Automotive cybersecurity management
: a conceptual framework for improved cybersecurity knowledge sharing in the automotive industry

  • Garikayi Madzudzo

Student thesis: Doctoral ThesisDoctor of Philosophy

Abstract

The inclusion of new connected services and features embodying unfamiliar technologies has transformed the automotive industry. Vehicle manufacturers and component suppliers now develop and integrate ever more technologically complex components into the modern connected vehicle. In the unrelenting search for sustainable competitive advantage, automotive manufacturers are driven to develop more reliable and safer products; at the same time as promoting product personalisation, higher quality, increased functionality and, lower costs. The creation of new digital products is a complex task, characterised by uncertainty, variability and the threat of cybersecurity breaches. These innovations require cooperation across multiple fields of expertise, some of them new to automotive design, development and, production.

Even though the potential risks inherent in cyber-vulnerable connected and autonomous vehicles affect all stakeholders in the automotive industry from, vehicle designers and manufacturers to vehicle end-users, there are relatively few research contributions which focus on the wider social, economic and behavioural aspects rather than the technological. The varied and often competing incentives of different auto industry actors to invest in cybersecurity defences, and the sharing of component-related knowledge, in particular, the knowledge of potential cybersecurity threats and vulnerabilities of relevance for the digital security of connected and autonomous vehicles, are identified as a challenge to developing a specific and coherent industry response to the growing threats posed by cybersecurity breaches. This thesis summarises research conducted to investigate and analyse the sharing of knowledge related to component integration processes within the automotive industry as a potential factor for improving the cybersecurity of modern connected vehicles. The study focuses on the knowledge sharing aspects of the component integration problem, rather than investigating the technical aspects.

Fieldwork involving two original equipment manufacturers (OEMs), two automotive component manufactures, plus a number of knowledge experts from across a spectrum of automotive stakeholder institutions, was conducted to identify the most important factors, and management strategies, in an attempt to ensure auto security now and in the future. An interpretive paradigm using multi-method research was employed to collect qualitative data from experts within the auto-domain.

The research has resulted in a number of contributions and benefits for the automotive industry. A key contribution is the development of a conceptual framework for the sharing of knowledge related to components and their integration processes, which can help all relevant stakeholders; from vehicle manufacturers to their supply chain, dealers and their customers, to be better prepared to handle the complexities of the current cybersecurity landscape where the sector operates. The proposed knowledge sharing framework, which has been positively evaluated by experts from the automotive domain, is designed to assist the industry to develop, design and deliver more cyber-secure vehicles through better management of component integration processes by overcoming some of the limitations of existing techniques for knowledge sharing in the integration of components for connected vehicles as identified in the relevant literature. The proposed framework is supported by theory from both the automotive and the knowledge management domains and brings together the best practices established in this thesis through the literature review and the primary evidence from the semi-structured interviews and the online surveys.

Feedback provided by the study’s participants suggests that the proposed framework overcomes some of the major challenges of component integration processes particularly those of relevance for the cybersecurity of the connected vehicle. In addition to its contribution to the emerging body of knowledge on the subject, the research has identified areas where there is significant scope for further research and investigation.
Date of AwardJun 2020
Original languageEnglish
Awarding Institution
  • Coventry University
SupervisorSiraj Shaikh (Supervisor), Alexeis Garcia-Perez (Supervisor) & David Morris (Supervisor)

Cite this

'