New study highlights cybersecurity risks in automotive industry – Technologist

A survey of global automotive manufacturers and suppliers highlighted the critical cybersecurity risk in the automotive industry, with 84 percent of professionals surveyed saying their organizations’ cybersecurity practices are not keeping pace with evolving technologies.

The survey, conducted by Ponemon Institute for software firm Synopsys and SAE International, a global association of engineers and related technical experts in the aerospace, automotive and commercial-vehicle industries,   also found that 30 percent of organizations do not have an established cybersecurity program or team.

More than half of respondents say their organization doesn’t allocate enough budget and human capital to cybersecurity, while 62 percent say they don’t possess the necessary cybersecurity skills in product development.

Proactive cybersecurity testing is also not a priority. Less than half of organizations test their products for security vulnerabilities. Meanwhile, 71 percent believe that pressure to meet product deadlines is the primary factor leading to security vulnerabilities.  

Only 33 percent of respondents reported that their organizations educate developers on secure coding methods. Additionally, 60 percent say a lack of understanding or training on secure coding practices is a primary factor that leads to vulnerabilities.

Seventy-three percent of respondents expressed concern about the cybersecurity of automotive technologies supplied by third parties. Meanwhile, only 44 percent say their organization imposes cybersecurity requirements for products provided by upstream suppliers.

The report, “Securing the Modern Vehicle: A Study of Automotive Industry Cybersecurity Practices,” provides a more comprehensive view of the cybersecurity practices in the industry.

Jack Pokrzywa, SAE International director of Ground Vehicle Standards, said that SAE members have sought to address cybersecurity challenges in the automotive systems development lifecycle for the last decade and worked together to publish SAE J3061, the world’s first automotive cybersecurity standard.

“Armed with the findings of the study, SAE stands ready to convene the industry and lead the development of targeted security controls, technical training, standards, and best practices to improve the security, and thus the safety, of modern vehicles,” he added.

Ponemon surveyed 593 professionals from global automotive manufacturers, suppliers and service providers. All respondents are involved in assessing or contributing to the security of automotive technologies, including infotainment systems, telematics, steering systems, cameras, SoC-based components, driverless and autonomous vehicles, and RF technologies such as wi-fi and Bluetooth, among others.