Automotive cybersecurity: How to protect intelligent speed assistance

Evgeniya Ponomareva, Global Alliance Manager, KasperskyOS Business Unit at Kaspersky

From July 6, a technology dedicated to controlling the speed of a vehicle – intelligent speed assistance (ISA) – became a mandatory requirement for all new car models introduced on the European market. It will also become mandatory for all new cars sold from July 2024. The system is supposed to not only warn the driver about speed limits, but also control their speed (car manufacturers will be free to decide what functions to include), making the question of its protection from cyber-risks more than relevant.

The cybersecurity of connected cars continues to be tested by attackers and researchers, including a new vulnerability recently found in Tesla, and a fresh study on the security of car apps.

Cybersecurity risks to ISA may arise if it is connected to external systems outside of the car, for example, to an external cloud that uploads the data on speed limits, or through any other electronic control units of the vehicle. Depending on the electrical/electronic (E/E) architecture, attackers can access systems through external communication channels or by using a chain of vulnerabilities in other electronic control units connected to a public network.

Fortunately, it is now a requirement for these systems to be developed with cybersecurity in mind. ISA falls under both the requirements of ISO 262626, which regulates functional safety at software level, and the general automotive industry standards for cybersecurity with mandatory certification including UNECE regulations UN R155, R156, and ISO21434.

According to these requirements, a risk assessment must be carried out and the vehicle systems must be secure-by-design, i.e., security mechanisms should be implemented at the development stage. From July 2024, the sale of new vehicles without cybersecurity certification will be prohibited in the EU, making cybersecurity an integral part of the automotive industry. A dedicated security platform for electronic units’ development can help car manufacturers to meet these requirements.