AESIN attended the CYBER UK conference last month to see how the automotive industry featured at the UK government’s flagship cyber security event.
There were fascinating sessions on the use of AI for both attack and defence and a great talk by The Lazarus Heist podcaster. In addition to a branded bottle, there were two standout takeaways:
1. Automotive Applications were all but Absent
This was astonishing because the automotive industry is one of the world’s largest consumers of integrated semiconductors and the possibility for widespread disruption of transport and society is embedded throughout our supply chains, infrastructure, and vehicles. The demand for Electronic Control Units (ECUs) in vehicles will continue to grow rapidly – from $72.1Bn last year to $127.6Bn in 2033[1] – driven by the move to electric vehicles and increasing software features.
In addition, almost every new vehicle is connected to the cloud.
Speakers from NCSC, GCHQ, the US White House National Cyber Director, the German Federal Office for Information Security, Japan’s Deputy National Security Adviser, and several others took the stage to highlight the decades-old problem of memory safety that continues to this day in software used in a vast array of applications, including vehicles. The US White House emphasize the urgent adoption of memory safe technology such as the Rust programming language and the CHERI hardware architecture.
We’ve previously reported that AESIN is working with network members Thales and WMG to investigate the potential of CHERI for the automotive electronics community. A key focus for the RESAuto project is the economic impact of adopting CHERI on software engineering processes. Well-written MISRA C or CERT C software, proven in safety-critical vehicle functions over many years, is likely to contain very few memory vulnerabilities. However, compiling for CHERI-enabled hardware has picked some issues in automatically generated code, an approach which is likely to be increasingly used as ADAS and Automated Driving functions demand more and more complex software running on more powerful platforms.
[1] Source: Copyright © 2024 Precedence Research: Global Automotive Electronic Control Unit Market 2024-2033 https://www.precedenceresearch.com/automotive-electronic-control-unit-market
[2] Source: Copyright © McKinsey & Company: Automotive software and electronics 2030
[3] Source: Copyright © 2024 Upstream Security Ltd: Global Automotive Cybersecurity Report 2024
https://upstream.auto/reports/global-automotive-cybersecurity-report/








