reasons
Besides the insufficient number of players in the space, limited understanding of the new-age technologies because of their novelty also posed a challenge in ensuring cyber security, he said.
Interestingly enough, the Indian Government is coming up with regulations to mitigate such situations. As the Indian Government is eyeing on introducing AIS 180/190, which is a derivative of UNR 115/156, companies such as Deloitte could help the OEMs to comply with the regulations, he said.
“We have experience of having done UNR 155/156, and we can bring that experience to our Indian OEMs to help them come up the curve quicker and faster,” he added.
The Deloitte partner felt that the introduction of the new regulation would help in bringing clarity and ensure cyber security in vehicles. Also, it would usher in innovation in space.
The Way Forward
The industry was talking about individual vehicles now. In future, there would be a requirement for multiple vehicles to communicate among themselves, he said. With these new standards coming in, the OEMs would get clarity on the framework to be created so that vehicles could communicate seamlessly among themselves regardless of their brand.
UNR155, the report said, would require the OEMs to not only have vehicle cyber security management systems that were protected against specific threats. The study, nevertheless, shows that many OEMs are still brushing up on their skill and knowledge on vehicle security.
It is evident that today’s vehicles are a way different from what they were even a decade back. From being a simple machine with a steering wheel, pedals and a powertrain, it has now become a ‘mobile on wheels’ with all that software content.
The manufacturing plants are, in the meanwhile, evolving with the connectivity tech coming in. “This has led the industry to focus on a three-angle approach which includes the vehicle, the manufacturing plant and the IT sector,” he said.
With vehicles becoming software-driven, the challenges are huge. According to the Deloitte partner, a vehicle running at 40 kmph generates nearly 15 GB of data. “Getting the data, analysing it from a security perspective and then sending the command back to the vehicle or the plant to mitigate cyber-attack in a nanosecond becomes a challenge in this scenario,” he said.
From a manufacturing point of view, the plants are also getting software-driven with industry 4.0 coming in. “No doubt the Industry 4.0 is an enabler. If it is not secure and private, then it is going to create a lot of issues. And a testament to that is the increase in ransomware attacks on plants,” he said.
The primary cause of this is the introduction of unsecure new technologies without proper testing and security. While the plants are adopting new technologies, the older technologies like the machines are also present.
“There are machines, which have been there from the 1980s and which are not connected or probably using very insecure systems or older Operating systems which are no longer protected. Fixing it has become a challenge for organisations which are using them,” he said.
Hence, analysing those machines and protecting them by using hybrid (a mix of old and new technologies) systems was the way forward, he added.
“While digitally mature OEMs have begun to recognise the inter-dependencies between IT - Operations Technology (OT) and Internet of Things (IoT) and are starting to manage security as a company-wide concern, the all-for-one and one-for-all approach is not enough for the current scenario,” the report said.
Every automotive player should look at a department dedicated to cyber security across the enterprise that connected functions and business units among all the subsidiaries, he added.