Securing the future of mobility

The Report

In this report, we take a closer look at the cybersecurity issues that could threaten the future of mobility, and offer perspectives on how these threats should be addressed. As automakers, technology companies, governments, and others place bets on the developments of the future of mobility, those moves could be for naught without a comprehensive understanding of the myriad cyber threats likely to emerge-- and a concrete plan to address them.

Viewpoints / key findings

Securing the future of mobility is a daunting challenge and the stakes are high. Throughout the development process, companies should strive to achieve three cardinal virtues of cyber risk management:

• Secure. In the spirit of “prevention” being worth more than a “cure,” effective risk management begins with securing critical components and preventing system breaches or compromises. 
• Vigilant. Hardware and software degrade over time, and both the nature and intensity of attacks can change. Consequently, security must be complemented by vigilance—monitoring to determine whether a system is still secure or has been compromised. 
• Resilient. When a breach occurs, limiting the damage and reestablishing normal operations are much more easily and effectively done when there are processes in place to quickly neutralize threats, prevent further spread, and recover.

Thankfully, many of the cyber risks faced by the future of mobility have been confronted before. By taking the hard-learned lessons from other industries, the extended auto industry can keep itself ahead of hackers and other adversaries. These include:

• Leveraging enterprise IT processes for data privacy and data decommissioning
• Implementing encryption and code signing to protect the integrity of system software
• Developing standards of practice for secure development of critical vehicle systems
• Enforcing developed standards on their suppliers, similar to Payment Card Processors