This year, a United Nations regulation on vehicle cybersecurity came into force, obligating manufacturers to perform various risk assessments and report on intrusion attempts to certify cybersecurity readiness. The regulation will take effect for all vehicles sold in Europe from July 2024 and in Japan and South Korea in 2022.

Major software and hardware suppliers to the world’s manufacturers build in firewalls to ensure that such elements as infotainment systems are prevented from passing code to systems that regulate speed, steering and other critical functions.Vehicle electronic control units are being designed to send an alert if one system that normally never communicates with another suddenly tries to do so. And they’re also locked down, so that an attempt to inject new code will be thwarted.

Cybersecurity companies must protect a vehicle in multiple ways. Threats include SIM cards carrying malicious code, faked over-the-air software updates, code sent from a smartphone to the vehicle, and vehicle sensors and cameras being tricked with wrong information.

The challenge may be even greater than securing the world’s airlines. According to a McKinsey & Company report on automotive cybersecurity, modern vehicles employ around 150 electronic control units and about 100 million lines of code; by 2030, with the advent of autonomous driving features and so-called vehicle-to-vehicle communication, the number of lines of code may triple.