The automotive cybersecurity industry is in the midst of a hugely positive upswing that is promising for the future of connected, autonomous, shared and electric — or CASE — vehicles. With connected vehicle architecture being more complex and computerized than ever before, there are exciting conversations happening across the automotive supply chain that promise to make cybersecurity a higher priority for the protection of passengers, drivers and automakers alike. As a result of this progress, buzzwords and phrases are emerging that describe this industry shift. Among them is "security by design."
No doubt an intriguing concept, security by design has been described in other industries as the process of creating a "proactive, pragmatic and strategic approach that considers risk and security from the onset of any new initiative and nurtures trust at every stage." Viewing the concept through this lens explains why the term has taken hold in the automotive industry. Under this definition, security by design is hugely beneficial: trust, visibility and a considered approach to risk assessment produce a desirable automotive cybersecurity outcome.
However, when contextualized within the automotive industry's supply chain and product development cycle, security by design may be wishful thinking. With the current realities of vehicle design, planning and production, the concept could be interpreted as an excessively idealistic one that is difficult to enforce in just the preproduction phase, let alone throughout the entire vehicle life cycle.
As the industry is just beginning to approach automotive cybersecurity holistically, it's important that the other phases of the life cycle are not forgotten once the vehicle is on the road. For example, risk assessment, and the monitoring and management of the vehicle security posture, should be an ongoing task. With this in mind, it's important to explore what the industry really means in using the phrase "security by design," how it conflicts with reality and why it is not currently feasible for the automotive industry.