The automotive industry is shifting gears, moving from hardware-centric to software-defined, always connected and customer-centric vehicles to provide a more enjoyable and personalized driving experience. Customers are increasingly looking for new and improved offerings, such as personalized in-car experiences and infotainment options, driven by advancements in technologies like ADAS and cockpit systems.

This represents the new industry standard, where features and capabilities are software-defined and can be updated throughout the vehicle’s life cycle to allow automakers to continuously enhance the vehicle’s features and capabilities long after the purchase is made. This means that cybersecurity measures to protect vehicles from malicious actors are only becoming more important over time

OEMs evolve to embrace new technologies

For an OEM, this transition means pivoting from a business model of selling cars to becoming a technology company offering data-driven and differentiated services to create new revenue streams. ADAS technology is a crucial part in this evolution, enhancing mobility to make driving safer, more comfortable and more enjoyable.

The OEMs that recognize the importance of ADAS (and invest heavily in it) are emerging as market leaders. Nearly three-quarters of EV buyers would consider switching brands for better ADAS features, according to research conducted by McKinsey & Company.

Features that were once considered premium options in the luxury market, such as automatic braking, adaptive cruise control and lane-keeping, are quickly becoming standard in everyday vehicles worldwide. Some analyst firms are predicting that by the end of this decade, a majority of vehicle sales will feature Level 2 and Level 2+ driver-assistance functionalities like those listed above.

This global ADAS adoption is being driven by several factors, starting with the demand for enhanced safety. Capable sensors have become more affordable, too, which has helped automotive manufacturers with the adoption of these technologies. Similarly, over time, there have been improvements in AI-driven sensor fusion technology, and regulatory pressures have supported stronger ADAS requirements to elevate innovation across the industry.

While most OEMs are focusing on L2 and L2+ ADAS technologies, only a few have successfully deployed L3 technologies, or conditional automation, to date. Mercedes, BMW and Honda are among the few to introduce L3 technologies and capabilities.

This limited adoption for L3 and beyond is driven in part due to the liability shift from driver to OEM. Reasonable questions and concerns still exist regarding responsibility, liability and insurance for highly autonomous cars in a time when such legislation does not exist.

Waymo levels up to L4 autonomous driving

Despite limited adoption of L3 systems, Waymo stands out as the only company to successfully achieve and deploy L4 technologies and autonomous driving services, allowing passengers to experience firsthand the future of mobility.

Waymo uses a combination of sensors, LiDAR, radar and cameras that all work together within pre-mapped surroundings. Its sixth-generation technology consists of three complementary sensing modalities, creating a 360-degree view that detects objects up to 500 meters away under all weather conditions. Waymo also leverages AI and machine learning technologies to combine modalities and data, enabling cars to make accurate split-second decisions in complex environments.

With over 200,000 paid trips each week, and more than one million driving miles covered weekly (which is more than the total miles driven by a human in a lifetime) Waymo has achieved a significant milestone. Providing this level of transparency and recording this information has helped legitimize Waymo’s service from a safety lens and allows for improvements where necessary.

Why cybersecurity is integral to safety strategy

As the complexity of software and hardware in L4 autonomous systems increases, coupled with the 24/7 connectivity required for autonomous ride-hailing services, these vehicles become more vulnerable to cybersecurity threats due to the increased attack surface.

In January 2024, Upstream’s Global Automotive Cybersecurity Report declared an automotive cybersecurity inflection point and examined how cybersecurity risks have evolved from experimental hacking into large-scale automotive attacks. Upstream data revealed that the proportion of incidents with a “High” (thousands of mobility assets) or “Massive” (millions of mobility assets) impact continued to increase between 2023 and 2024, accounting for nearly 60% of all incidents.

(Source: Upstream Security)

If an autonomous vehicle is compromised, especially without a human driver, there can potentially be serious consequences with a direct impact on human lives. In addition to safety concerns, protecting personal information and user data is critical for complying with privacy regulations and maintaining public trust.

The interconnected nature of electric, autonomous vehicles with public infrastructure, including grid systems, means that a cyberattack could lead to large-scale disruption, posing a significant threat to national security. As of today, many chargers, charging infrastructure components, and related apps are vulnerable to physical and remote manipulation that can stop them from working reliably. In February 2024, the UK’s Office for Product Safety and Standards (OPSS) halted the sale of Spanish-made EV chargers after finding they did not meet existing cybersecurity requirements, sparking concerns about possible threats to the country’s energy infrastructure.

If bad actors were to gain access to trained AI inference models, this could result in companies losing their competitive edge, along with years of research and development.

Cybersecurity cannot be an afterthought

Cybersecurity is not just a concern or an add-on feature; it’s an integral component of the safety strategy for autonomous vehicles to ensure safe and secure mobility.

It starts with implementing security-by-design principles and includes a defense-in-depth strategy along with a layered security approach. This applies end-to-end across the stack from hardware, software, networks, and storage. Authentication measures, integrity checks, secure storage solutions, software updates, and tamper-proof sensors are measures that should be taken and routinely checked when exploring autonomous driving technologies.

Additionally, ensuring supply chain security and integrity is vital for guaranteeing the authenticity of components. It’s key to integrate security-certified solutions conducted by independent third-party independent labs and auditors to provide additional validation and enhance security assurance and trust. As the automotive and ecosystem evolves, policy makers are rethinking cybersecurity laws, regulatory frameworks and standards to adapt to technological developments, promote safety and enhance cybersecurity resilience. The evolving regulations worldwide reflect a global commitment to a future focused on safe and secure mobility.