Application security provider, Synopsys, and SAE International, have released the report, ‘Securing the Modern Vehicle: A Study of Automotive Industry Cyber security Practices’. Based on a survey of global automotive manufacturers and suppliers conducted by Ponemon Institute, the report highlights critical cyber security challenges and deficiencies affecting many organisations in the automotive industry.
The study found that 84% of automotive professionals have concerns that their organisations' cyber security practises are not keeping pace with evolving technologies. The survey also found that 30% of organisations do not have an established cyber security program or team, and 63% test less than half of the automotive technology they develop for security vulnerabilities.
Jack Pokrzywa, SAE International director of Ground Vehicle Standards, stated: "SAE, in partnership with Synopsys, is pleased to present the findings of this study, as it provides real-world data to validate the concerns of cyber security professionals across the industry and highlights a path forward.
“SAE members have sought to address cyber security challenges in the automotive systems development lifecycle for the last decade and worked together to publish SAE J3061, the world's first automotive cyber security standard. Armed with the findings of the study, SAE stands ready to convene the industry and lead development of targeted security controls, technical training, standards, and best practises to improve the security, and thus the safety, of modern vehicles."
Synopsys and SAE commissioned the Ponemon Institute, an IT security research organisation, to examine current cyber security practises in the automotive industry and its capability to address software security risks inherent in connected, software-enabled vehicles. Ponemon surveyed 593 professionals from global automotive manufacturers, suppliers and service providers.
To ensure knowledgeable responses, all respondents are involved in assessing or contributing to the security of automotive technologies, including infotainment systems, telematics, steering systems, cameras, SoC-based components, driverless and autonomous vehicles, and RF technologies such as WiFi and Bluetooth, among others.
Andreas Kuehlmann, Co-General Manager of the Synopsys Software Integrity Group, added: "The proliferation of software, connectivity, and other emerging technologies in the automotive industry has introduced a critical vector of risk that didn't exist before: cyber security. This study underscores the need for a fundamental shift, one that addresses cyber security holistically across the systems development lifecycle and throughout the automotive supply chain. Fortunately, the technology and best practises required to address these challenges already exists, and Synopsys is poised to help the industry embrace them."
Other key findings from the survey highlight: