According to some projections, in 2027 beyond 97% of cars sold globally will be digitally connected. This is an epochal change, because it transforms the very concept of mobility: each of these vehicles becomes a network node, capable of exchanging data, updating remotely, communicating with energy systems and, in the future, becoming increasingly integrated with autonomous driving functions. All this, if on the one hand it offers convenience and advantages of various kinds, including the possible reduction of accidents and greater efficiency in energy consumption, on the other brings with it new challenges related to cybersecurity. A “connected car” it can in fact be compared to a computer on wheels: it has operating systems, sensors, wireless networks and software which, as happens with smartphones and laptops, are potentially vulnerable to external attacks. Possible scenarios range from the theft of personal data to the blocking of driving functions, up to the alteration of crucial systems such as braking or stability assistance.
And the issue doesn’t just concern individual cars: with the transition to electric vehicles, it also affects charging stations they become part of this complex network, becoming a additional access point for possible intrusions. In this context, manufacturers and institutions are working to ensure that the mobility of the future does not become the Achilles’ heel of our digital security. Specific regulations, penetration tests and protocols designed to protect vehicles are already in place, and at the same time the internal skills of companies to manage this challenge are growing. The objective is clear: to ensure that technological innovation goes hand in hand with safety.
Password: multilevel defense
When it comes to cybersecurity in connected carsit is useful to clarify that we are not referring to a hypothetical risk. Already today, infotainment systems – the displays that allow you to listen to music, receive traffic information or make calls – can be the target of intrusions. The same goes for external interfaces like Wi-Fi, Bluetooth, USB, and GPS, all potential gateways for an attack. For this reason car manufacturers have started to implement one multi-level defensewhich is not just about the vehicle itself, but theentire production chain. In factory departments, for example, machinery and networks connected are protected viaIndustrial Internet of Things; remote diagnostics and predictive maintenance systems are armored in cloud infrastructures; Central nodes such as the Central Gateway, which manages internal data, or the Powertrain, i.e. the powertrain, are protected inside the car.
To support these measures there are international standards that oblige producers to respect precise rules. THE’IEC 62443 concerns the protection of production sites and industrial systems. THE’ISO/SAE 21434 establishes how to identify and manage cyber risks throughout the life cycle of a vehicle, from its design to its disposal. The regulations UNECE R155 And UNECE R156instead, they introduce specific obligations: the first concerns the management of cybersecurity on board; the second software updates, which must be able to be carried out safely.
Before a car is put on the market, it must pass a penetration test. It’s one hacker attack simulationconducted under controlled conditions, to test how resistant a vehicle is to external intrusions. The test takes into account wireless networks, car-to-car communication or V2V (Vehicle-to-Vehicle) and that between cars and infrastructure o V2I (Vehicle-to-Infrastructure). This allows any flaws to be highlighted and corrected before the car reaches customers.
How to mitigate the safety risks of electric cars
The universe of electric cars. These vehicles are not only connected to the Internet, but also integrated into the electricity grid. Through services like the V2G (Vehicle-to-Grid) can return energy to the grid at peak times, transforming themselves into real mobile batteries. This feature, while useful, introduces new vulnerabilities: every time a car connects to one charging stationexchanges not only energy, but also data, and this can expose the ecosystem to cyber attacks. Hypothesized scenarios include data theft or data breach and attacks DoS (Denial-of-Service), which aim to saturate a system to make it unusable. In an extreme case, malware introduced via a charging station could spread not just to a vehicle, but to the entire distribution network. All this would obviously have very serious consequences.
Charging methods play a crucial role. Today three can be distinguished: the conductive chargingi.e. via cable connected to a wallbox or public column; there inductive chargingwhich occurs without a cable but by magnetic induction, in static or dynamic mode; and the battery swappingwhich involves rapid battery replacement in special stations. From a safety point of view, conductive charging is considered the most exposed, especially when using communication protocols such as OCPP (Open Charge Point Protocol) in older versions, where documented vulnerabilities have already been discovered. During a public stop, the car remains connected for long periods of time, increasing the time window in which an attacker could act.
To mitigate these risks, experts suggest adopt updated protocols as OCPP 2.0.1which integrates stronger authentication mechanisms and advanced encryption. Encryption, for those who don’t know it, is a method that transforms information into a ciphered language understandable only by those who have the key to decode it, making the data unusable for anyone else. At the same time, it becomes essential invest in the training of engineers, designers and specialized technicianscapable of constantly updating systems and anticipating new types of attacks.
The challenge of cybersecurity in connected cars, and even more so in electric ones, should therefore not be seen as an obstacle to the future of mobility, but as a field in which technology and security must advance together. Of course, awareness and careful use by us drivers will also be key to safe smart mobility.
