The whole vehicle value chain
A systemic issue
What needs to be done?
Treat cyber resilience as a business problem rather than a purely technical problem, and anchor responsibility for it not only in the technology function;
Take a customer centric point of view; start with the people (customers, employees, garage staff etc.) and look at processes and organisation—then translate into technical requirements;
Consider the ecosystem perspective and look at cyber resilience upstream, to suppliers, downstream, to dealerships, repair shops and car owners, and sideways, to operators of city infrastructure, other traffic participants, electricity grids etc. As an example, from another industry with a heavily interwoven ecosystem, see the work of the World Economic Forum in collaboration with BCG on ‘Cyber Resilience in the Electricity Ecosystem’;
Prepare to be held responsible not only for the cyber security of what you produce and control directly in your own company, but also for what you integrate from suppliers and what your dealerships and repair shops do downstream. For automakers, that may mean that they will have to act as an ecosystem orchestrator to ensure end-to-end cyber resilience;
Adopt a lifecycle view for software, hardware (like onboard control units, ECUs, sensors, actuators etc.), and accompanying services;
Clarify whose responsibility it is to provide bug fixes, security updates and patches – and for which parts of the vehicle ecosystem. Is it the automaker, the suppliers, other third parties, or all of the above?
Clarify how long you will assume your part of this responsibility, and establish an architecture that is flexible and modular enough to deliver on this responsibility (for instance through over-the-air software updates and also hardware updates). Customers are unlikely to accept that entire cars have to be replaced just because, for example, encryption technology which was state of the art at the time when the vehicle was designed or placed in the market has been broken by the time the car is delivered;
Have HSE (health, safety, and environment) and QM (quality management), two disciplines which tend to be very mature in most automotive manufacturers (especially with ISO 26262 Road vehicles—Functional safety), join forces with cyber resilience (See also the forthcoming future ISO 21434 Road vehicles—Cybersecurity engineering). Ultimately, you will want cyber resilience engineered into your products from the beginning, as is now common for quality (which has matured from purely after-the-fact statistical control to preventative up front quality engineering);
As part of this integration, strengthen monitoring and response capabilities, in processes and products, and implement out of band compensating control mechanisms, like for instance the fail-safe equivalent to an emergency power off (EPO) switch on the dashboard;
Build an organisation and hire people capable of driving and doing all this. Really.