The evolution of the automobile, from being powered by steam to now including computerised consoles, is a commendable journey shaped by technological changes. In the 21st century, consumers can expect their vehicles to be vital to their digital lives. Previously, manufacturers and consumers focused on the hardware of an automobile, but with the current technological changes, software is gearing up to take centre stage. This means that

Software-Defined Vehicles

(SDVs) are the next evolution of the automotive industry.

SDVs are often called ‘software-on-wheels’ because they can enable new features, oversee operations and enhance functionality through software. This will enhance consumer experience and benefit vehicle safety and mobility.

As the development of SDVs picks up pace, it must be acknowledged that such vehicles also introduce significant cybersecurity challenges. While software can enhance innovation, an increasing reliance on it can also lead to compromised safety and functionality.

What recent trends tell us

Deloitte’s The future of automotive mobility to 2035 report highlights that Original Equipment Manufacturers (OEMs) surveyed expect technology to influence business with software-enabled solutions designed to impact the mobility experience. This can boost revenue as companies begin offering ongoing asset management to consumers, from data analytics and telematics to infotainment and vehicle feature subscriptions.

The emergence of AI and machine learning will also dictate the development of SDVs, as such technologies offer great potential for enhancing the security of automotive vehicles due to their ability to detect and respond to threats in real time. The integration of such technologies into SDVs can ensure that malicious actors do not achieve success in taking control of vehicles and bolster the safety of passengers.

In addition to emerging technology and innovation, the ever-evolving regulatory landscape will have a considerable influence on the development of SDVs as governments across the globe develop rules regarding the cybersecurity provisions of connected vehicles. A recent example is the US Department of Commerce considering banning certain foreign technologies that could pose security risks to national security.

Hence, many factors will influence the development of SDVs in today’s digital age.

Growing innovation coupled with evolving threats

The use of software will transform automobiles, promising to make futuristic cars a thing of reality. SDVs offer innovative features, making it possible to improve vehicle performance, strengthen vehicle safety and optimise vehicle systems. While these are exciting changes, they also increase the attack surface, leaving automobiles powered by software vulnerable to cyberattacks that can have catastrophic results, ranging from data theft to compromised safety that causes accidents. The Global Automotive Cyber Security Report from Upstream Security highlighted that remote attacks now constitute 95 percent of the incidents, primarily driven by black-hat hackers aiming for large-scale disruptions. It is the need of the hour to make cybersecurity a key priority as cyberattacks on automobiles increase and become more sophisticated.

Systems integrated into modern vehicles are increasingly interconnected, often communicating over internal networks. This generates multiple points of vulnerability that malicious actors can exploit. The problem is compounded by a key feature that SDVs offer: remote access. It does improve convenience and functionality, but at the same time, it can also make it easier for cybercriminals to gain control over critical vehicle functions.

Such vulnerabilities could disable crucial functions such as braking, steering and acceleration. For example, an attack on a vehicle’s GPS could lead passengers into dangerous situations. Remote access can allow hackers to hold an SDV’s system hostage until a ransom is paid.

According to the Deloitte Global Automotive Mobility Market Simulation Tool, 50–60 percent of future profits may be at stake if mobility providers continue their business as usual. The further integration of software into automobiles must be trodden carefully, with security as a key feature to ensure the safety of both the vehicle and the passengers.

Tackling challenges head-on

Securing SDVs from cyberattacks will require a multi-pronged and comprehensive approach. Manufacturers must consider a “security by design” approach, as prioritised by standards such as ISO/SAE 21434 – Road Vehicles — Cybersecurity Engineering, whereby security is considered at every stage of the vehicle lifecycle.

Additionally, cryptographic key management, including practices such as secure generation, storage and rotation of cryptographic keys, can prevent unauthorised access and secure data storage within SDVs. Moreover, authentication, encryption and integrity checks must be adopted to secure OTA/FOTA software updates.

Regularly updating software and patching vulnerabilities will be key to maintaining and bolstering SDVs' security. This could go a long way in preventing hackers’ exploitation. Moreover, segmenting vehicle networks can help limit the spread of potential breaches while also continuously monitoring for suspicious activity.

In conclusion, software integration into automobiles will only grow as technology advances. However, to support the long-term development of such technology, security must be the top priority. It will enhance the scope of innovation, improve consumer trust and strengthen brand reputation.

(The author is Santosh Jinugu, Partner, Deloitte India. Views are personal)