By Gregor Knappik (Senior Cybersecurity Solution Architect) and Ling Cheng (Senior Product Marketing Manager)
According to a Gartner® report, titled “Connected Vehicle Market Forecast: Opportunity Spotlight,” “The volume of vehicles manufactured with an embedded telematics control unit will grow from 485 million in 2024 to 852 million by 2032.”* However, our threat intelligence monitoring shows a 600% increase in vehicle cyberthreats over just four years. As more and more vehicles hit the road, diagnosing problems has become increasingly complex, introducing severe safety risks. The current approach of relying heavily on cloud-based detection and response has further exacerbated the issues, leading to three critical challenges:
- Escalating transmission costs: Current vehicle cybersecurity depends on uploading vast amounts of data to the vehicle security operations center (VSOC), significantly driving up costs as fleets expand. With millions of vehicles transmitting data for analysis, cloud transmission alone can cost up to US$2.1 million per month, creating a substantial financial strain. Minimizing the number of unnecessary security events sent to the VSOC is now a key concern.
- Distinguishing cyberattacks from malfunctions: As vehicles become software-defined, troubleshooting becomes more complex for the traditionally hardware-focused automotive industry. Automotive manufacturers (OEMs) and suppliers often struggle to differentiate between cyberattacks and system malfunctions. For example, if headlights fail unexpectedly at night, manufacturers might focus solely on mechanical issues, overlooking the potential for a cyberattack and thus delaying resolution and jeopardizing driver safety.
- Delayed response to cyberthreats: While software-defined vehicles (SDVs) enable updateable features, frequent function changes burden the VSOC with continuously adapting anomaly detection methods. This increases reliance on human resources and can result in delayed responses, especially when connectivity issues prevent timely data transmission. Such delays can leave ongoing cyberattacks undetected, compounding risks and endangering both fleets and drivers.
What if vehicles didn’t have to rely solely on remote teams to stay safe?
As the automotive industry moves toward the vision of AI-driven, software-defined vehicles, a pivotal question arises: What innovative approaches can address the aforementioned challenges?
This vision involves vehicles capable of independently managing simpler issues while refining and consolidating data before sharing it with cloud-based VSOC teams. By utilizing edge AI, vehicles are equipped with the intelligence to learn, recognize threats, and, if necessary, autonomously defend themselves. Essentially, each vehicle is equipped with the foundational capabilities of an entry-level VSOC, seamlessly integrated into its architecture.
By embedding threat detection directly at the edge, vehicles can correlate telemetry data and security events across multiple electronic control units (ECUs), such as those flagged by intrusion detection systems (IDSs). This integration transforms disparate data points into contextualized attack paths, processed efficiently at the edge using advanced computing resources like CPUs, NPUs, or GPUs. These contextualized insights are then cross-referenced with real-world incidents and threat intelligence, enabling vehicles to detect suspicious behavior before it escalates.
Figure 1. Edge AI brings VSOC capabilities into vehicles, enabling localized threat detection and response.
What are the benefits of edge AI detection?
Embedding intelligence into vehicles transforms them from being merely connected to becoming resilient and adaptive. Key benefits of edge AI detection include:
- Reducing vehicle running costs: By minimizing cloud dependency, edge AI lowers costs and ensures that data remains secure onboard. This reduction in data transmission results in lower VSOC operational costs through improved efficiency and streamlined processes.
- Reducing vehicle downtime: Edge AI enables in-vehicle analysis of data to identify not only cyber risks but also potential system or ECU malfunctions and even anomalies in driver behavior. This capability supports predictive maintenance, reduces downtime, and improves vehicle reliability.
- Reducing integration and maintenance costs: Traditional distributed cybersecurity strategies often require high customization efforts for various hardware and software systems and requirements. The more functions developed, the higher the demand for verification. Edge AI simplifies this process by centralizing cybersecurity functions on the edge AI–enabled ECU, reducing the need for implementations across other ECUs.
Figure 2. Edge AI reduces integration and maintenance costs by centralizing cybersecurity functions.
- Increasing VSOC team efficiency: With edge AI, only critical detections are sent to the VSOC team, eliminating the need for handling scattered and non-actionable data. This streamlined approach allows the VSOC team to focus on high-priority tasks, ensuring actionable insights are readily available for faster and more effective responses.
These key benefits are the rationale behind the development of xCarbon Edge AI, a patent-pending technology by VicOne. Following the mega trend of edge computing, xCarbon Edge AI delivers extraordinary advantages for vehicles, trucks, and buses in production for over 20 years. This innovation represents a step toward empowering vehicles to not only respond to threats but also actively defend against them — transforming the way we think about cybersecurity in the automotive world.
*Gartner, Connected Vehicle Market Forecast: Opportunity Spotlight, Jonathan Davenport, 18 October 2024. (For Gartner Subscribers only) GARTNER is a registered trademark and service mark of Gartner, Inc. and/or its affiliates in the U.S. and internationally and is used herein with permission. All rights reserved.
