• Richard Blech

Electric Vehicles Race to Ubiquitous Built-in Cybersecurity

As the automotive industry continues to leverage technology advancements to create connected, electric and autonomous vehicles, it has to better address the cybersecurity issues that come with them. This means making automotive cybersecurity a core element of the design, development and manufacturing of the vehicles with built-in cybersecurity, just as seat belts are part of any and all designs. This will help mitigate the cybersecurity risks that threaten the data, software, hardware, communication networks, electronic systems of connected vehicles and of course, public safety, throughout their entire lifecycle.


Connected vehicles will make up almost 86 percent of the global automotive market by 2025. From a cybersecurity standpoint, this expected widespread adoption of connected vehicles makes them even more of a prime target of malicious actors. At their most fundamental, the vehicles are connected devices on a network. They are simultaneously data repositories and portals through which a significant amount of sensitive data travels, processing up to 25 gigabytes of data an hour. The integration of the various electronic systems and communications and software systems in the vehicles create a wide attack surface. When malicious actors use common attack vectors like servers, keyless entry systems and mobile apps, the vehicles become gateways to a driver’s smart device, the vehicle’s manufacturer’s online system or software supply chains linked to the systems and the data in those systems.


There is no question of the cyberthreats targeting connected and electric vehicles. Cybercrime yields an estimated $600 billion in profits annually, exceeding the $400 billion generated by the drug trade. With the influx of connected vehicles, malicious actors stand to add to that amount by targeting personal data for ransom, threatening manufacturers with the manipulation of mission-critical systems, etc. In a bulletin that was issued to private companies, the FBI warned that “the automotive industry likely will face a wide range of cyber threats and malicious activity in the near future as the vast amount of data collected by Internet-connected vehicles and autonomous vehicles become a highly valued target for nation-states and financially-motivated actors.” The ramifications of cyber interference of connected vehicles could, at the very least, be on par with that of the fallout of compromised critical infrastructures. Malicious actors are acting on the fact that the automotive industry has little historical experience of dealing with cybersecurity risks.


Failing to treat the cybersecurity of autonomous vehicles as a priority aids the efforts of malicious actors. To create ‘secure-by-design’ vehicle systems that will continue to provide effective cybersecurity in the long term, it is necessary, from conception, to design the systems from the perspective of a hostile environment. There should be secure coding practices and rigorous security testing during all stages of the development process, not just later in the product development lifecycle, which is what typically occurs. Instead of designing and building the connected ecosystem of the connected vehicle so that key resources such as processor cores, physical connectivity or internet access are shared by some safety-critical and non-safety-critical functions to reduce component expenses, there should be dedicated resources for functions essential to security features. Even the efficiency with which cryptographic keys are managed is a factor in automotive cybersecurity. For example, even though key management systems are used by the majority of automotive manufacturers for the management of cryptographic keys, there are some manufacturers that still employ a manual process that limits their usefulness and that impedes security.


A layered cybersecurity approach, as recommended by the NHTSA, reduces the possibility of a successful cyberattack on electric vehicles. Current and pending cybersecurity regulations for the automotive industry are reinforcing that notion of comprehensive security. For example, under the recently published ISO/SAE 21434:2021 standard, OEMs are responsible for vehicle homologation and have to verify that sufficient cybersecurity risk management practices are in place throughout vehicle development, production, and post-production; this includes having the capability for executing over-the-air software security fixes securely. This is just one reason why extensible, optimized cryptography and encryption solutions that provide heightened data protection and are capable of defending against threats (like man-in-the-middle attacks) are a critical and fundamental component of automotive cybersecurity. The data in connected vehicle systems have to be encrypted end-to-end to mitigate threats from unauthorized third parties.

XSOC CORP solutions are uniquely suited for connected vehicle applications, providing quantum-safe protection that can fortify electric vehicle systems and online, automotive industry-related data points:

  • The FIPS 140-2 validated XSOC cryptosystem, with its minute digital footprint, is lightweight enough, and fast and strong enough to protect vulnerable data from the cloud to mobile device and all points inter-vehicle.

  • SOCKET could be used inter- and intra-vehicle to securely distribute, sharded ephemeral symmetric key material around the CAN bus network, securing all vehicular data against unauthorized access.

  • EBP can be used to transmit data to and from connected vehicles, avoiding the inadequacies of PKI and certificate-based security, while encrypting every packet of data, thus offsetting the inherent risks of Man-in-the Middle attacks.

Contact us at XSOC CORP to learn more about how our solutions can help mitigate the cyberthreats that are posing new risks to security, safety and privacy in the automotive industry. Cybersecurity has now become a new metric by which the quality of vehicles will be assessed. Investors, consumers and buyers are going to demand security, and the first connected electric vehicle that supplies it will win.