Cybersecurity Concerns in Connected and Electric Vehicles (EVs)
The Central government has urged automobile manufacturers and parts makers to conduct thorough audits of software and devices controlling connected cars and electric vehicles (EVs), highlighting potential cybersecurity vulnerabilities. This advisory, however, lacks a specific deadline for the audits.
Background and Recent Developments
- The advisory follows the government's action directing Apple and Google to remove three apps due to EV hacking concerns.
- These apps—BAT-BMS, Lossigy, and Epoch-i-ion—were allegedly misused to remotely disable EVs, highlighting security vulnerabilities in battery management systems.
Government Advisory Details
- The Ministry of Heavy Industries has advised automakers to audit battery communication interfaces and address unsecured settings, weak authentication, and unprotected over-the-air pathways.
- Automakers are encouraged to collaborate with other ministries and stakeholders for developing robust cyber safety protocols.
Industry Impact and Statistics
- There is an increasing adoption of connected car features, with remote services and battery management witnessing significant growth from 2022 to 2026, according to JATO Dynamics.
- The lack of a dominant operating system for connected vehicles in India amplifies the security risks, as most manufacturers rely on proprietary ecosystems.
Challenges and Recommendations
- The removal of problematic apps addresses only a part of the issue; the core vulnerabilities within communication interfaces remain.
- Manufacturers are advised to establish robust cybersecurity and software update management systems, including securing OTA updates and validating software integrity.
- Data security is also emphasized with most manufacturers relying on hyperscale cloud providers for secure data transmission and storage.
Sectoral Concerns and Expert Opinions
- Sunil Dahiya, a policy analyst, notes that similar cybersecurity concerns exist across other sectors, emphasizing the need for audits without hindering technological progress.
The government's current focus on cybersecurity in the automotive sector underscores the necessity for stringent measures to safeguard against technological vulnerabilities that could compromise vehicle safety and functionality.