BrandPost: How to Defend Your Automotive Business Against Next-Gen Cyberattacks

Cars are more connected than ever before. With things like onboard music streaming and GPS maps beamed to vehicles via the internet of things (IoT), they’re computers on wheels becoming ever more digitized. Traditional automotive manufacturers are transforming their business models to reflect this, with technologies like in-vehicle online marketplaces.

As the automotive industry evolves towards fully autonomous vehicles, security becomes harder to control. But security must be active throughout the car’s lifecycle. Make no mistake, security breaches can be fatal and costly. If you’re manufacturing vehicles with connected capabilities, a Vehicle Security Operations Center (VSOC) can increase protection for your business, fleet, and customers against cyberattacks. First, let’s explore the changing landscape and its risks.

Connected cars are easy targets for remote hackers and terrorists

cso post 1 Kaspersky

Operating systems in connected vehicles aren’t just a personal data goldmine, containing such things as audio files recorded by in-car microphones, stored bank details, and even Netflix and Spotify credentials leaked on eBay. They can also control vehicle movement. If a hacker remotely hijacks the operating system of one of your vehicles or even your whole fleet, the consequences could be devastating.

Whether it’s taking control of a Tesla’s brakes, door locks and other electronics, or exposing personal data like Mercedes-Benz – hackers will find vulnerabilities in connected vehicles. But why?

Terrorists are looking to cause fatal chaos. Hackers are out for financial gain: They may shut the engine down and demand payment to start it again. Cyber criminals are spying on executives – think how valuable audio files of confidential merger plans would be to rivals.

Connected cars are a big target for malicious actors. So it’s up to you as the manufacturer to make sure you tighten up security.

What is a Vehicle Security Operations Center?

Security Operations Center (SOC) is a team that deals with security issues at an organizational or technical level. In most cases, the team uses a platform dedicated to constant monitoring of the organization’s IT infrastructure.

A Vehicle Security Operations Center (VSOC) is the same, but in addition to protecting computers and servers, it protects assets like a connected vehicle cloud and fleet management system (which sends and receives messages to and from vehicle’s telematics control unit). It also protects the vehicles themselves, mobility servers (phones connected to vehicles) and vehicle internal components like sensors and radars. Two types of organizations need VSOCs: Automotive manufacturers like Mercedes or Tesla and large fleet owners like logistics companies or taxi firms.

It minimizes the risks of cyberattacks and, in the event of a breach, triages and treats the cyber-wound. It can also give unwavering diagnostics of your entire fleet (great for ongoing and predictive maintenance) and a wealth of information on how your cars are used, like time and distance traveled, Wi-Fi strength or errors in the engine performance. That’s perfect for R&D for new models, but how do you implement a VSOC?

VSOC: To in-house or outsource?

There are two ways to create your VSOC: In-house or outsource. In-house means integrating the unit into your current operations, either within your cybersecurity operations, quality assurance or the vehicle software R&D team. To outsource means handing part or all of the VSOC to a third-party provider. In some instances, this may be helpful to start, as you may not yet have the cybersecurity infrastructure and expertise.

A full VSOC may be out of scope for a small fleet owner, but if you run a large fleet or you’re an automotive manufacturer, in the long term it will be most beneficial to your business to establish your VSOC internally.

How to launch your VSOC

Here are some tips to get started:

Create a playbook

Security experts should create incident response playbooks (guidelines) to show how you should respond to specific cyber-threats and how to manage incident communications.

Expand your team’s knowledge

Many cybersecurity teams focus on server infrastructure, not connected vehicles. Implement advanced cybersecurity training to develop the skills of your current team. For example, Kaspersky Cybersecurity Training covers malware analysis, digital forensics and incident response to help a specialized enterprise-level team better face these threats.

Funnel issues straight to your VSOC

Establish a system to escalate vehicle monitoring and diagnostics when needed, so in the event of a breach, information is sent straight to the cybersecurity teams.

Regular security assessments

Periodically conduct security assessments of your connected car’s infrastructure, both the separate modules (like TCU and mobile apps) and test how the complete system works together. Share these results with your VSOC team.

Maximize data capture

Investing in onboard vehicle software, like intrusion detection systems, will feed your VSOC with vital information to detect anomalies and other signs that could lead to data breaches. Enrich your VSOC with threat data feeds from at least two security vendors. There are public feeds available, but licensed feeds are typically better quality.

Use white-hat hackers

Make use of the global community of white-hat hackers. These are friendly hackers, trained professionals who find vulnerabilities and make sure your systems are bulletproof. And if they’re not, they’ll give you the diagnosis to fix them. You could also join the likes of BMW and Tesla and launch a Bug Bounty program, which pays people (professional and amateur) for any bugs they find.

Work towards the latest regulatory standards

Future proof by adhering to upcoming vehicle regulation laws like Transport UNECE WP.29, and ISO/SAE 21434.

As connected cars and autonomous vehicles speed towards making our roads safer and giving people a more comfortable driving experience, automotive businesses must ensure they’re doing everything they can to protect their products from cyberattacks. A VSOC minimizes the chances of a cybersecurity breach in your plant, on the road and for your customers, so you can focus on building the future of transport.

 Explore Kaspersky Security Solutions for Enterprise to predict, prevent, detect and respond to cyberattacks.


Mikhail Savushkin

Mikhail Savushkin has worked in cybersecurity for nearly 20 years. He’s currently Solution Business Lead in Kaspersky Transportation System Security.

andrey Andrey Fadin

Andrey Fadin is a Product Manager at Kaspersky, working on transport and new mobility cybersecurity.