Author: AUTOCRYPT

23 February, 2023 . 5 mins read

What Is ASPICE? What does It mean to the Automotive Software Supply Chain?

Software Process Improvement Capability Determination, or SPICE (ISO/IEC 15504, ISO/IEC 33000), is a widely used industry standard for assessing the processes of software development and management, with an emphasis on the capability for continuous improvement. Developed jointly by the International Organization for Standardization (ISO) and the International Electrotechnical Commission (IEC), the primary goal of the standard is to help software development task forces and organizations improve the process of their projects. Although SPICE is used for evaluating software development processes in general, several adjusted and extended versions of SPICE have been established to fit the needs of different industries. One of them is ASPICE (Automotive SPICE). As automobiles become increasingly software-oriented, ASPICE is quickly gaining attention in the automotive industry. Many automotive software providers are adopting ASPICE as an assessment standard to improve the quality and efficiency of their software development processes.

The Assessment Framework

Unlike many technical protocols, ASPICE does not define the software development process step by step, but instead lists what practices should be done and what goals should be achieved. This makes the standard applicable to a wide range of software suppliers and development processes, allowing them to carve out a process that best fits their environment.

After undergoing ASPICE assessments, the tested projects are given a rating based on their capability level (CL). A total of six capability levels are included in the assessment framework:

Level 0: Incomplete Process – missing components in the software development process
Level 1: Performed Process – all components are performed, and results are achieved
Level 2: Managed Process – all components are planned, performed, and managed
Level 3: Established Process – process is implemented based on well-established standards across the organization
Level 4: Predictable Process – process is implemented consistently, and results are predictable
Level 5: Optimizing Process – process is consistent, predictable, and continuously improved

Throughout the six levels, organizations that achieve capability levels 2 and 3 are generally considered to have good software development practices, while those achieving levels 4 and 5 are seen as having exceptional capabilities. Not only does this rating system provide helpful insights during self-evaluation, but organizations can also acquire ASPICE certifications by having ASPICE-certified independent parties conduct audits of their software development processes.

For instance, AUTOCRYPT’s new in-vehicle systems security solution, AutoCrypt IVS-TEE, received ASPICE CL 2 certification prior to its initial launch in January 2023. IVS-TEE secures embedded automotive systems by constructing trusted execution environments (TEE), making it one of the first TEE-based security platforms in the automotive industry.

The Assessment Criteria

What are the evaluation criteria that determine the capability levels of an assessment target? To evaluate a process, ASPICE uses the following nine process attributes:

1.1 Process performance
2.1 Performance management
2.2 Work product management
3.1 Process definition
3.2 Process deployment
4.1 Process measurement
4.2 Process control
5.1 Process innovation
5.2 Process optimization

Each of the above attributes is evaluated using a four-point scale, commonly known as the N-P-L-F scale:

N (not achieved): 0-15%
P (partially achieved): 15-50%
L (largely achieved): 50-85%
F (fully achieved): 85-100%

More detailed guidelines are provided in ASPICE on how to evaluate each attribute, making the assessment results both objective and accurate.

The Importance of ASPICE for the Automotive Software Supply Chain

Unlike legally binding regulations such as WP.29 (UN R155/156), ASPICE serves less as a regulation and more as a toolkit that helps all parties in the automotive software supply chain. Suppliers can use ASPICE to gain a clear understanding of their software development processes and improve based on the results, whereas ASPICE certifications can help buyers make more informed purchase decisions for software products.

As the software-centric automotive supply chain starts to take shape, the quality and safety of a vehicle is now defined by its software features instead of hardware performance. As such, many industry players are now adopting ASPICE for an accurate self-assessment of their software development processes, ensuring that the best practices are used to control the quality of embedded automotive software, improve the efficiency of product development, and achieve continuous improvement and long-term success.

Automotive software providers that adopt ASPICE have a competitive advantage as they can maintain a well-defined, streamlined process for software development. This helps them achieve predictable and reliable results while minimizing human errors.

From ASPICE to Software Security

Although ASPICE isn’t a cybersecurity standard per se, it does provide a solid foundation for software security and can be used to complement both cybersecurity and functional safety processes, including ISO/SAE 21434: Road Vehicles – Cybersecurity Engineering and ISO 26262: Road Vehicles – Functional Safety. Since many cybersecurity failures and safety-related recalls can be traced back to improper practice at the development stage, having a well-established and predictable software development process minimizes software vulnerabilities and development flaws.

AUTOCRYPT’s in-vehicle systems security solution, AutoCrypt IVS, also emphasizes the importance of analyzing flaws and vulnerabilities at the software development stage. In 2022, two new tools were introduced to aid this process: AutoCrypt Security Analyzer and Security Fuzzer. One of which uses SBOM-based software composition analysis to eliminate software vulnerabilities at the development stage, while the other uses smart fuzzing to generate semi-random test cases to search for development flaws.

Of course, ASPICE and vulnerability testing do not guarantee security throughout all stages of the vehicle lifecycle. This is why AUTOCRYPT also provides intrusion detection and protection (IDP), as well as a vehicle security operation center (vSOC) for continuous fleet monitoring.

To stay informed and updated on the latest news about AUTOCRYPT and mobility tech, subscribe to AUTOCRYPT’s official newsletter.

2 February, 2023 . 2 mins read

AUTOCRYPT Achieves ASPICE CL2 for TEE-Based In-Vehicle Systems Security

SEOUL, KOREA, February 2, 2023 — A global leader in automotive cybersecurity and connected mobility technologies, AUTOCRYPT announced its certification for ASPICE Capability Level (CL) 2. One of the very first and few cybersecurity providers to achieve this certification, AUTOCRYPT was recognized for its well-established processes in securing in-vehicle systems and software.

ASPICE, or Automotive Software Process Improvement Capability Determination, is an assessment scale used to evaluate an automotive supplier’s software development and management procedures. It is a de facto standard for continuous improvements in the software supply chain, confirming all components are planned, performed, and managed systematically.

AUTOCRYPT obtained ASPICE CL2 certification for its AutoCrypt IVS-TEE software security platform, a trusted execution environment (TEE) built into application processors. Since the TEE is separated from regular operating systems, it allows applications to run in an isolated and secure environment. As one of the first to integrate TEE into the automotive ecosystem, AUTOCRYPT expects to further strengthen its international partnership network for in-vehicle software security.

“Automotive architecture is transforming rapidly. More and more application processors are built into vehicles to run advanced applications like ADAS, infotainment, and the central communication unit. This makes software security a key determinant of vehicle quality, reliability, and safety,” said Daniel ES Kim, CEO of AUTOCRYPT. “We look forward to integrating cutting-edge security technologies into the automotive supply chain to ensure a reliable and flawless software-defined experience.”

Beyond its usage in securing in-vehicle systems, AutoCrypt IVS-TEE will soon be integrated into security-critical services such as OTA, digital key, and smart EV charging. The solution is now available worldwide for OEMs and tier suppliers.

For more information regarding AUTOCRYPT’s in-vehicle systems security solutions and offerings, contact global@autocrypt.io.

19 January, 2023 . 7 mins read

All You Need to Know About V2X PKI Certificates: Butterfly Key Expansion and Implicit Certificates

AutoCrypt SCMS now supports Butterfly Key Expansion for both implicit and explicit certificates of the V2X PKI ecosystem. This article explains why Butterfly Key Expansion is necessary for the SCMS and why implicit certificates might be a useful alternative to conventional certificates.

Vehicle-to-everything (V2X) communication allows vehicles to communicate with other vehicles and road entities for safety warnings, traffic coordination, and eventually vehicle-infrastructure cooperated autonomous driving (VICAD). Given that these V2X messages are critical to road safety, a vehicular public key infrastructure (PKI) known as the Security Credential Management System (SCMS) has been adopted worldwide to protect the integrity of V2X messages and the privacy of road users. V2X PKI certificates, or SCMS certificates, are therefore a crucial enabler of secure V2X communications.

What Is Unique About V2X PKI Certificates?

What makes V2X PKI certificates unique? The most significant difference between IT and V2X authentication is that IT authentication is centralized and hierarchical. Users use their digital signature to reveal their identity to the server, after which the server verifies the identity and grants the user access. There is apparently no need for users to prove their identity to other users. On the other hand, V2X authentication is decentralized, where users (vehicles) need to verify each other’s identity without revealing it. Sounds contradictory? This is made possible by using pseudonym certificates.

In the SCMS, pseudonym certificates are issued by authorization certification authorities (CA) to every road user (vehicle). As suggested by its name, these certificates are pseudonymous and thus do not contain the vehicle’s identity, but instead contain proof that the vehicle’s identity had been verified by the CA and that it is a legitimate entity.

Furthermore, to prevent a stalker from spying on the same pseudonym certificate over an extended period to trace its travel routes and behaviours, pseudonym certificates have very short validity periods. For an average private vehicle, up to 20 pseudonym certificates are issued weekly, rotating every few hours to prevent tracing. These numbers can vary depending on local regulations and the importance of the passenger. For instance, the vehicle for a head of state might require non-rotating, one-time pseudonym certificates issued every five minutes.

What Is Butterfly Key Expansion?

Every time a vehicle requests a pseudonym certificate, the responsible CA needs to sign a new certificate and return it to the vehicle. Given that a typical vehicle needs up to 20 certificates per week, the CA needs to sign over a thousand certificates to a single vehicle over a year. This is a scale never seen before in the IT or financial industry. As more and more vehicles join the V2X environment, it can soon become difficult for CAs to cope with the growing number of requests.

With advancements in cryptographic construction technology, a novel approach known as Butterfly Key Expansion now overcomes this disadvantage. Butterfly Keys allow a vehicle to request an arbitrary number of certificates all at once; each certificate with a different signing key and each encrypted with a different encryption key. A request using Butterfly Key Expansion contains only one signing public key seed, one encryption public key seed, and two expansion functions that enable expansion. Therefore, Butterfly Keys are very useful for requesting pseudonym certificates as they can drastically decrease the number of requests needed.

Note that Butterfly Keys are not needed for issuing application certificates* to roadside units (RSU). Since privacy is not a concern to roadside infrastructures, application certificates are issued once at a time and have very long validity periods, meaning that application CAs are fully capable of dealing with the volume of requests.

(*Pseudonym certificates are used by vehicles for self-identification in V2V communications, whereas application certificates are used by roadside infrastructures for self-identification in V2I applications.)

Explicit vs. Implicit Certificates

Pseudonym certificates can be constructed in two different forms: conventional (explicit) certificates and implicit certificates. Conventional certificates consist of three distinct pieces of data: 1) a public key, 2) the digital signature of the CA, binding the public key to the vehicle’s identification data, and 3) the vehicle’s identification data. During V2V message transmission, the sender signs the certificate with the private key, after which the receiver uses the public key in the certificate to verify and view the message. In this process, the sender’s identity is “explicitly verified” because by opening the message, the receiver knows that the sender is the only entity holding the private key. As such, these certificates are also known as explicit certificates.

However, a disadvantage of explicit certificates is that, since they contain three distinct pieces of data, their size can range between 2,000 bits to 30,000 bits, depending on the level of security needed. Such a size isn’t a concern in and of itself. But in the V2X environment, where traffic volume is high and transmission speeds are pivotal, smaller sizes can be more advantageous.

To enable speedier message transmission and more efficient certificate issuance, a new form of V2X PKI certificate is gaining popularity. Known as implicit certificates, or Elliptic Curve Qu-Vanstone (ECQV), these certificates contain the same three pieces of data as explicit certificates do, but do not carry them as three distinct elements. Instead, the public key and the digital signature are superimposed, leaving a single reconstruction value that is similar in size as the public key. The receiver of the message uses this reconstruction value to reconstruct the public key and verify the message. The way in which the public key and the digital signature are superimposed means that by verifying the public key, the digital signature and the legitimacy of the sender get “implicitly verified”.

Since implicit certificates contain a single reconstruction value, they are much lighter and thus require much less bandwidth to transmit. The typical size of an implicit certificate is only 200 to 500 bits, which is ideal for the SCMS, where a large volume of certificates needs to be transmitted within a constrained timeframe.

The concept of implicit certificates is developed and patented by Blackberry Certicom. Nevertheless, CAs are free to issue implicit certificates for applications in the SCMS in accordance with IEEE 1609.2.

V2X PKI Regional Requirements and Preferences

As mentioned earlier, Butterfly Key Expansion is only beneficial for issuing pseudonym certificates and is not used for generating application certificates. The same is true for implicit certificates. The lightweight advantage of implicit certificates is best seen when applied to pseudonym certificates, but less significant when applied to application certificates. Given that the mechanism behind implicit certificates is more complex, some parts of the world prefer to stay with explicit certificates.

As a result, a mix of different mechanisms is used in the real world. In fact, different transport authorities have established different requirements for the certificates used in their SCMS. In North America, implicit certificates have become the standard for all V2X PKI certificates, whereas, in China, explicit certificates are required. Europe has been establishing two different standards, one for explicit certificates and one for implicit certificates.

In general, V2X PKI certificates can be constructed using four different combinations.

AutoCrypt SCMS Ready to Support All Certificate Types

In late 2022, AUTOCRYPT completed its development on the issuance of both explicit and implicit certificates with Butterfly Key Expansion, gaining the full capability to issue and provision all types of V2X PKI certificates in the SCMS.

To learn more about AUTOCRYPT’s V2X security solutions and AutoCrypt SCMS, contact global@autocrypt.io.

To stay informed and updated on the latest news about AUTOCRYPT and mobility tech, subscribe to AUTOCRYPT’s newsletter.

13 January, 2023 . 6 mins read

The State of Level 3 Autonomous Driving in 2023: Ready for the Mass Market?

Autonomous driving technology has come a long way. In recent years, the automotive tech industry has made significant enhancements to the capability and reliability of sensors, cameras, and vehicle-to-everything (V2X) communication, driving road transport toward higher levels on the autonomous driving spectrum, as defined by the SAE’s Levels of Driving Automation.

SAE J3016 levels of driving automation
Source: SAE International

This spectrum has become an internationally recognized classification for automated driving systems. Its six levels can be divided into two broad categories: driver support systems from L0 to L2 (shown in blue), and automated driving systems from L3 to L5 (shown in green). For the past several years, industry players have been working to make the jump from L2 to L3.

From Level 2 to Level 3 Autonomous Driving, a Legal Matter

Clearly, the leap from L2 to L3 is the most significant leap on the spectrum. Whereas L2 is considered as advanced driver support features, L3 marks the beginning of conditional autonomous driving, where drivers can legally take their eyes off the road when conditions are met. Strictly speaking, only vehicles classified as L3 and above are truly autonomous vehicles.

By today, most major automotive OEMs have mastered their technologies for L2 autonomy. As of the beginning of 2023, L2 driver support systems include Tesla’s Autopilot with “Full Self-Driving”, Audi’s Traffic Jam Assist, GM’s Super Cruise, BMW’s Extended Traffic Jam Assistant, Ford’s Blue Cruise, Hyundai’s autonomous driving package, and many more.

Now, a problem arises when OEMs seek to introduce vehicles with Level 3 autonomous driving. Looking at SAE’s autonomous driving spectrum again, the levels of autonomy are not defined by a vehicle’s self-driving capability, but instead by the expected roles of the vehicle and the human driver. For instance, under L2, the human driver must pay full attention to the road even when all driver support systems are on, whereas in L3, the human driver can officially take their eyes off the road when the automated driving systems are switched on.

Therefore, if an OEM wants to officially introduce an L3 vehicle, it must be liable for all potential accidents that occur while the vehicle’s L3 systems are switched on. That is, no matter how advanced and sophisticated the technology inside a vehicle might be, if the OEM is not ready to claim responsibility for accidents caused by its systems, the vehicle can only be classified as high as L2.

The truth is, although the technology for Level 3 autonomous driving might be ready, many OEMs are not yet prepared to officially claim L3 for legal reasons. This explains why Tesla uses the name “Full Self-Driving” to market its L2 driver support systems without mentioning L3 autonomy. Some OEMs use the term “L2+” to show that their technological capabilities have surpassed L2, yet do not claim L3. Hence, the gap between L2 and L3 is more of a legal gap than a technological gap.

Official Certifications Needed for L3 Autonomy

Since L3 is the first level on the SAE’s spectrum to allow drivers to take their eyes off the road, official certifications and approvals are needed before OEMs can claim a vehicle to be L3. These certifications are often issued by regional transport authorities and highway safety agencies.

In May 2022, Mercedes-Benz became the world’s first manufacturer to get approved by German transport authorities to legally operate its L3 Drive Pilot on the country’s public roads, sold as an option on Mercedes-Benz S Class and Mercedes EQS. This means that those with L3 Drive Pilot are legally allowed to eat, draft emails, or watch videos on the Autobahn. Still, given that L3 autonomy is conditional, if the vehicle loses the environmental or locational conditions to operate at L3, it will prompt the driver to take control within ten seconds. If the driver fails to respond in ten seconds, the car will automatically turn on emergency lights and decelerate to a full stop on the side of the road, then unlock the doors in case first responders might need access to the cabin.

At CES 2023, Mercedes-Benz further announced that it has become the first manufacturer to receive L3 certification in the United States, from the state of Nevada. However, since L3 approval is granted at a state level in the US, the system is only considered L3 in Nevada for now. Nonetheless, the OEM says its Drive Pilot is fully ready to deliver L3 autonomous driving in all 50 states.

Is Level 3 Autonomous Driving Coming to the Mass Market in 2023?

Mercedes is the first manufacturer to make the bold move to bring L3 autonomy to the consumer market. Although Honda Legend won the title for the world’s first approved L3 vehicle back in 2021, only 100 limited-edition vehicles were available for lease only in Japan. Honda’s L3 road map suggests it may take much longer to reach the mass market.

There is no doubt that more and more manufacturers will follow Mercedes’ move towards L3 autonomy. Major OEMs like Hyundai-Kia, Stellantis, BMW, GM, and Honda are continuously reporting progress and plans for L3 rollout. However, it is always easy for OEMs to announce plans and schedules but difficult to make the final decision to obtain L3 approval. Even Mercedes’ L3 Drive Pilot is available for the S Class only, and legally approved in very limited regions (Germany and Nevada). Apart from legal concerns, sensitive public reactions toward flaws in automated driving systems make OEMs more reluctant to introduce L3 vehicles on a large scale.

Hence, although the news is filled with press releases and announcements on launching L3 systems, it is unlikely to see L3 vehicles being available to the mass market within 2023. Nevertheless, following the path of Mercedes-Benz, more and more OEMs will likely launch L3 options for their high-end vehicles in limited regions within the year.

Addressing the Challenges Ahead

Achieving Level 3 autonomy is beyond a matter of technological capability, but a matter of confidence – the confidence that OEMs possess towards their automated driving systems. Before OEMs can gain full confidence in taking responsibility for their automated driving systems, several potential risks need to be addressed. One of them is cybersecurity risk.

Since automated driving features are run by software, these software-defined vehicles (SDV) must not be vulnerable to cyberattacks. If a threat actor were to gain access to a vehicle’s embedded systems and applications, they could gain the ability to tamper with driving data and potentially take control over crucial functions of the vehicle.

AUTOCRYPT has always envisioned a world of L3 and L4 autonomy. Since its inception, it has been working with OEMs and software providers to secure the in-vehicle systems and communication endpoints of SDVs through its industry-leading encryption and authentication technologies, offering solutions from vulnerability testing to intrusion detection and protection.

To learn more about how AUTOCRYPT secures the SDV, download the white paper below.

white paper sdv thumbnail

“The changing tides of the automotive industry into more software, and less hardware, indicate that vehicles will be a possible target for cyberattacks. This is why holistic, comprehensive cybersecurity is essential in securing the next generation of SDVs.”

Download White Paper

 

22 December, 2022 . 2 mins read

Infographic: 2022 Year in Review

Post-pandemic 2022 has been a busy and exciting year for AUTOCRYPT, filled with innovative new product launches and accomplishments. We wanted to thank all our investors, partners, clients, and visitors for all your support over the year. Have a wonderful holiday and see you in 2023!

See below for a summary of AUTOCRYPT’s accomplishments in 2022.

Download PDF

(Accessibility version below)

Red Herring – AUTOCRYPT was selected as “2022 Red Herring Top 100 Global” by Red Herring magazine

2022 Cybersecurity Breakthrough Awards – AutoCrypt IVS won “Automotive Cybersecurity Solution of the Year”

2022 AutoTech Breakthrough Awards – AutoCrypt EQ was awarded “Ride Hailing Innovation of the Year”

Events – We had some meaningful conversations and discussions with our partners and clients at international events this year, including ITF Summit, AutoTech: Detroit, EVS35 Oslo, and ITS World Congress

WebTrust Accreditation – AUTOCRYPT was officially accredited by the WebTrust program as a root CA for the V2X-PKI ecosystem

Series B – AUTOCRYPT closed its Series B financing round with $25.5 million, bringing its total valuation to $120 million

EVIQ – In the summer, we launched EVIQ, an all-in-one EV information and charging platform that comprises a charger locator map, a charging station management system (CSMS) for CPOs, a smart-billing Level 1 EV charger for residential use, and a Plug&Charge security module for secure and seamless charging

AutoCrypt V2X-Air – Launched in Spring, AutoCrypt V2X-Air is a portable OBU for vulnerable road users, enabling pedestrians and micromobility users to easily join the V2X ecosystem

Security Analyzer and Security Fuzzer – We launched a set of vulnerability testing tools utilizable during any stage of the software development lifecycle, dedicated to software-defined vehicles

Integrated Management System for SCMS – IMS for SCMS allows OEMs to view all their entire SCMS certificates on one centralized GUI.

Plug&Charge – AutoCrypt PnC was integrated into Hyundai Motor’s E-pit charging service platform, an ultra-rapid EV charging network across South Korea.

15 December, 2022 . 7 mins read

From EV to Autonomous Driving: A Look Into the Mobility Industry in 2022

2022 was a turbulent year for the mobility industry. As the economy has been recovering back to its pre-pandemic state, we have seen a surge of technological advancements that are shaping the industry.

To commemorate the end of the year we have carefully analyzed the market and gathered four key insights to discuss the biggest trends of 2022 and see what the trajectory for the future of the mobility industry looks like. 

1. The tipping point in EV adoption 

In 2022 we have seen the catastrophic impact of the climate crisis on our planet. The world was struck by extreme heatwaves in Europe, hurricanes across multiple US states, and monsoon floodings in Asia. The intensity of these devastating climate disasters has been increasing as a result of climate change. And as the global climate crisis continues to unfold governments are taking action to tackle the dangers of climate change by rolling out net-zero carbon emission policies to accelerate the road to decarbonization.

One of the largest industries contributing to the climate crisis is transportation, which is responsible for 20% of carbon emissions worldwide. Decarbonizing the mobility and transportation sector is imperative in reaching net-zero goals, and electrifying the roads is the most effective way to do so. Electric vehicles have been at the forefront of the transition in the mobility industry. As the world strives toward net-zero emissions, governments are increasingly pushing for electric vehicle (EV) adoption through subsidies and related policies. Europe and the United States are leading way with regulatory targets of reaching a 50% EV market share by 2030. On the other side of the spectrum, consumers are becoming more environmentally conscious and increasingly willing to make the switch in favor of electric vehicles. And as the technology gets more advanced the supply side is catching up with the demand.

The EV adoption rates are signaling a positive change in the market and bringing us closer to reaching net-zero goals in the transportation sector. However, we are still far from achieving decarbonization and need to take drastic measures in accelerating EV adoption across the board. Continuing to expand the charging infrastructure, supporting change with government policies and subsidies, as well as encouraging innovation are some of the key steps we need to take to meet decarbonization targets.

2. Autonomous driving

Electrification on the roads lays down the groundwork for further innovation opportunities in the mobility industry. To accommodate EV production, manufacturing facilities had to be redesigned and rebuilt from scratch, this allowed OEMs to trial new technologies and software in their vehicles. As the EV market grows, we can see the expansion in related automotive technologies, with innovations ranging from connectivity to autonomous driving.

The buzz around autonomous driving technologies has been around for a while; rightfully so, as autonomous driving technologies are extremely beneficial in increasing road safety and access to mobility. And 2022 was a notable year for the collective movement toward achieving higher levels of autonomy. Currently, major OEMs have achieved Level 3 autonomy, or conditional autonomy, where the vehicle can drive itself under appropriate conditions, but a human driver must always be present in the car. The main technology that allowed us to achieve Level 3 autonomy is Advanced Driver Assistance Systems or ADAS. ADAS uses radars, cameras, ultrasound, and a variety of different software to achieve vehicle automation. While ADAS is an essential element in providing autonomous driving, it is simply not enough to achieve higher levels of autonomy.

Autonomy Levels 4 and 5 entail high levels of autonomy with minimal to no intervention from the driver. To achieve these advanced autonomy levels, we need more comprehensive technologies such as connectivity. At the heart of vehicular communication technologies, we have vehicle-to-everything (V2X) technology that connects the vehicle to the network, infrastructure, other vehicles, and passengers around it. V2X communication utilizes wireless communication between the vehicle and the environment around it to gather real-time data on traffic conditions, road signs, warnings, and much more. V2X technologies are also very beneficial in ensuring road safety as they include connectivity with other vehicles (V2V) and pedestrians on the road (V2P).

This technology can greatly improve the effectiveness and accuracy of existing ADAS technologies and fast-track the path to full automation. 

3. Universal mobility

EV passenger vehicle numbers are growing, but so do the numbers of EV commercial fleets. In the past years, we have seen governments deploy electric buses, trams, and taxis in attempts to decarbonize public transport systems as well as increase access to mobility. Universal mobility entails having access to transportation for all members of society. The ultimate goal is to achieve universal basic mobility (UBM) and democratize the sector so everyone can access safe and efficient transportation. Among the latest technologies aimed to provide UBM are mobility-as-a-service (MaaS), robotaxis, and carsharing services.

The emergence of MaaS is not surprising, as it allows access to transportation for everyone who owns a smartphone. MaaS is currently on the rise with multiple successful cases worldwide, namely Kakao Mobility, Uber, and Lyft. These companies have been able to integrate multiple modes of transportation into a user-friendly mobile application, making transportation easily available to people at the tap of their fingers. 

As MaaS continues to grow businesses will need assistance in rolling out their own mobility services. AUTOCRYPT launched its mobility service solution AutoCrypt® MOVE, integrating its fleet management system with big data analysis and demand-oriented service modeling to help businesses and NGOs easily establish their own mobility services and reach universal basic mobility. 

4. Increasing need for cybersecurity

As vehicles become increasingly automated and connected, the need for effective cybersecurity measures becomes more important. With the proliferation of connected vehicles, hackers have more opportunities to gain access to vehicle systems and potentially cause harm. In addition, the increased use of automation in vehicles means that there are more potential points of failure that could be exploited by malicious actors. 

One of the main reasons for the increasing need for cybersecurity in the automotive industry is the growing number of connected vehicles on the road. Many modern vehicles are equipped with internet connectivity, which allows them to communicate with other vehicles and with external systems, such as traffic control systems and other infrastructure. This connectivity opens new possibilities for vehicle operation and convenience, but it also creates new vulnerabilities that can be exploited by hackers. For example, a hacker who gains access to a connected vehicle could potentially take control of the vehicle’s systems, including its brakes, steering, and acceleration. This could result in dangerous situations, such as collisions or loss of control. In addition, a hacker could potentially access sensitive personal information stored in the vehicle, such as location data or information about the vehicle’s owner. Exactly that happened in January of this year when a researcher was able to hack into 25 Tesla vehicles and gain access to vehicle control and the personal information of car owners. 

Another reason for the increased need for cybersecurity in the automotive industry is the growing use of automation in vehicles. Many modern vehicles are equipped with ADAS and vehicular communication technologies, which can assist with tasks such as lane keeping, automatic braking, and adaptive cruise control. While these systems can improve safety and convenience, they also introduce new potential points of failure that could be exploited by hackers.

Overall, the increasing use of automation and connectivity in vehicles is creating new challenges for cybersecurity. To protect against these challenges, it is important for the automotive industry to develop and implement effective cybersecurity measures. This may include measures such as encryption, secure authentication, and regular over-the-air (OTA) software updates to protect against known vulnerabilities. 

This year has seen positive strides in the mobility industry. The expansion of electric vehicle adoption, autonomous driving, universal mobility, and cybersecurity points to an industry-wide trend toward electrification, decarbonization, and innovation. However, in order to achieve the full potential of the technological shift within the sector we must remember to support this expansion with government policies, investments, and innovation.

As an automotive cybersecurity and mobility solutions provider, AUTOCRYPT offers secure connectivity technologies that support the expansion of the mobility sector. From securing V2X communications to embedded vehicular systems, AUTOCYRPT ensures that all connections are secured before vehicles hit the road.