“SAE, in partnership with Synopsys, is pleased to present the findings of this study, as it provides real-world data to validate the concerns of cybersecurity professionals across the industry and highlights a path forward,” said Jack Pokrzywa, SAE International Director of Ground Vehicle Standards. “SAE members have sought to address cybersecurity challenges in the automotive systems development lifecycle for the last decade and worked together to publish SAE J3061™, the world’s first automotive cybersecurity standard. Armed with the findings of the study, SAE stands ready to convene the industry and lead development of targeted security controls, technical training, standards, and best practices to improve the security, and thus the safety, of modern vehicles.”
Synopsys and SAE commissioned the Ponemon Institute, a leading IT security research organization, to examine current cybersecurity practices in the automotive industry and its capability to address software security risks inherent in connected, software-enabled vehicles. Ponemon surveyed 593 professionals from global automotive manufacturers, suppliers and service providers. To ensure knowledgeable responses, all respondents are involved in assessing or contributing to the security of automotive technologies, including infotainment systems, telematics, steering systems, cameras, SoC-based components, driverless and autonomous vehicles, and RF technologies such as Wi-Fi and Bluetooth, among others.
“The proliferation of software, connectivity, and other emerging technologies in the automotive industry has introduced a critical vector of risk that didn’t exist before: cybersecurity,” said Andreas Kuehlmann, co-general manager of the Synopsys Software Integrity Group. “This study underscores the need for a fundamental shift—one that addresses cybersecurity holistically across the systems development lifecycle and throughout the automotive supply chain. Fortunately, the technology and best practices required to address these challenges already exists and Synopsys is poised to help the industry embrace them.”
Other key findings from the survey highlight:
- Lack of cybersecurity skills and resources. More than half of respondents say their organization doesn’t allocate enough budget and human capital to cybersecurity, while 62 percent say they don’t possess the necessary cybersecurity skills in product development.
- Proactive cybersecurity testing is not a priority. Less than half of organizations test their products for security vulnerabilities. Meanwhile, 71 percent believe that pressure to meet product deadlines is the primary factor leading to security vulnerabilities.
- Developers need cybersecurity training. Only 33 percent of respondents reported that their organizations educate developers on secure coding methods. Additionally, 60 percent say a lack of understanding or training on secure coding practices is a primary factor that leads to vulnerabilities.
- Cybersecurity risk throughout the supply chain. Seventy-three percent of respondents expressed concern about the cybersecurity of automotive technologies supplied by third parties. Meanwhile, only 44 percent say their organization imposes cybersecurity requirements for products provided by upstream suppliers.
Download a free copy of the report: Securing the Modern Vehicle: A Study of Automotive Industry Cybersecurity Practices.
Register for the webinar on February 27, 2019.
Learn more about software security solutions for the automotive industry.
About SAE International
SAE International is a global association committed to being the ultimate knowledge source for the engineering profession. By engaging nearly 200,000 engineers, technical experts and volunteers each year, we drive knowledge and expertise across a broad spectrum of industries. We act on two priorities: encouraging a lifetime of learning for mobility engineering professionals and setting the standards for industry engineering. We strive for a better world through the work of our philanthropic SAE Foundation, including programs like A World in Motion® and the Collegiate Design Series™.
About the Synopsys Software Integrity Platform
Synopsys Software Integrity Group helps organizations build secure, high-quality software, minimizing risks while maximizing speed and productivity. Synopsys, a recognized leader in application security, provides static analysis, software composition analysis, and dynamic analysis solutions that enable teams to quickly find and fix vulnerabilities and defects in proprietary code, open source components, and application behavior. With a combination of industry-leading tools, services, and expertise, only Synopsys helps organizations maximize security and quality in DevSecOps and throughout the software development life cycle. Learn more at www.synopsys.com/software.
Synopsys, Inc. (Nasdaq: SNPS) is the Silicon to Software™ partner for innovative companies developing the electronic products and software applications we rely on every day. As the world's 15th largest software company, Synopsys has a long history of being a global leader in electronic design automation (EDA) and semiconductor IP and is also growing its leadership in software security and quality solutions. Whether you're a system-on-chip (SoC) designer creating advanced semiconductors, or a software developer writing applications that require the highest security and quality, Synopsys has the solutions needed to deliver innovative, high-quality, secure products. Learn more at www.synopsys.com.
Continue reading »