Automakers Will Have To Adjust to Lifetime Software Support

Over the past several years, as automakers have rolled out new infotainment and connectivity features, they have frequently referred to new cars as smartphones on wheels. Unfortunately for those marketers, that concept is becoming more true than they may have ever hoped. Heading into an era of ever more connected and automated vehicles, automakers are coming to terms with having to maintain and update the software in those vehicles for as long as they are on the road.

Prior to the 2007 introduction of the Apple iPhone, when consumers bought a cell phone, updates to the software that the phone shipped with were almost nonexistent. Wireless companies would sell customers a phone and then (aside from billing) forget about it until it was time to offer them a replacement when the contract was up.

The auto industry hasn’t been much different. Typically, the only time automakers update vehicle software is if something is found to be out of compliance with a regulation or if there was a substantial functional problem. Apple overturned that paradigm by issuing major annual software updates and periodic smaller updates to correct bugs and add major functionality to any of its phones with the hardware capable of supporting the features.

Lifetime Support

Until today, if car buyers wanted to add functionality that did not come from the factory, they would either have to look to the aftermarket or buy a newer model. To date, the only automaker to follow the smartphone model on a large scale is Tesla, which has delivered regular updates to the Model S since it went on sale in 2012. In 2015, Tesla even delivered an over-the-air software update that enabled semi-autonomous autopilot capability. Ford has done this on a smaller scale with updates to its SYNC infotainment system, but these changes have been much more limited in scope.

Guidehouse Insights’ Autonomous Vehicles report projects that 85 million vehicles with some degree of autonomous capability will be on the road by 2035. The Guidehouse Insights Connected Vehicles report projects 80 million vehicles with some degree of vehicle-to-external (V2X) communications by 2025.

With the creation of many new vehicles that can communicate with the outside world and take on some or all of the driving functionality, a ship-it-and-forget-it attitude is no longer viable. These new capabilities can provide increased convenience and (potentially) major safety and efficiency improvements to customers. However, they also significantly increase the potential of cyber-attack vectors. This may open the door for bad actors to track people, steal information, or—in the worst case scenario—take remote control of the vehicle, causing injury or death.

Importance of Security

Fortunately, manufacturers have recognized the importance of cyber security and are moving aggressively with new design, development, and validation processes in order to improve the resilience of in-vehicle electronics. However, doing a better job out the door is only the beginning of the process. In addition to developing new vehicles, engineers will now need to track information coming in through responsible disclosure programs and the (Automotive Information Sharing and Analysis Center) Auto-ISAC, and also provide security updates potentially for years after a vehicle is no longer in production.

With the current average age of vehicles at 11.4 years in the United States and many staying in service for 20 years or more, this will put a major new strain on engineering resources. Remote cyber-attacks against vehicles are still a non-trivial problem, but a major incursion is probably not imminent. However, the window of opportunity to find solutions is closing fast.