Category: Blog

15 December, 2022 . 7 mins read

From EV to Autonomous Driving: A Look Into the Mobility Industry in 2022

2022 was a turbulent year for the mobility industry. As the economy has been recovering back to its pre-pandemic state, we have seen a surge of technological advancements that are shaping the industry.

To commemorate the end of the year we have carefully analyzed the market and gathered four key insights to discuss the biggest trends of 2022 and see what the trajectory for the future of the mobility industry looks like. 

1. The tipping point in EV adoption 

In 2022 we have seen the catastrophic impact of the climate crisis on our planet. The world was struck by extreme heatwaves in Europe, hurricanes across multiple US states, and monsoon floodings in Asia. The intensity of these devastating climate disasters has been increasing as a result of climate change. And as the global climate crisis continues to unfold governments are taking action to tackle the dangers of climate change by rolling out net-zero carbon emission policies to accelerate the road to decarbonization.

One of the largest industries contributing to the climate crisis is transportation, which is responsible for 20% of carbon emissions worldwide. Decarbonizing the mobility and transportation sector is imperative in reaching net-zero goals, and electrifying the roads is the most effective way to do so. Electric vehicles have been at the forefront of the transition in the mobility industry. As the world strives toward net-zero emissions, governments are increasingly pushing for electric vehicle (EV) adoption through subsidies and related policies. Europe and the United States are leading way with regulatory targets of reaching a 50% EV market share by 2030. On the other side of the spectrum, consumers are becoming more environmentally conscious and increasingly willing to make the switch in favor of electric vehicles. And as the technology gets more advanced the supply side is catching up with the demand.

The EV adoption rates are signaling a positive change in the market and bringing us closer to reaching net-zero goals in the transportation sector. However, we are still far from achieving decarbonization and need to take drastic measures in accelerating EV adoption across the board. Continuing to expand the charging infrastructure, supporting change with government policies and subsidies, as well as encouraging innovation are some of the key steps we need to take to meet decarbonization targets.

2. Autonomous driving

Electrification on the roads lays down the groundwork for further innovation opportunities in the mobility industry. To accommodate EV production, manufacturing facilities had to be redesigned and rebuilt from scratch, this allowed OEMs to trial new technologies and software in their vehicles. As the EV market grows, we can see the expansion in related automotive technologies, with innovations ranging from connectivity to autonomous driving.

The buzz around autonomous driving technologies has been around for a while; rightfully so, as autonomous driving technologies are extremely beneficial in increasing road safety and access to mobility. And 2022 was a notable year for the collective movement toward achieving higher levels of autonomy. Currently, major OEMs have achieved Level 3 autonomy, or conditional autonomy, where the vehicle can drive itself under appropriate conditions, but a human driver must always be present in the car. The main technology that allowed us to achieve Level 3 autonomy is Advanced Driver Assistance Systems or ADAS. ADAS uses radars, cameras, ultrasound, and a variety of different software to achieve vehicle automation. While ADAS is an essential element in providing autonomous driving, it is simply not enough to achieve higher levels of autonomy.

Autonomy Levels 4 and 5 entail high levels of autonomy with minimal to no intervention from the driver. To achieve these advanced autonomy levels, we need more comprehensive technologies such as connectivity. At the heart of vehicular communication technologies, we have vehicle-to-everything (V2X) technology that connects the vehicle to the network, infrastructure, other vehicles, and passengers around it. V2X communication utilizes wireless communication between the vehicle and the environment around it to gather real-time data on traffic conditions, road signs, warnings, and much more. V2X technologies are also very beneficial in ensuring road safety as they include connectivity with other vehicles (V2V) and pedestrians on the road (V2P).

This technology can greatly improve the effectiveness and accuracy of existing ADAS technologies and fast-track the path to full automation. 

3. Universal mobility

EV passenger vehicle numbers are growing, but so do the numbers of EV commercial fleets. In the past years, we have seen governments deploy electric buses, trams, and taxis in attempts to decarbonize public transport systems as well as increase access to mobility. Universal mobility entails having access to transportation for all members of society. The ultimate goal is to achieve universal basic mobility (UBM) and democratize the sector so everyone can access safe and efficient transportation. Among the latest technologies aimed to provide UBM are mobility-as-a-service (MaaS), robotaxis, and carsharing services.

The emergence of MaaS is not surprising, as it allows access to transportation for everyone who owns a smartphone. MaaS is currently on the rise with multiple successful cases worldwide, namely Kakao Mobility, Uber, and Lyft. These companies have been able to integrate multiple modes of transportation into a user-friendly mobile application, making transportation easily available to people at the tap of their fingers. 

As MaaS continues to grow businesses will need assistance in rolling out their own mobility services. AUTOCRYPT launched its mobility service solution AutoCrypt® MOVE, integrating its fleet management system with big data analysis and demand-oriented service modeling to help businesses and NGOs easily establish their own mobility services and reach universal basic mobility. 

4. Increasing need for cybersecurity

As vehicles become increasingly automated and connected, the need for effective cybersecurity measures becomes more important. With the proliferation of connected vehicles, hackers have more opportunities to gain access to vehicle systems and potentially cause harm. In addition, the increased use of automation in vehicles means that there are more potential points of failure that could be exploited by malicious actors. 

One of the main reasons for the increasing need for cybersecurity in the automotive industry is the growing number of connected vehicles on the road. Many modern vehicles are equipped with internet connectivity, which allows them to communicate with other vehicles and with external systems, such as traffic control systems and other infrastructure. This connectivity opens new possibilities for vehicle operation and convenience, but it also creates new vulnerabilities that can be exploited by hackers. For example, a hacker who gains access to a connected vehicle could potentially take control of the vehicle’s systems, including its brakes, steering, and acceleration. This could result in dangerous situations, such as collisions or loss of control. In addition, a hacker could potentially access sensitive personal information stored in the vehicle, such as location data or information about the vehicle’s owner. Exactly that happened in January of this year when a researcher was able to hack into 25 Tesla vehicles and gain access to vehicle control and the personal information of car owners. 

Another reason for the increased need for cybersecurity in the automotive industry is the growing use of automation in vehicles. Many modern vehicles are equipped with ADAS and vehicular communication technologies, which can assist with tasks such as lane keeping, automatic braking, and adaptive cruise control. While these systems can improve safety and convenience, they also introduce new potential points of failure that could be exploited by hackers.

Overall, the increasing use of automation and connectivity in vehicles is creating new challenges for cybersecurity. To protect against these challenges, it is important for the automotive industry to develop and implement effective cybersecurity measures. This may include measures such as encryption, secure authentication, and regular over-the-air (OTA) software updates to protect against known vulnerabilities. 

This year has seen positive strides in the mobility industry. The expansion of electric vehicle adoption, autonomous driving, universal mobility, and cybersecurity points to an industry-wide trend toward electrification, decarbonization, and innovation. However, in order to achieve the full potential of the technological shift within the sector we must remember to support this expansion with government policies, investments, and innovation.

As an automotive cybersecurity and mobility solutions provider, AUTOCRYPT offers secure connectivity technologies that support the expansion of the mobility sector. From securing V2X communications to embedded vehicular systems, AUTOCYRPT ensures that all connections are secured before vehicles hit the road. 

1 December, 2022 . 8 mins read

From Safety to Sustainability: A Look at the Short-Term Benefits of V2X

There are two major approaches to achieving autonomous driving. The first is ADAS (advanced driver-assistance systems). And the other is V2X (vehicle-to-everything). Although the public is now quite familiar with ADAS, V2X remains a relatively unknown field. Even among industry stakeholders, a common misconception about V2X is that it must be deployed on a mass scale to provide meaningful benefits. In this blog, we explain why V2X deployment might not be as big an investment as it might seem, by looking at some of the short-term benefits of V2X.

Why It Doesn’t Need to Be Mass Deployment

Indeed, the ultimate objective of V2X is to create a fully connected mobility ecosystem that enables a state of full driving automation (Level 5), where vehicles seamlessly communicate with their surrounding vehicles and infrastructure through exchanging messages in real-time, overcoming the shortcomings (e.g., blind spots, failed object recognition) of cameras and sensors. This approach towards autonomous driving is also referred to as Vehicle-Infrastructure Cooperated Autonomous Driving (VICAD).

However, establishing an entire V2X ecosystem is a long process, as it can take many years to transform an entire city’s transport infrastructure into V2X-enabled systems. Therefore, industry players shouldn’t solely focus on the final objective of VICAD, but instead, work towards deploying V2X for its immediate benefits. This way, consumers can start benefiting from V2X sooner, which helps generate momentum to accelerate further investment and deployment.

Imaging planning and building a subway network from scratch. Of course, the final goal is to create an interconnected network that covers the entire city. However, if the public must wait until an entire network to be completed before benefiting from it, there would be very little interest in moving the project forward. Instead, cities start by building and operating a single line to allow at least some consumers to benefit from it in the short term.

The same is true for V2X. It doesn’t need to be mass deployment before we can start to see benefits. Some case-specific applications, including Signal Phase and Timing (SPaT) and emergency vehicle preemption (EVP), have already generated some promising short-term benefits in terms of road safety and efficiency.

The Short-Term Benefits of V2X

1. Road safety

Even with selective, small-scale deployments over the short term, V2X opens the opportunity for many creative approaches to enhance road safety. For instance, V2X roadside units (RSU) can be installed onto traffic signals at selected intersections where car accidents frequently occur, enabling Signal Phase and Timing (SPaT). SPaT is a V2X application where the traffic signal informs incoming vehicles of the remaining time of the signal. When vehicles receive that information, they can automatically determine whether to continue to cruise through the intersection, slightly accelerate to pass through prior to the signal change, or gently decelerate to a full stop. Having machines do the timing and calculation can help reduce human misjudgments at intersections.

It might be tempting to think that SPaT is only beneficial when all vehicles are equipped with V2X onboard units (OBU). Of course, the more V2X-enabled vehicles there are, the more effective the use case becomes. Still, if only a quarter of vehicles were to be equipped with V2X OBUs, SPaT would make a significant difference by improving the safety record of the intersection. This is because drivers have a natural tendency to move with the flow. The behaviour of V2X-enabled vehicles will influence the behaviours of surrounding drivers, encouraging them to comply with the coordination as well, hence reducing the likelihood of dangerous acceleration and braking during yellow lights.

Installing RSUs at intersections enables another common use case known as emergency vehicle preemption (EVP), which is currently deployed in many major cities across the globe. This is where OBUs installed in ambulances and fire trucks communicate with RSUs at intersections, prompting the traffic signal to change in favour of their direction, making it a very useful application in dense city streets where emergency vehicles can easily get stuck in gridlocks.

As such, localized V2X applications like SPaT and EVP do not require mass deployment. Hence, infrastructure operators and automotive OEMs can focus primarily on these short-term benefits.

2. Traffic efficiency

Besides safety, traffic efficiency is one of the other short-term benefits of V2X. A promising V2X-enabled solution that helps increase traffic efficiency is truck platooning. This is when a fleet of trucks cruise in a row at the same speed in the formation of a train. Given that trucks take up a significant percentage of the highway, having trucks travel individually at different speeds across different lanes can slow the overall traffic and lead to potential safety hazards. By lining them up in a lane at a consistent speed, a significant amount of space can be freed up, enabling faster travel speeds, and reducing the level of congestion during peak times. Furthermore, truck drivers in the follower trucks will be able to rest during the trip, reducing the likelihood of driver fatigue, hence enhancing road safety as well.

Another localized application of V2X is smart parking. This is when RSUs equipped in parking lots communicate with OBUs in nearby vehicles to inform them about parking space availability. In busy urban centers, a great amount of aggregated time is spent on searching for parking space. Not only is it a frustrating experience to circle around a busy block looking for the nearest available parking space that doesn’t cost a fortune, but those in search of parking can add up to the existing traffic and cause further congestion. With V2X-enabled smart parking, there will be no need to roam around urban streets for parking.

3. Cost saving

Road transportation comes with a cost. Apart from fuel and maintenance costs, every minute spent sitting in traffic is an opportunity cost that can be measured in the form of lost productivity. According to the 2021 INRIX Global Traffic Scoreboard, traffic congestion in the United States costs the average driver $564 in lost productivity throughout the year, and an aggregated $53 billion to the country.

When RSUs are deployed in critical areas such as frequently congested intersections and highway merges, V2X-enabled traffic coordination like SPaT and lane merge assists can reduce congestion remarkably, thus cutting unnecessary fuel consumption and productivity loss.

4. Environmental sustainability

When it comes to sustainable transport, electric vehicles (EV) are the most effective solution that contributes directly to a reduction in carbon emissions. However, many do not realize that V2X is another promising technology that can make a positive impact on environmental sustainability.

This is because V2X is an effective energy saver. As aforementioned, since V2X applications can help coordinate traffic and reduce congestion, the average vehicle spends less time on the road, with less unnecessary acceleration and braking. This results in not just less emission, but also less electricity consumption for EVs. Although this might seem like a subtle difference for a single vehicle, the accumulated energy savings and emission cuts can make a meaningful impact on the environment.

Additionally, just like emergency vehicle preemption, OBUs can also be installed on buses and street cars so that traffic signals can give priority to public transit, making traveling by public transit more efficient and convenient, thus encouraging greater usage.

5. Convenience

Regardless of its application, a common benefit that V2X brings across all use cases is convenience. Through real-time communications, road users will be able to benefit from a smart and connected mobility environment.

Start Small, Think Big

Back to the point — V2X connectivity isn’t all about the big picture of full autonomous driving. Through vehicle-infrastructure cooperation, V2X can be utilized for a wide range of localized use cases that do not require much time and effort to deploy. Eventually, these local deployments will naturally accumulate to shape an interconnected V2X ecosystem, enabling a complete VICAD experience. Therefore, policymakers, infrastructure operators, OEMs, and investors should push forward V2X deployment by focusing primarily on its immediate benefits.

Securing V2X Communications

An integral component of V2X deployment is cybersecurity. Encryption and PKI-based authentication measures must be preestablished within the communication end-entities (OBU/RSUs) to ensure that the messages communicated via V2X are securely protected from unauthorized access and tampering. Conversely, with more and more localized V2X deployments, cybersecurity capability will continuously improve with enhanced regional security policies.

AUTOCRYPT’s secure V2X communications solution strengthens both privacy and safety for V2X applications, including a security module installable onto OBU/RSUs, a Security Credential Management System (SCMS) that issues, revokes, and manages digital certificates for end-entities, as well as an Integrated Management System (IMS) for SCMS that allows automotive OEMs to easily manage all their V2X certificates across all vehicle fleets via a graphical user interface.

To learn more about AUTOCRYPT’s V2X security solutions and offerings, contact global@autocrypt.io.

To stay informed and updated on the latest news about AUTOCRYPT and mobility tech, subscribe to AUTOCRYPT’s quarterly newsletter.

16 November, 2022 . 6 mins read

Cooperation in the New Automotive Software Supply Chain: An Emphasis on Cybersecurity

While there have been many changes within the automotive industry, since Toyota invented Just-in-Time (JIT) manufacturing in the 1960s, the automotive supply chain hasn’t seen much change within the past 60 years. The supply chain has been a solid vertical structure: Tier 2 suppliers provide subcomponents and materials to Tier 1 suppliers, who then supply OEMs with ready-to-install parts for assembly. This supply chain structure has been universally adopted because it is highly streamlined and efficient, both important attributes of vehicle production. Under this structure, automotive OEMs do not need to communicate directly with lower-tier suppliers, while every supplier focuses solely on fulfilling the orders of the upper-tier supplier. This all worked out great – until automotive software takes over the vehicle.

This vertical structure made perfect sense in the past when the automotive E/E architecture consisted of independent parts and domains. However, we are now approaching a different era of in the automotive supply chain where, fueled by the growing need for connectivity and automation, in-vehicle systems are becoming more and more sophisticated and interconnected, with software now acting as a core component of the vehicle. 

OEMs today are beginning to realize that the conventional manufacturing model no longer serves its purpose in the new era of software-defined vehicles. And with more and more EV startups entering the manufacturing game, conventional OEMs may need to redefine their supply chain to incorporate software development and cross-domain cooperation.

Growing Complexity of the Automotive Software Supply Chain

Name any car feature – more likely than not it is enabled by software. The modern vehicle runs on electronic systems and software that are stitched together to communicate with each other via the in-vehicle network. A typical vehicle today consists of up to 150 electronic control units (ECU), which are essentially minicomputers equipped with processors. System software needs to be embedded in each of these ECUs to control a particular domain of functions, such as powertrain, sensor, and infotainment.

As such, it would be an understatement to refer to the software-defined vehicle as “a computer on wheels.” A more accurate description would be “a computer network on wheels.” That’s because today’s vehicles run an average of 100 million lines of code. That is two to three times that of a PC operating system. And in fact, the level of complexity will only increase as more and more automated features and security systems are incorporated.

Under the current software supply chain structure, software vendors supply software development kits (SDK) and modules to chipmakers, which supply the chips (e.g., ECUs) to OEMs or Tier 1 suppliers, who then stitch all these chipsets onto the parts and components, putting them in place within the in-vehicle network. However, most OEMs have very little experience in software integration. Although vehicular software has been around for decades, nothing was at the magnitude and complexity of the software structure today.

Moreover, OEMs and Tier 1 suppliers are accustomed to the vertical supply chain structure. Many are overwhelmed by this growing need for direct external communications and cooperation.

Therefore, just like what many with a strategic mind would do, OEMs are outsourcing the work.

The Emergence of Software Providers and the Need for Cybersecurity

Due to the sheer volume and quick influx of software components, many OEMs choose to outsource software integration to a comprehensive software provider, acting as a “Tier 1 software supplier.” Many existing Tier 1 suppliers have seen this as an opportunity to expand their software division, and because of this many OEMs have chosen to establish or acquire their own dedicated software provider. Some take it a step further by making plans to establish a proprietary operating system and platform where all applications can be developed on. CARIAD from the Volkswagen Group is one such example. As the dedicated software provider for the Volkswagen Group, the company has announced plans to release the Volkswagen Operating System.

It might be tempting for OEMs to maintain their old way of doing things by having software providers take charge of all software integration, while focusing solely on inventory management, assembly, and quality control. However, the new supply chain landscape isn’t as straightforward, with quality control being the key difference. 

While hardware components are very easy to standardize and inspect, rules are different in the software game. Since there exists a cybersecurity risk in every connected computer – in the age of connected vehicles, software and cybersecurity must come hand in hand. This means that a large part of software quality control is making sure that it is free of vulnerabilities and flaws that may hinder its functionality and pose a cybersecurity risk. To do so, every piece of software needs to be rigorously tested prior to the release of a vehicle batch.

Additionally, similar to how OEMs are responsible for issuing hardware recalls, regulations are now holding OEMs accountable for software cybersecurity mismanagement and loopholes. The UN R155/R156 regulations set out by UNECE WP.29 mandate that all OEMs maintain an automotive cybersecurity management system (CSMS) and a software update management system (SUMS) for their vehicle fleets. This means that even after a vehicle is passed onto the consumer, software performance must be continuously managed, monitored, and updated and patched in real-time.

The bottom line: whether it is the OEM or the software provider in charge, the OEM will ultimately be responsible for cybersecurity management.

The Importance of Cooperation for Secure Software Implementation

At the end of the day, the jobs of both the OEM and software provider are to ensure that cybersecurity risk within the automotive ecosystem is well managed and minimized. However, this should not be taken lightly because cybersecurity management isn’t simply about buying security software from vendors and installing it into the systems.

In the sophisticated automotive software ecosystem, security measures must be incorporated and custom-built in the manufacturing process to ensure both secure implementation and cross-region interoperability.

Therefore, both OEMs and software providers must take an active role in cybersecurity and cooperate with firms specializing in automotive cybersecurity to facilitate secure software integration and implementation across all domains, from the embedded systems within a vehicle to the vehicle-to-everything (V2X) connections for autonomous driving and vehicle-to-grid (V2G) applications for EV charging.

The takeaway is this: the automotive industry has entered a new era – an era where value is no longer added step by step through vertical supply chains but generated from horizontal cooperation, and an era where the automobile is no longer a product, but a combination of services stacked on wheels.

To succeed in the new era of smart mobility, cooperation is the key.

To learn about how AUTOCRYPT’s in-vehicle systems (IVS) security solutions can help OEMs secure software integration and connectivity, contact global@autocrypt.io.

To stay informed and updated on the latest news about AUTOCRYPT and mobility tech, subscribe to AUTOCRYPT’s quarterly newsletter.

10 November, 2022 . 6 mins read

Vehicle Cybersecurity by Design: A Look at NHTSA’s 2022 Cybersecurity Best Practices

As more and more software components and connected technologies make their way into vehicles, cybersecurity has rapidly become a crucial aspect of vehicle design, manufacturing, and maintenance. However, in the century-old automotive industry, cybersecurity can be an unfamiliar field of expertise. Many automotive OEMs have found it challenging to implement security by design and integrate vehicle cybersecurity into functional safety.

To promote standardized practices in vehicle cybersecurity, the National Highway Traffic Safety Administration (NHTSA) – the United States’ federal agency dedicated to transport safety – drafted a guideline in 2016 on Cybersecurity Best Practices for the Safety of Modern Vehicles. The guideline helps automotive OEMs and suppliers establish a set of procedures to minimize cybersecurity risks and effectively manage threats throughout the vehicle lifecycle.

NHTSA’s guideline is centered around the voluntary standard of ISO/SAE 21434: “Road Vehicles – Cybersecurity Engineering”, a vehicle cybersecurity standard co-published by the International Organization for Standardization (ISO) and the Society of Automotive Engineers (SAE). Although compliance with the standard isn’t enforced by law like the United Nation’s R155 and R156 set out by UNECE WP.29, most automotive OEMs across the globe refer to ISO/SAE 21434 as a guide to establishing a secure procedure for vehicle manufacturing and post-production management.

In September 2022, NHTSA published the finalized version of the Cybersecurity Best Practices guideline, five years after the initial draft was released in 2016. The updated guideline contains more detailed descriptions of implementing appropriate cybersecurity procedures with respect to an OEM’s corporate process, as well as modifications based on the feedback and comments provided by industry experts.

Most importantly, the finalized Cybersecurity Best Practices contains updates to reflect the finalized version of ISO/SAE 21434, which was still under development when the 2016 draft was released.

A Summary of Key Practices Outlined by NHTSA

NHTSA’s Cybersecurity Best Practices contains a comprehensive corporate guide from as broad as leadership priorities and employee education to as specific as technical manuals on cryptographic techniques and credentials. In this blog, we extract some of the key practices relating to the establishment of vehicle cybersecurity by design, along with some of AUTOCRYPT’s tips that can help save corporate resources during the implementation process.

The Importance of Security by Design

Speaking of cybersecurity, most people tend to think about cybersecurity systems and tools like firewalls and threat detection software. However, the scope of cybersecurity in the IoT age stretches beyond these traditional definitions. For the automotive industry in particular, cybersecurity isn’t simply about threat detection and response, but covers an end-to-end process that begins from a vehicle’s development stage all the way to its everyday usage in the consumer’s hand. Therefore, a vehicle must be designed and developed with security in mind, and an OEM must continuously monitor and manage threats throughout the entire lifecycle of the vehicle.

Below is a summary of NHTSA’s suggested practices for achieving cybersecurity by design.

1. Risk Assessment and Removal

To incorporate vehicle cybersecurity by design, risk assessment must be performed at an early stage of a vehicle’s development process. This is done by evaluating a vehicle’s potential entry points from a threat actor’s perspective, predicting their motives and intrusion methods, then listing out the risks the vehicle faces. Of course, it can be difficult to pinpoint all prospective risks at an early stage. Hence this assessment should primarily focus on identifying risks that could potentially threaten the safety of passengers and other road users.

Our Tip: Cybersecurity risk assessment should be conducted by a team of security experts that specialize in automotive systems and architecture. To fill this gap, AUTOCRYPT provides Threat Assessment and Remediation Analysis (TARA) to automotive OEMs, generating an accurate assessment of the potential risks of a vehicle model. A professionally conducted TARA enables an OEM to make early adjustments to its system design and architecture to remove safety-critical risks, creating a solid foundation to build upon.

2. Security Testing and Vulnerability Identification

At the next stage, NHTSA recommends a full evaluation of both commercial off-the-shelf (COTS) and open-source software components used in embedded vehicle systems such as ECUs. This allows the OEM to identify all known vulnerabilities in their software. After known vulnerabilities are removed and patched, fuzzing and penetration testing should be conducted to further eliminate any zero-day vulnerabilities and software development flaws. To enable security by design, automotive OEMs need to ensure that their vehicles are vulnerability-free before moving into mass production.

Our Tip: AUTOCRYPT offers a range of advanced cybersecurity testing tools and solutions for manufacturers to identify flaws and vulnerabilities within their systems. Starting from AutoCrypt® Security Analyzer, which utilizes an SBOM (Software Bill of Materials) approach to scan the source code and break down the components of open-source software by different units of analysis, enabling accurate patching with minimal modifications required. This is followed by AutoCrypt® Security Fuzzer, which feeds the tested system with randomly generated, invalid, and unexpected inputs in an attempt to trigger errors and expose its vulnerabilities. Lastly, AUTOCRYPT’s security validation experts conduct penetration testing on the targeted program to eliminate any remaining flaws and vulnerabilities.

3. Monitoring, Containment, Remediation

After all the preventative measures are implemented, an OEM needs to integrate a set of security monitoring and management systems into the vehicle architecture. The NHTSA emphasizes that automotive OEMs must maintain their capability to monitor, contain, and respond to any attacks against their vehicle fleet after they are sold to consumers, with rapid incident detection and remediation capabilities being of paramount importance. This means that when a cyberattack occurs, the OEM must be able to detect it in real-time and prevent it from causing any safety-related impacts to its vehicle fleet.

Our Tip: An effective intrusion detection and prevention system (IDPS) should be equipped on every vehicle to defend it from all types of intrusions and internal threats. AutoCrypt® IVS is an advanced firewall for in-vehicle systems, capable of detecting any signs of intrusion and contain them from spreading inside the vehicle. To make things more visible for the OEM, all this fleet information can be visually monitored and managed on AUTOCRYPT’s Vehicle Security Operations Center (vSOC).

The Growing Importance of Vehicle Cybersecurity

Legally speaking, even though NHTSA’s Cybersecurity Best Practices and the ISO/SAE 21434 standard are not enforced as of today, they are extremely helpful to OEMs that want to succeed in the market of software-defined vehicles. Putting legalities aside, since many embedded systems inside a vehicle are directly related to its physical functionality, vehicle cybersecurity and functional safety are no longer separable, with cybersecurity becoming a crucial evaluation criterion for quality. Therefore, whether it is for regulatory compliance or quality assurance, OEMs and software providers must work together with cybersecurity providers to implement security by design and pave a safe future for every road user.

To learn more about AUTOCRYPT’s in-vehicle systems (IVS) security solutions and offerings, contact global@autocrypt.io.

To stay informed and updated on the latest news about AUTOCRYPT and mobility tech, subscribe to AUTOCRYPT’s quarterly newsletter.

1 November, 2022 . 5 mins read

Spotlight: V2X Interoperability Testing at OmniAir Costa del Sol Plugfest

In this blog, Vice President of Autocrypt North America, Martin Totev, takes us to OmniAir Consortium’s Costa del Sol Plugfest in Malaga, Spain, held between October 24 and 28, where AUTOCRYPT provided its SCMS certificates for the testing environment.

Interoperability Across the V2X Ecosystem

Cooperative Intelligent Transport Systems (C-ITS) are making road mobility increasingly connected and adaptive, linking vehicles with road infrastructures and pedestrians, and enabling them to cooperate with one another in real-time through V2X (vehicle-to-everything) communications. Yet, although the idea might seem straightforward, industry players and regulators have been putting tremendous effort into establishing V2X interoperability, ensuring that vehicles, smart devices, and infrastructures built by different manufacturers across various domains can seamlessly communicate with each other.

How is interoperability established? At the baseline, all manufacturers must follow a set of standards and protocols for each relevant use case. These protocols are often established by regulators and industry associations. For instance, the two major technical protocols for V2X communications include WAVE (Wireless Access in Vehicular Environments) by IEEE and C-V2X (cellular V2X) by 5GAA. As such, manufacturers of onboard units (OBU) and roadside units (RSU) need to ensure that all their end-entities within a V2X environment comply with the same protocol to enable reliable message transmission.

Similarly, the technical standard for electric vehicle charging is outlined in ISO 15118, which defines the architecture for Plug&Charge (PnC) and V2G (vehicle-to-grid) bidirectional charging, providing a set of consistent specifications and guidelines for OEMs, charger manufacturers, and charge point operators (CPO) to promote a seamless EV charging ecosystem.

Why Protocols Aren’t Enough: The Need for V2X Interoperability Testing

Simply because two manufacturers follow the same standard or protocol, it doesn’t necessarily guarantee that their devices will be perfectly compatible with each other under actual implementation. As a simplified example, the standard for a universal plug may specify the width but lacks specification on the length, resulting in plugs with different lengths being incompatible despite adhering to the same standard. In practice, incompatibility issues can be much more complex, arising from a variety of underlying factors that can be difficult to pinpoint.

Given that the V2X ecosystem involves a wide range of end-entities across different domains, interoperability testing is necessary prior to mass deployment. These tests are usually conducted at a plugtest (or plugfest), which invites all relevant manufacturers to deploy their vehicles and devices in combined scenarios.

OmniAir Plugfest

OmniAir Consortium is one of the most influential associations in the C-ITS industry. It specializes in promoting interoperability between different connected entities within the V2X ecosystem, including the vehicle itself, onboard units (OBU) and roadside units (RSU), embedded communication modules, and security modules and SCMS backends.

OmniAir Consortium regularly organizes interoperability testing events—known as OmniAir Plugfests—to provide a platform for industry participants to test the cross-domain interoperability of their connected mobility technologies and devices. The most recent Costa del Sol Plugfest was held between October 24 and 28 in Malaga, Spain.

Opening ceremony of the Costa del Sol Plugfest

A wide range of bench tests were performed at the Costa del Sol Plugfest, including those involving V2X modules, message encryption, V2X-PKI certificates, SPaT message transmissions, and MAP message transmissions. Specific use cases like red light violation warning, emergency vehicle preemption, lane closure warning, curve speed warning, and many more, were tested on the field. One of the industry’s major testing and inspection firms, DEKRA, provided its testbed for the event.

As one of the more than 60 associate members of the OmniAir Consortium, and a C-ITS cybersecurity provider specialized in securing V2X connections, the AUTOCRYPT team headed to Malaga to participate in the plugfest by providing AUTOCRYPT’s SCMS certificates to the devices tested at the event.

The AUTOCRYPT team testing our SCMS certificates at Dekra’s testbed

Is C-V2X Ready?

Vice President of Autocrypt North America, Martin Totev, presented at a panel session discussing whether C-V2X is ready to be deployed for commercial use. Martin expressed his optimism on C-V2X commercialization and stressed a step-by-step deployment approach. “It doesn’t need to be mass deployment and autonomous driving straight away,” said Martin. “We can begin by deploying them in vehicles first, then intersections with frequent accidents, gradually enhancing road safety and saving lives in the long run.”

Martin also pointed out the importance of cybersecurity in V2X. “Although interoperability testing is crucial, it only marks the beginning of a continuous improvement process. In fact, more commercial deployments are needed so that security and SCMS providers like AUTOCRYPT can continuously enhance its regional security policies and strengthen its definitions for misbehaviours.”

VP of Autocrypt North America, Martin Totev, speaking about C-V2X deployment

AUTOCRYPT’s Pivotal Role in the V2X Ecosystem

AUTOCRYPT specializes in securing V2X communications. Given that vehicles rely on V2X messages for judgment and decision-making, the validity of these messages is critical to the safety and functionality of cooperative autonomous driving.

AUTOCRYPT secures V2X communications using both encryption and authentication technologies. On the frontend, a security module is embedded into each end-entity to encrypt and decrypt messages by referring to a list of SCMS certificates stored in a Local Certificate Manager (LCM). At the backend, its SCMS architecture enables the proper issuance, revocation, and verification of certificates, ensuring message validity and privacy.

To learn more about AUTOCRYPT’s V2X security solutions, contact global@autocrypt.io.

To stay informed and updated on the latest news about AUTOCRYPT and mobility tech, subscribe to AUTOCRYPT’s quarterly newsletter.

20 October, 2022 . 6 mins read

More Public Chargers? Not Too Fast: The Growing Need to Securely Manage EV Charging Infrastructure

Electric vehicles (EV) are some of the hottest items today across the automotive and tech industries. With EV adoption accelerating year by year, there is no doubt now that EVs are on their way to take over the automotive market. However, with new EV releases and feature updates gathering all the spotlights, a complementary market — the market for EV charging infrastructure — is often overlooked.

EV charging infrastructure, or EV supply equipment (EVSE), refers to the charging stations and charging points that supply electricity to an EV’s battery. Clearly, the development and commercialization of EVs and EV charging infrastructure must go hand in hand. Knowing that EVs cannot thrive without decent charging infrastructure, automotive OEMs are constantly working with charger manufacturers and charge point operators (CPO) to bring smarter and faster charging infrastructure to the market, creating an environment that enables EVs to reach their maximum potential.

The question is: is the EVSE industry prepared to fulfill the massive influx of EVs over the coming years?

Private vs. Public Charging Infrastructure

Although a privately owned home charger is most likely the primary charger for the average EV owner, the long-term sustainability of the EV market depends heavily on the availability of public charging infrastructure. With a significant portion of urban residents living in apartments and condos with shared parking garages, public chargers must be adequately established to fulfill the growing charging demands. Moreover, for the times when longer trips are made, public EV chargers must be easily accessible en route. Therefore, to enable a seamless EV user experience, public charging infrastructure must be established on a wide scale.

The development and deployment process for private and public chargers vary significantly. Unlike a home charger, which simply contains electrical conductors and their related equipment, a public charger is much more complex, containing software for processing account information and billing, and communication protocols that deliver data between the vehicle and the charger. These software-enabled features make them more expensive and time-consuming to deploy and maintain.

The Current State of Public Charging Infrastructure

Overall, the market for public EV charging infrastructure has been growing at a steady rate. As of 2021, the United States has about 115,000 publicly accessible EV charging points, just surpassing its number of gas stations. Realizing that public charging infrastructure is crucial to EV adoption and achieving carbon emission targets, President Biden’s Bipartisan Infrastructure Law has dedicated $7.5 billion to developing publicly accessible EV charging points, with the goal of installing 500,000 additional public EV chargers compatible with all kinds of vehicles by 2030.

However, are 500,000 additional public chargers enough to fulfill the forecasted growth of EVs? To put the numbers in perspective, the US has a goal of cutting its road transport carbon emission by half in 2030. To reach this target, roughly one in every two new cars sold in 2030 must be an EV. However, according to research by McKinsey, if half of all new vehicles sold were to be EVs in 2030, the US would need 1.2 million public EV chargers by that year, meaning that even with 500,000 additional public chargers deployed, the total number will still fall short by nearly 600,000 units.

Then is it time to further accelerate public charger deployment? Ideally, yes. But not too fast.

The Challenges of Deploying Public Charging Infrastructure

A critical flaw of the current charging infrastructure development plan is that it puts too much emphasis on numbers, neglecting an important fact—the number of chargers isn’t all that matters. In fact, a recent survey conducted by J.D. Power revealed that among the 11,550 American EV drivers surveyed, one in five people reported not being able to charge their car during their visit to a public charging station. Among all the failed cases, 72% of them were attributed to nonfunctional equipment.

This clearly demonstrates that chasing numbers won’t guarantee promising results. It is pointless to have 500,000 chargers if 100,000 of them don’t work. Imagine the frustration of running low on battery and coming to the only available charger within range, only to discover that it does not work. If a one-in-five failure rate is not significant enough to raise an alarm, remember that most public EV chargers are built within the last several years; if nothing is done to address this issue, it is only a matter of time before more chargers end up dysfunctional.

Additionally, it is important to acknowledge that operating and maintaining an EV charging station is completely different from operating a gas station. Since charging takes much longer than filling gas, a much greater number of charging stations are needed than gas stations, making it impossible to staff them all. This makes it difficult for CPOs to monitor and maintain their charging points. A wide range of issues may arise in poorly maintained EV chargers, such as broken connectors, power failures, network failures, payment system failures, and unresponsive screens.

How a Charging Station Management System Can Help

A Charging Station Management System (CSMS) is a system software that connects to the Charge Point Operation Server (CPOS), which hosts all the applications built into the chargers. The CSMS collects real-time information on all chargers within the charging network. By doing so, it allows the CPO to monitor all its public chargers in real-time and respond to any errors or malfunctions immediately to guarantee service satisfaction. System and security updates can also be performed remotely on a timely basis. Depending on the service scope of the CSMS provider, CPOs can also utilize a CSMS to manage their customer accounts and billing information.

Additionally, the CSMS offers more potential benefits beyond charging station management. The charger data it collects can be used to provide a variety of customer-oriented EV charging information services. For instance, AUTOCRYPT has utilized the data it collected from its CSMS to operate a charger locator map in South Korea that provides real-time charger information such as location, availability, plug type, and price.

With the help of a CSMS, CPOs can deploy larger numbers of charging points across a wide range of locations without sacrificing service quality, while saving costs in the long run. By providing a secure and seamless charging experience for EV users, it helps create an EV-friendly environment that encourages continuous adoption.

AUTOCRYPT’s EVIQ is an EV charging and management solution centered around its CSMS, providing a comprehensive management platform for CPOs. At the same time, AUTOCRYPT offers a Plug&Charge (PnC) security module in compliance with ISO 15118, ready to be integrated with the PnC server, bringing security and convenience to both the CPO and its customers.

To learn more about AUTOCRYPT’s EV charging security and management solutions, contact global@autocrypt.io.

To stay informed and updated on the latest news about AUTOCRYPT and mobility tech, subscribe to AUTOCRYPT’s quarterly newsletter.