The automotive industry faces growing cybersecurity concerns as analysts warn that over-the-air technology used to update vehicle systems increases vulnerability to cyberattacks. OTA technology delivers wireless software, firmware, and data updates to internet-connected vehicles, a practice Tesla normalized starting in 2012 with Model S updates. Experts cite national security risks beyond data privacy, with countries including Norway, Denmark, and Britain expressing concerns about foreign actors potentially sabotaging vehicle controls, prompting calls for increased regulatory intervention in the sector.
Jason Van der Schyff, a fellow of cyber, technology and security at the Australian Strategic Policy Institute, noted that OTA technology is now embedded across much of the automotive sector. Siraj Ahmed Shaikh, professor in systems security at Swansea University in the U.K., told CNBC that the technology is welcomed as a quick and cost-effective alternative to traditional recall methods. Gabriel Lim, senior analyst at the S. Rajaratnam School of International Studies in Singapore, characterized OTA use as "a unique national security concern."
Norwegian Bus Company Ruter Identifies Control System Vulnerability
Late last year, Norwegian bus company Ruter conducted security tests on two buses and identified potential risks in one vehicle linked to OTA technology. The company stated: "There is access to the control system for battery and power supply via mobile network through a Romanian SIM card. In theory, therefore, this bus can be stopped or rendered inoperable by the manufacturer." The tests were conducted on buses manufactured by Chinese firm Yutong.
UK and Denmark Launch OTA Security Investigations
Following Ruter's investigation, the UK and Denmark initiated their own security reviews. The UK's Department for Transport confirmed it was examining the issue and working closely with the country's National Cyber Security Centre. Professor Shaikh emphasized that the vulnerability extends beyond one manufacturer or country, noting that OTA adoption is spreading to maritime, rail, aerospace, industrial machinery, and robotics sectors.
American Enterprise Institute Recommends Security Reviews in May Report
In May, the American Enterprise Institute issued a report warning that safeguarding the automotive sector was crucial to limit foreign governments' espionage capabilities. The report stated: "To protect against foreign espionage threats, the US should consider additional security reviews, implement restrictions on certain foreign-made hardware and software in vehicles, and mandate increased data-collection disclosures." Lim stressed the importance of holding entities and governments accountable for how OTA systems are applied, particularly regarding systems that "run quietly in the background of the technologies we use in our everyday lives."
FAQ
What vulnerability did Norwegian bus company Ruter discover in OTA technology?
Ruter found that one bus had access to its control system for battery and power supply via mobile network through a Romanian SIM card, meaning the vehicle could theoretically be stopped or rendered inoperable by the manufacturer.
Which countries launched investigations following the Norwegian bus tests?
The UK and Denmark initiated their own security investigations after Ruter's findings, with the UK's Department for Transport working closely with the National Cyber Security Centre to examine the issue.
What did the American Enterprise Institute recommend in its May report?
The institute recommended that the US consider additional security reviews, implement restrictions on certain foreign-made hardware and software in vehicles, and mandate increased data-collection disclosures to protect against foreign espionage threats.