By 2020, Gartner predicts there will be a quarter-billion connected vehicles on the road, providing more opportunities for drivers to access information, their content, and stay productive while in the car. As a result, driver safety, and how to keep their data protected, have become a critical topics in the mobile, automotive and security industries.
As the annual RSA Conference kicks off today, we spoke with Thilo Koslowski, vice president and lead automotive analyst for Gartner, regarding what is on the minds of consumers regarding connected car security and related trends.
Q: What questions or concerns do you expect will be top of mind regarding connected car security this week at RSA?
A: Based on some high-profile vehicle hacks, I expect discussions will focus on the viability for hackers to take control of connected vehicles away from the driver. Discussions regarding industry standards and regulations to increase connected car security will also be at the forefront.
Within the automotive industry, we can expect to see the same level of attention regulators brought to sectors handling critical infrastructures, such as the energy industry, manufacturing, telecommunications and transportation.
Q: Have you observed any technologies that can help make the connected car more secure?
A: A key technology in the connected car segment is over-the-air software updates. Gartner predicts that by the end of this decade, approximately 30 percent of connected vehicle models will have built-in, function-level, over-the-air software update capabilities.
Automakers can deploy over-the-air software patches to their vehicles the same way a consumer receives notifications to upgrade the software on his or her smartphone. Over-the-air updates to vehicles can help ensure systems are current with the latest security solutions and provide added convenience and peace of mind for drivers. However, because this new channel can also become an attack vector, they can also introduce new vulnerabilities.
Q: By 2019, Gartner predicts that two automotive companies will be fined for vehicle software design negligence, resulting in inconsistent technology performance or cybersecurity attacks. How will the technology landscape evolve to combat this?
A: Many established automakers are using in-car electronic architectures that were developed for less-complex vehicles. This makes it more challenging to add additional capabilities over time and ensure the highest levels of cybersecurity and feature performance, compared with new architectures.
More scrutiny for potential automobile-related cybersecurity and feature performance levels will put pressure on automakers, and their suppliers, to develop comprehensive electronic engineering architectures. These must include an end-to-end approach — semiconductors, sensors, networks, the cloud, etc. In addition, companies must ensure that their marketing efforts clearly communicate precisely what new technology features can, and cannot, do.
Q: Will connected car security concerns and vulnerabilities stall the availability and/or the adoption of these vehicles, and what other implications do you foresee?
A: No. For example, we expect that by 2020, three automotive companies will offer self-driving capabilities as a standard feature, so there will be continued demand for connected vehicles and even more advanced capabilities such as self-driving vehicles. However, it’s also worth noting that by 2020, 10 percent of today’s vehicle owners in mature urban markets will replace vehicle ownership with on-demand vehicle access. Technology is truly changing the relationship between drivers and their vehicles, as well as automotive business models.
Gartner clients can get more information in the report Market Trends: Connected-Vehicle Maturity Raises Cybersecurity Needs.
Gartner analysts will provide additional analysis on security trends at the Gartner Security & Risk Management Summits taking place in National Harbor, Maryland, Tokyo, Japan, Sao Paulo, Brazil, Sydney, Australia and London, U.K. You can follow news and updates from the events on Twitter using #GartnerSEC.