Cybersecurity in the Fast Lane: Securing the Next Generation of Connected Vehicles

March 18, 2025

Blog

How evolving regulations and emerging technologies are shaping the next generation of secure mobility.

The automotive industry is undergoing a digital transformation, with connected and electric vehicles (EVs) at the forefront. However, this increased connectivity also exposes vehicles to cyber threats, making cybersecurity a fundamental requirement at every stage of a vehicle’s lifecycle. As regulations tighten and new technologies emerge, manufacturers and engineers must adopt forward-thinking security strategies to safeguard modern mobility.

Cybersecurity Across the Automotive Lifecycle

Unlike other market segments (such as consumer, for example), cybersecurity in automotive must extend across the entire vehicle lifecycle—from development to decommissioning. During the development phase, the priority is functionality, which can sometimes lead to risky practices such as embedding default authentication credentials into code. However, once a vehicle is ready for production, stronger security measures become critical, particularly for owner authentication.

Cybersecurity plays a critical role in the future of connected vehicles

At the end of a vehicle’s life, proper security decommissioning—known as sanitization—is essential to remove stored credentials and authentication certificates. Failing to do so could expose legacy vehicles to cyber threats long after they are retired. By integrating cybersecurity into the design phase, automakers can ensure security remains intact throughout the vehicle’s lifespan.

Regulatory Compliance: Navigating a Heavily Regulated Industry

With vehicles becoming more software-defined, compliance with cybersecurity regulations is paramount. The industry follows ISO 26262 for functional safety and ISO 21434 for cybersecurity, with the latter now playing a critical role in securing connected vehicles, similar to how functional safety has been established into the automotive lifecycle. Additionally, the combination of safety and security plays a crucial role in self-driving automotive applications.

The properties of connected automotive software require robust cybersecurity

Beyond vehicles, infrastructure security—particularly for EV charging stations—is another area requiring immediate attention. The Open Charge Point Protocol (OCPP) 1.6J remains the de facto industry standard, relying primarily on Transport Layer Security (TLS) v1.x protocol for security for communication. However, OCPP 2.0.1 introduces improved security features but lacks backward compatibility with older versions, posing integration challenges. The upcoming OCPP 2.1 aims to bridge most of these gaps while enhancing security for bidirectional power transfer, making it more suitable for future Vehicle-to-Grid (V2G) and Vehicle-to-Everything (V2X) applications.

Despite these advancements, cybersecurity in EV infrastructure remains underemphasized. As vehicles and grids become more interconnected, engineers must extend cybersecurity principles beyond the vehicle to ensure the entire mobility ecosystem remains secure.

The Quantum Computing Threat: Preparing for the Future

A growing concern in cybersecurity is the advent of quantum computing, which could render current cryptographic standards obsolete. Today’s RSA-based encryption, widely used for digital signatures (DSA) and authentication, could be cracked by future quantum computers, exposing vehicles and infrastructure to significant vulnerabilities.

To address this threat, the National Institute of Standards and Technology (NIST) has established new Post-Quantum Cryptography (PQC) algorithms designed to withstand quantum-based attacks. These include: FIPS-203: ML-KEM (Key Encapsulation Mechanism), FIPS-204: ML-DSA (Digital Signature Algorithm), and FIPS-205: SLH-DSA (Hash-Based Signature).

The challenge now is planning a smooth migration to these algorithms across vehicles and backend infrastructure. This is particularly crucial for V2X and V2G communications, where EVs must authenticate and exchange authorization data autonomously—such as in ISO 15118’s Plug & Charge feature.

What the future holds for cybersecurity

The Road Ahead: Securing Tomorrow’s Mobility

As vehicles become increasingly connected, cybersecurity must evolve alongside them. Engineers, automakers, and infrastructure providers must adopt a layered security approach, integrating advanced cryptography, continuous software updates, and post-quantum security measures.

Proactive cybersecurity strategies will be the key to ensuring safe, resilient, and intelligent mobility for future generations. By embedding security into every phase of the vehicle lifecycle—while preparing for quantum threats—the industry can drive innovation without compromising safety.

---

Francesco Fiaschi is a Cyber Security Expert at Littelfuse Inc., with extensive experience in Embedded Software, Engineering, and Product Management. Before joining Littelfuse, Francesco worked internationally for leading corporations such as WindRiver, Harman & Becker, Infineon, and Intel, where he earned his Project Manager Professional (PMP) certification. He has contributed to various sectors, including Telecomm, Industrial, Mil/Aero, Automotive, IoT, medical, and secure production manufacturing, with a recent focus on cybersecurity. Francesco holds a Master of Science in Electronics from Italy.