Smart mobility requires elevate security and compliance standards

Connected cars today are often described as "computers on wheels." They come with more and more integrated software and internet-connected apps to enhance functionality and the user experience.

Such a rise in internet connectivity and cloud computing applications in intelligent vehicles, however, comes with a multitude of cybersecurity threats.

According to IBM’s 2023 X-Force Threat Intelligence Index, the transportation industry was the ninth most attacked industry in 2022, receiving 3.9% of attacks within the top ten industries.

By 2024, the automotive industry is predicted to lose US$505 billion to cyberattacks, as reported by the 2024 Automobile Cybersecurity Market.

In 2022, a series of modern Honda cars got exposed to a hack that exploited a vulnerability in Honda's keyless entry system, which enabled threat actors to gain access to the vehicle's system and start affected engines remotely.

This flaw is one of the typical examples of cyberattacks targeting smart vehicles.

In the realm of dynamic cyberspace and evolving technology, hackers are getting more sophisticated at exploiting vulnerabilities, thereby gaining unauthorized access to vehicle systems and stealing users' data.

For automobile manufacturers, ensuring vehicle security can be a daunting task, as a third-party supplier provides each software component.

More stringent compliance standards

The current and upcoming challenges in the cybersecurity landscape are leading to more legal requirements and standards in the industry to enhance trust and protect users.

There are several automotive cybersecurity standards and regulations that the automotive manufacturers must comply with, including ISO/SAE 21434, an international standard for automotive cybersecurity; the EU General Data Protection Regulation (GDPR); or the CCPA, the most comprehensive data privacy law in the United States.

In addition, the United Nations regulations R155 and R156 will be mandatory for all new vehicles manufactured from July 2024.

Ensuring compliance with these regulations can take time and effort for automotive manufacturers. A recent study by Kaspersky reveals that 42% of respondents, who are leaders in the industry, stated they have no plan in place, and 68% admitted that they are not ready to comply due to a lack of preparation and limited expertise.

Recently, Porsche also announced it would withdraw the Macan SUV from European markets in 2024 because it failed to meet the upcoming cybersecurity regulations.

Comprehensive cybersecurity solution

To help manufacturers, particularly those who have limited expertise in cybersecurity and compliance, meet the new security requirements, some cybersecurity service providers for smart vehicles have come into play as pioneers.

VinCSS, a Vietnamese startup, has eagerly stayed ahead of the demand curve for smart mobility security and compliance.

The company provides comprehensive cybersecurity solutions for connected vehicles, including consultation and evaluation from experts, penetration testing, and security frameworks in accordance with market regulations and requirements.

With a robust security technology platform and a team of internationally accomplished experts, VinCSS aids automotive manufacturers in fully and promptly meeting international standards in the industry. Its continuous partnerships with leading companies in the sector further bolster its security prowess.

In 2023, VinCSS worked with VicOne, a Taiwanese company, to address the risks associated with security vulnerabilities in the Electronic Control Unit (ECU) of intelligent vehicles.

In early 2024, VinCSS established a strategic partnership with Autocrypt, a preeminent Korean provider of automotive security services.

Most recently, VinCSS joined forces with Israel's C2A Security to enhance automated security and cybersecurity compliance for smart vehicles.

VinCSS Automotive Cybersecurity Division successfully assisted an EV maker in passing the R155 and R156 certifications for their four car models in a short span of less than 18 months.

VinCSS Automotive Cybersecurity Division successfully assisted an EV maker in passing the R155 and R156 certifications for their four car models in a short span of less than 18 months. Photo courtesy of VinCSS

Nguyen Trung Tin, Director of VinCSS Automotive Cybersecurity Division, said that they believe that VinCSS's solutions will assist automotive manufacturers in security automation, risk management, and better compliance with cybersecurity standards.

"As connected vehicles become more prevalent, manufacturers and end users are increasingly looking for security experts like VinCSS. And we are devoted to that mission every day."