Introduction
In automotive cybersecurity, Vehicle Security Operations Centers (vSOCs) are among the key security solutions that aid in protecting vehicles from sophisticated cyberattacks. Since 2023, automotive industries players, including OEMs and Tier 1 and Tier 2 suppliers, are facing several challenges in maintaining and improving the security of Software Defined Vehicles (SDVs), as the number and sophistication of cyberattacks pertaining to automotive vehicles has significantly increased over the years. In 2024, 409 publicly reported automotive and smart mobility cybersecurity incidents were recorded, representing a 39% increase from 295 incidents recorded in 2023. To address the emerging cybersecurity threats and associated risks, compliance standards like ISO/SAE 21434 and UNECE WP.29 R155/R156 ensure security is integrated into the automotive supply chain.
Furthermore, to proactively detect and respond to threats, bolster security postures and investigate threats post-incident, the industry is increasingly employing and integrating AI-powered solutions into the automotive cybersecurity ecosystem. While AI-powered solutions provide several advantages, AI-integration represents one of the new risks areas that introduces vulnerabilities, alongside supply chain attacks and electric vehicle charging infrastructure threats. Furthermore, new ethical considerations related to privacy, transparency, and oversight must also be addressed for responsible implementation.
What is a vSOC ?
A Vehicle Security Operations Centre (vSOC) acts as a digital security guardian that protects connected vehicles, mobility endpoints and their associated services, by providing continuous real-time monitoring and effective response to security incidents. In general, vSOCs are holistic platforms consisting of both advanced tools (analytics, automation and AI) along with a dedicated human team for effective detection and response.
Automotive Security with vSOC
In Automotive Security, vSOC works by aggregating and analyzing data streams from multiple sources such as vehicle’s ECUs, sensors, telematics unit, fleet management platforms and other connected services, which are shared securely to the cloud. These shared data streams are normalized and analyzed by the security teams using advanced analytic tools to scan for anomalies, malicious activities and are either responded or escalated accordingly by using automated incident response workflows, ensuring quick incident containment and compliance.
Industries Approach on creating vSOCs
| Approach | Description | Pros | Cons |
|---|---|---|---|
|
Combine |
Expand existing SOC with automotive-specific capabilities |
|
|
|
Create |
Build a new dedicated vSOC for automotive needs |
|
|
|
Contract |
Outsource vSOC operations to a Managed Security Service Provider (MSSPs) |
|
|
A widely used approach by manufacturers and suppliers in employing vSOC is the “Hybrid-Cloud based managed service” model, where security expertise, advanced tools and compliance management are provided by external Managed Security Service Providers (MSSPs), as this model is scalable, collaborative and cost efficient.
AI in vSOC and Efficiency: Threat detection and response
As the number and sophistication of cyber-attacks targeting vehicles, mobility applications and assets are increasing, OEMS, Tier-1 and Tier-2 suppliers are increasingly employing AI-based solutions. Employing AI-based solutions and integrating it into vSOC will enable it to analyze large amounts of vehicle data quickly, analyze patterns and detect anomalies, streamline investigations and perform enhanced risk assessments on large-scale risks.
For Example, AI models can learn the typical usage of patterns of a vehicle, including common routes, usual speed range during certain time periods, such as morning peak hours. If a spoofing attempt occurs on the vehicle, where the vehicle gets commanded to accelerate at a speed far beyond typical range during peak traffic periods, the AI can recognize the discrepancy by comparing the commanded speed to its typical speed range at that specific time. This discrepancy gets flagged as a spoofing attempt, triggering alerts and initiating protective measures.
However, it is important to consider that, to obtain efficiency and accurate results with AI-based solutions, continuous updates on AI, refined Data and skilled human supervision are needed to prevent bias or oversight.
With over a decade of experience in automotive software optimization and AI acceleration, MulticoreWare specializes in delivering high-performance AI algorithms and neural networks optimized for automotive compute platforms. Our expertise in heterogeneous computing optimization helps customers in implementing AI Driven intrusion detection system(s) that can analyze vast volumes of data efficiently without compromising performance as demanded by automotive applications.
Ethical Considerations of AI
AI has been employed and integrated by the automotive industry in recent years, for several reasons, but in vehicle cybersecurity context, the usage of AI within automotive products and services is for primarily achieving several immediate benefits. These benefits would be enhanced threat detection and response, predictive maintenance of security systems potential to thwart sophisticated cyber-attacks that would compromise physical safety and data integrity
However, the integration of AI is not just a technical update, but rather a model that learns as it operates, to which requires a lot of ethical considerations as relying on and implementing an AI workflow with minimal human oversight can introduce risks such as
- Escalated risk of algorithmic bias, unfair outcomes, or breach of privacy norms
- Potential misclassification of events, leading to overlooking attacks or unnecessary shutdowns of critical services
- Increased liability for errors caused by autonomous systems operating with minimal human oversight
The Balanced Approach
To overcome these risks, a balanced approach is necessary to be followed, which includes clear communication on data use, strict data minimization, and including meaningful human intervention checks in AI workflows for oversight. This balanced approach ensures a workflow where humans provide judgment based on context and AI provides speed and scale making a resilient vSOC.
To summarize, automotive manufacturers and suppliers have increasingly begun integrating AI-driven security solutions into their supply chains, products and services to protect their customers and assets while ensuring compliance. However, a deeper understanding of the emerging risks of AI coupled with adopting this balanced approach would enable the industry to effectively navigate the cyber threat landscape.
