Let’s Be Practical About Cybersecurity
The inclusion of motorcycles and electric bicycles under the new UNECE cybersecurity regulations marks a significant shift in our industry. Starting this year (2024 for those reading this blog in the future 😉), designers and manufacturers will face stricter regulations designed to protect more connected vehicles and their complex systems.
However, this increase in security measures raises doubts. Are these rules aligned with the current reality of engineering? Recent hacks on Tesla, revealed at competitions like Pwn2Own, show that even industry leaders can be vulnerable (despite complying with all regulations, “and beyond!”). Additionally, according to Upstream Security, the number of cyber incidents in 2023 doubled from the previous year, impacting millions of vehicles and mobility assets, highlighting the need for effective cybersecurity.
Continuing with the same source in its 2024 report, since 2010, there have been 1,468 incidents related to automotive and smart mobility. The majority of these attacks in 2023 were carried out by “Black hats,” with 95% of the attacks being non-physical, indicating an alarming shift towards large-scale incidents.
Given all this, at Rothmans Engineering, we advise a pragmatic approach: we recommend our clients develop their motorcycles/e-bikes in such a way that software updates can only be carried out at certified dealers instead of the “supposedly safe” OTA updates. This method not only complies with regulations but also minimizes the risk of introducing vulnerabilities.
It’s better to create secure systems from the start, rather than fixing errors along the way. That’s why we prefer to adopt a practical approach that ensures safety without sacrificing functionality.
The challenges in vehicle cybersecurity are enormous, and the current solutions, although costly, can be uncertain. Therefore, it’s better to be cautious. What do you think?