FEV, a global service provider of vehicle and powertrain development for hardware and software, has identified increased adoption of software in vehicles as a significant cybersecurity risk. To address this, it has created a new so-called SPORT (Strategy, Processes, Organization, Resources, and Technology) framework to enable suppliers and OEMs to act quickly and stay ahead of hackers.
It states that the SPORT framework is designed to provide a holistic approach to cybersecurity preparation. Breaking down the framework, FEV explains that the Strategy part takes the OEM’s or supplier’s corporate vision, mission and culture into account, aligning the cybersecurity strategy with the corporate strategy. The Process step incorporates development processes, e.g. the Security Development Life Cycle and knowledge management, as well as audit and training processes, supported by a dedicated change management workstream. Meanwhile, Organization deals with the structure of cybersecurity teams and develops a reporting structure with clear roles and responsibilities, while the Resources element defines the necessary team size, takes care of talent acquisition and outsourcing strategies.
Finally, the Technology step incorporates;
- A highly secured hardware and software strategy;
- Technical measures (constructive and analytical); and
- Available tools and infrastructure.
The company highlights that in 2010, a premium car had up to 100 million lines of software code. Today it is close to 150 million lines. By 2030, the number of lines is expected to be >300 million. This increase in software content presents significantly more entry points for cyberattacks.
In recent years, the importance of cybersecurity has already made its way onto the financial statements of large players in the automotive and technology industries. A handful of high-profile attacks have directly resulted in a drop in stock prices, as well as a hit to the business performance and reputation. For example, a remote attack in 2015 resulted in a recall of nearly 1.5 million vehicles, leading to estimated costs of US$600m and an estimated loss of US$4bn in market cap for this OEM.
FEV says that with increasing vehicle complexity, it is likely that these events can become even more common. More consumer information will be saved and accessible through the vehicle, raising the stakes for future attacks.
“Cybersecurity will continue to play an increasingly important role for global auto makers in the coming years as vehicles become more connected and automated,” said Mayank Agochiya, managing director of FEV Consulting.
“Quick, proactive action is required for OEMs and suppliers to be ready by 2025 the latest. To that end, we’re proud to offer support through our SPORT framework as we support our customers in the quest to develop increasingly safe vehicles.”
FEV claims its methodology has already been successful in identifying and mitigating risks by acting early and utilizing a proper approach. It has proven that OEMs and suppliers in the mobility industry can both protect their finances against the risk of cyberattacks and improve passenger safety.