Cyber Security Security risk vehicle networking

Related Vendors

FAULHABER Drive Systems

dataTec AG

Wuxi InfiMotion Technology Co., Ltd.

According to a recent survey by cyber security specialist Kaspersky, 23% of IT decision-makers from automotive, logistics and transportation companies in Germany see V2V (vehicle-to-vehicle) and V2I (vehicle-to-infrastructure) connectivity in conjunction with over-the-air updates as the biggest security challenge until 2026. With regard to electric vehicles, there is a further challenge: vehicle-to-grid (V2G).

Around a third of respondents see secure data transmission (36 percent), encrypted data connections (33 percent), secure access in combination with monitored network activities (33 percent) and faster remediation of vulnerabilities (32 percent) as key measures to protect connected vehicles from cyber attacks.

For Vladimir Dashchenko, cyber security expert at Kaspersky ICS CERT, V2G poses a serious security risk: "As part of a large system, V2G raises several serious security issues. This is because the communication protocols between vehicles and charging stations are not secure. Some of the information is transmitted unencrypted. This data can be monitored and intercepted remotely by an attacker, providing a potential entry point into the network system. On the other hand, there is also the possibility of an attack vector on the vehicle from a charging station that is connected to the network system. Although there are currently no such publicly known attacks, we have already observed an exploit broker looking for exploits for vehicle charging stations. All organizations within a V2G system must therefore ensure comprehensive protection. This includes employee training, dedicated technological solutions such as Kaspersky Automotive Secure Gateway and a dedicated automotive SOC to help detect abnormal activity and intrusion attempts. In any case, close cooperation between the security community, V2G providers, car manufacturers and network operators should be established."

Recommendations for protecting connected vehicles from cyber attacks

Use a security solution such as Kaspersky Managed Detection and Response: This combines detection and response capabilities and helps identify threats without requiring additional internal resources.

Carry out regular employee training and audits to prevent security incidents: Kaspersky Security Awareness, for example, can help with this. In addition, it is advisable for companies to implement cyber security solutions - such as Kaspersky Endpoint Detection and Response - that can detect threats in the supply chain in real time and initiate measures to contain them.

Know the latest cyber threats for specific vehicle types: Companies should monitor these regularly and store log data so that it can then be submitted to the relevant vehicle licensing authority as monitoring reports for proof of compliance. Services such as Kaspersky Threat Intelligence detect anomalies early and proactively in the network and warn of threats before they can cause damage.

Maintain plans for rapid and efficient incident response: These should cover the entire investigation and response cycle of a security incident. Partnering with a cybersecurity expert like Kaspersky enables early detection of attack attempts through firewalling, intrusion detection system (IDS) protection and network isolation and management. Forensic data analysis helps to decipher threats. (tk)

Link: To the report "Cybersecurity in the automotive industry"