BE PREPARED AND ALWAYS IMPROVE

This chapter discusses the importance of protecting vehicles after production, covering the topics of continuous cybersecurity monitoring, vulnerability management, incident response, and secure over‐the‐air (OTA) updates. While the previous chapters focused on improving security, mainly during the development and testing phases up until release, this chapter focuses on security aspects after release and the related processes and activities during the operations and maintenance phases. Considering the fact that vehicles have lifespans of 10–15 years, it is necessary for automotive organizations to conduct continuous cybersecurity activities such as threat and vulnerability monitoring. To this end, it is important to have an approach for how to monitor for new vulnerabilities and be able to track which vehicles or automotive systems are vulnerable.

As the focus on cybersecurity in the automotive software development lifecycle increases, there will definitely be more secure and safe cars on the roads in the future. However, with new vehicles containing large volumes of software, even with the right security tools, processes and training, it is not possible to guarantee that there will not exist any vulnerabilities in the software of a vehicle when it is released, or to ensure that no new vulnerabilities will be detected over the course of the ...