OTA updates are delivered over a cellular network, Wi-Fi, or other radio frequency- (RF-) based methods that provide software updates. This grouping of technologies offers a fast and convenient way for vehicle manufacturers to resolve issues and future-proof their cars, all without requiring car owners to visit the dealer. There isn’t currently a standardized way in the automotive industry to verify software updates. As such, it’s possible for an OEM to have multiple ways to confirm software updates for some of its components or to rely on a complex supply chain for the delivery of these updates. But this should change as the software-driven features become further ingrained in the industry.
In the U.S., the National Highway Traffic Safety Administration (NHTSA) offers security guidance through its Cybersecurity Best Practices for the Safety of Modern Vehicles report. The report outlines steps for vehicle manufacturers to take to mitigate the risk of cyberattacks. NHTSA isn’t alone in this endeavor. The EU has issued UN Regulation No. 155, which has clear requirements that require OTA capabilities to update vehicles in order to sell in that market.
Efforts generally begin with a risk assessment, outlining components in a vehicle that any application would interact with. But then, there are a lot of questions about risk and responsibilities. As an example, let’s consider a self-parking application that’s activated by a smartphone. The vehicle in question already has autonomous driving capabilities. However, to enable self-parking, the driver needs to install an app that is tied to a parking garage company and must be allowed to communicate with the vehicle. For this application to work, the carmaker needs to provide location and other vehicular data to the app so that the car can navigate safely through the garage to an available parking spot once prompted by the driver. Is the OEM responsible for monitoring and managing the app’s security and capability, or is it the supplier's responsibility to ensure that the app contains nothing malicious or compromised? Many of these questions will be resolved by legal departments, but proper cybersecurity hygiene is the primary focus for minimizing these types of events.
In-vehicle apps such as the self-parking example represent a new revenue stream, and the opportunities are wide open for a host of new and exciting capabilities. Imagine having a car that knows your favorite morning coffee order—once you step inside for your commute, the car has already placed the order, handled the payment, and is navigating the fastest route to the café for order pickup. Or, what if different in-vehicle apps could interact with one another? Your car senses—thanks to an app plus a tracking tag on the bag—that you have clothes in the trunk for the dry cleaner. The dry-cleaning app communicates with the café app, directing the car on the most efficient route to drop off the dry cleaning and pick up your coffee.
The apps themselves must have built-in protections against malicious attacks. When they’re ready to be updated, the OTA updates must flow securely from server to vehicle, with little risk that the data will be intercepted and compromised.
These days, carmakers and app developers are collaborating closely, though a primary focus is getting new capabilities to market. At the consumer level, it may be several years before we start seeing these example scenarios come to fruition. Enterprise-level innovations may come sooner. Pizza Hut, for example, is exploring a driverless concept vehicle equipped with a pizza oven, a move that could transform how food is ordered, prepared, and delivered.
Regardless of when these new offerings are available, the time is ripe to start addressing the security considerations.