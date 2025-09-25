Dublin, Sept. 25, 2025 (GLOBE NEWSWIRE) -- The "Smart Car Information Security (Cybersecurity and Data Security) Research Report, 2025" report has been added to ResearchAndMarkets.com's offering.



Research on Automotive Information Security: AI Fusion Intelligent Protection and Ecological Collaboration Ensure Cybersecurity and Data Security

At present, what are the security risks faced by intelligent connected vehicles? Automotive information security covers two aspects: cybersecurity and data security. Cybersecurity measures and data security technologies are embedded in the information security framework to form multi-layer protection.

Intelligent connected vehicles have become integrated mobile smart terminals. The EEAs continue to evolve, but automotive information security attacks are increasing, including autonomous driving safety attacks (sensor failure and deception, software vulnerabilities and network attacks, decision algorithm defects, data privacy and security), vehicle-road-cloud integrated network attacks (Internet of Vehicles platform attacks, roadside infrastructure tools, satellite Internet attacks), and attacks on charging networks (new energy vehicle battery system attacks, charging station network attacks).

The trend of flattening the supply chain requires ecological collaboration and protection, and the shortened SDV iteration cycle increases the pressure of security testing

Software-defined vehicles (SDV) separate software and hardware. OEMs are currently adopting an iterative R&D model to shorten the new function release cycle to 3-6 months, so that the pressure of automotive software security testing is prominent. Faced with the threat of cybersecurity and data security, OEMs are increasingly integrating security practices into all phases of the vehicle lifecycle development within their agile DevOps for development and operation. They are gradually embracing the integrated development of DevSecOps.

With the trend of flattening the supply chain, OEMs now have to face more suppliers, and it is difficult for them to obtain device source code, and there is a lack of efficient firmware security testing tools. In view of this, OEMs are gradually increasing vulnerability management efforts and continuously strengthening software supply chain security efforts. Effective response measures include software bill of materials (SBOM) management, software composition analysis (SCA), code review, SAST, IAST, DAST, fuzz testing and other technologies.

The application of AI in the field of automotive information security is evolving from single-point defense to intelligence and systematization

AI is reshaping the paradigm of automotive information security, shifting from passive protection to a closed loop of `prediction-defense-response`. The application of AI in the field of automotive information security is evolving from single-point defense to intelligence and systematization. The main trends are reflected in two aspects: technology application and industrial ecology. The technology application trends include the following:

Cloud-edge-vehicle linkage: For example, NavInfo and Alibaba Cloud jointly build an intelligent cloud base to support the closed loop of autonomous driving R&D data and security strategy collaboration.

The application of post-quantum cryptography technology in the automotive industry has moved from technical accumulation to industrialization

The application of post-quantum cryptography technology in the automotive industry has moved from technical accumulation to industrialization under the impetus of both quantum threats and intelligent cybersecurity demand. In the short term, chip performance and standard unification should be handled. In the long term, a full-stack protection system of `algorithm-chip-communication-cloud platform` will be formed. OEMs should give priority to the layout of hybrid encryption, automotive chip certification and V2X security upgrades to cope with quantum security challenges in the next 10 years. The post-quantum cryptography migration strategy of the US NIST clearly states that for important infrastructure and business systems, the existing PKI algorithms will be replaced in 2028-2030.

Traditional asymmetric encryption algorithms like RSA and ECC are indeed vulnerable to attacks from quantum computers using algorithms like Shor's. This means that, if powerful quantum computers become a reality, public key cryptography systems relying on these algorithms for vehicle-to-cloud communication, OTA updates, and identity authentication could be compromised. The life cycle of a car is as long as 10-15 years, and quantum computers may break through in the next 10 years, so post-quantum protection should be deployed in advance.

Stricter policies and regulations force OEMs to make safety design in advance, shifting from `after-the-fact remediation` to `full life cycle safety design`

Since the release of the `Data Security Law` in 2021, national ministries and commissions have issued a total of 39 policies and regulations related to data security in the automotive industry (such as `Several Provisions on Automotive Data Security Management (Trial)`, `Guidelines for Detecting Important Data in Connected Vehicles and Autonomous Driving`, GB/T 41871-2022 `Information Security Technology - Security Requirements for Automotive Data Processing`, GB/T 44464-2024 `General Requirements for Automotive Data`, GB/T `Intelligent Connected Vehicles - Data Security Management System Specifications` (under preparation)) and 7 standards, so that the industry's data security management system is becoming perfect.

At present, the data security challenges faced by OEMs include a wide variety of data types and diverse attacks, such as 0-day attacks, supply chain risks (OEMs share data with many partners and suppliers, so third-party risks become an important source of data leakage), and human factors (employees' weak security awareness and operational errors are also important causes of data leakage). Therefore, it is necessary to construct a data protection and governance system for the entire life cycle, and it is recommended to strengthen the construction in the following aspects (see the figure below).

Key Topics Covered:

1 Automotive Information Security

Current Security Risks of Intelligent Connected Vehicles

Security Issues Of Intelligent Vehicles

Vehicle Attacks

Classification of Internet of Vehicles Security Risks

Summary of Major Global Intelligent Vehicle Cybersecurity Events

Attack Classification

Automotive Information Security Vulnerability Trends

Authoritative Cybersecurity Vulnerability Platforms at Home and Abroad

Vulnerability Rating Mechanism in the Automotive Industry

Supply Chain Security

Comparison of Software Component Detection Tools

Software Bill of Materials (SBOM)

Software Supply Chain Security

Software Security and Compliance Scenarios in the Automotive Industry

Recommendations for Automotive Information Security Compliance System

Role of TARA in Automotive Cybersecurity

Specific Application Examples of TARA in Automotive Cybersecurity

Case of Foundation Model Reconstructing TARA Platform

Security Products for WP29 R155/44495

Protection Technology: IDPS & VSOC

IDS/IDPS Architecture

Core Capability of VSOC

VSOC: Evolution to Collaboration with Agent

IDPS & VSOC Solution Case

Protection Technology: Penetration Testing & Fuzz Testing

Penetration Testing Technology

Fuzz Testing Technology

Fuzz Testing of Key Components

Fuzz Testing at the Vehicle-level/Development Stage

Protection Technology: SAST, IAST & DAST

SAST Technology

SAST Solution Providers and Cooperation with OEMs

IAST Technology

IAST Solution Providers and Cooperation with OEMs

DAST Technology

DAST Solution Providers and Cooperation with OEMs

DevSecOps

Protection Technology: Post-quantum Cryptography

SPHINCS+ Post-quantum Cryptographic Algorithm

Application of PQC in the Automotive Field

PQC Application Case in the Automotive Safety Field

Cooperation Cases between Major PQC Suppliers and Automotive Customers

Policies, Regulations and Standards

Laws, Regulations and Standards Related To Information Security

Three National Mandatory Standards

Framework of GB 44495

Impact of GB 44495 on OEMs

2 Automotive Data Security

Data Security Regulations and Policies

Legal Provisions of Automotive Data Security Management System

Standardization of Automotive Data Security Management System

Model Data Compliance Embedded in the Development Process

National Standards/Industry Standards Related to Classification and Grading of Intelligent Connected Vehicle Data

Data Security Challenges Faced by OEMs and Protection Response Suggestions

Data Security Test Items

Automotive Data Security Test: Personal Information Protection Test Method

Automotive Data Security Test: Anonymization Test Method

Autonomous Driving Data Desensitization: Key Technology for Protecting Privacy and Data Security

Overview of OEMs and Models with Automotive Privacy Protection Logos

Background of Cross-border Data Regulations and Policies

Core Methods for OEMs to Let Data Cross Borders

Implementation Paths and Core Measures for Cross-border Data

Typical Model Cross-border Data Cases

Automotive Cross-border Service Providers and Cooperative OEMs

Agile Technology

Eagle Cloud

XDLP

BJCA

SafePloy

Infosec Technologies

3 Information Security Practices of OEMs

SERES

Automotive Information Security System Construction

Data Security Construction Steps and Effects

Information Security Ecological Synergy Strategy and Effects

Technology Integration and Innovation in Data Security Construction

Security Protection Improvement through Intelligent Operation

Automotive Information Security Cooperation Case

Leapmotor

Xpeng

NIO

Li Auto

Xiaomi

BYD

Geely

Dongfeng Motor

BAIC

FAW

SAIC

GAC

JAC Group

Chery

Changan

Great Wall Motor

4 Typical Automotive Information Security Hardware Companies

UNI-SENTRY

Thinktech

NationalChip

Shanghai Hangxin

HSEC

Fudan Microelectronics

5 Major Automotive Information Security Software Providers

Software Security TechnologySourceGuard

Seczone

SECTREND

Feysh Technology

TICPSH

Chiwu Technology

6 Typical Internet of Vehicles Information Security Solution Providers

Vecentek

GoGoByte

Inchtek

SECDEER

SEC-ICV

Yaxon Zhilian

Qingtianxinan

7 Trends and Summary

Summary of Automotive Information Security Chips

Summary of Fuzz Testing Solutions

Summary of SCA Tools/Platforms

Summary of Source Code Security Tools/Platforms

Summary of IDPS & VSOC Solutions

Summary of Secure Communication Solutions/Platforms and Cooperative OEMs

Summary of Internet of Vehicles Security Solutions and Cooperative OEMs

Summary of Automotive Cybersecurity Solutions and Cooperative OEMs

Summary of Automotive Data Security Solutions and Cooperative OEMs

Trend 1: The application of Post-quantum cryptography technology in the automotive industry has moved from technical accumulation to industrialization

Summary of Post-quantum Cryptography Products and Cooperative OEMs

Trend 3: Application of AI in Automotive Information Security/Cooperation Cases

Trend 4: Foundation Model Automotive Information Security Application/OEMs

Application of Agents in Automotive Information Security/Cooperation Cases

