Cybersecurity is essential for next-gen connected vehicles: Sasken’s Rahul Bagchi

As cars increasingly incorporate digital technologies into their design and become connected, they face the same data breach risks as computers and smartphones. In an exclusive conversation with TechCircle, Rahul Bagchi, AVP - Product Engineering Services at product engineering company Sasken Technologies Limited, explains cyber security risks of connected vehicles with real-world physical consequences and how companies can ensure the safety, privacy of customers while maintaining operational reliability of these vehicles.

Securing connected vehicles

Bengaluru-headquartered Sasken Technologies is a key provider of embedded systems, digital transformation, and cloud services to companies with a key focus on the automotive sector. According to Bagchi, “Connected vehicles that are digitally integrated platforms incorporating cloud services, edge intelligence, and real-time data are vulnerable due to complex legacy systems, diverse interfaces, and open software.”

Giving examples of the intricate nature of connected transportation that introduces various vulnerabilities, he said that wireless interfaces (satellite, cellular, Wi-Fi, Bluetooth) are susceptible to exploitation, offering entry points for attackers. Over-the-air updates can be hijacked to inject malicious firmware. Sensor fusion systems (cameras, LiDAR, GPS) are vulnerable to spoofing or jamming, compromising accuracy. Interconnected multi-vendor supply chains amplify risks through third-party vulnerabilities.

Addressing these challenges holistically is crucial for ensuring the safety and resilience of connected transportation, encompassing smart EVs, trains, and buses, which involve traffic control, navigation, infotainment, and financial transactions.

“In India, where cost pressures often drive design trade-offs, we also see delayed patching and insecure aftermarket devices compounding the risk. India’s AIS 189 (vehicle cybersecurity) and AIS 190 (software update integrity) are important steps to address these, enforcing that systems must detect, respond to, and recover from cyber incidents throughout their lifecycle,” he said.

Furthermore, Bagchi believes that security is not a one-time certification but rather a continuous commitment that requires a lifecycle approach to embed cybersecurity at every stage of a system's existence. For instance, design incorporates security-by-design principles. Development employs secure coding and Software Bill of Materials. Deployed systems require patching, intrusion detection, and monitoring. As Bagchi noted, “Even at the decommissioning stage, robust processes such as data erasure and secure retirement must be enforced to prevent data leaks or the misuse of repurposed components. In short, lifecycle security transforms transportation from being reactively protected to proactively resilient.”

Moreover, transportation cybersecurity is unique due to real-time, safety-critical constraints. A compromised ECU cannot simply restart. Certifications like ISO 26262/EN 50128 impose strict reliability. “Systems operate across networks and jurisdictions, complicating endpoint protection and secure communication. Security solutions must be lightweight and deterministic for real-time performance,” Bagchi advised.

Partnerships between technology providers and cybersecurity leaders are also crucial. Companies like Sasken, with expertise in silicon, embedded systems, and Artificial Intelligence/Machine Learning (AI/ML), complement security product companies offering Trusted Execution Environments and Post-Quantum Cryptography. These partnerships enable end-to-end secure, compliant, and scalable systems.

India – a key growth market

India's diverse vehicle types and affordability focus create unique opportunities. EV telematics enables battery health tracking and anti-theft capabilities. Fleet management and route optimisation enhance efficiency. FASTag infrastructure drives smart tolling. Insurance telematics personalises premiums. In-vehicle infotainment introduces media security and privacy risks. These use cases require data protection, resilient updates, and regulatory alignment.

The company is eyeing strong growth for its business from the automotive industry in India.

India is pivotal to our growth strategy. We provide Security by Design services for OEMs and Tier-1 suppliers, security consulting for railways, and TEE-based secure applications for EVs. We also address cybersecurity in smart transport infrastructure, including tolling systems and V2X gateway security. We are betting on cybersecurity to enable trusted innovation in India's transportation ecosystem,” he said.

In February, Sasken launched a regional office and offshore development centre (ODC) in Ahmedabad (formerly Anups Silicon Services), spanning 14,000 sq. ft. with a capacity for 150 employees, including an ODC centre, Testing & Development Lab, and training centre. This is expected to boost growth in the silicon design market.

The product engineering firm acquired a 60% stake in Anups Silicon Services Private Limited (ASSPL) in March 2024 for ₹33.2 crore. This acquisition, along with the previous acquisition of Borqs Technologies' ODM and software services business, enhances Sasken's capabilities in semiconductor design and development, adding expertise in ideation, IP development, software and product realisation, and hardware supply chain management.

“In the future, Software-Defined Vehicles will introduce cloud-native principles, requiring zero-trust models and continuous monitoring. Vehicle-to-Everything communication necessitates secure messaging and identity validation. AI integration demands robust measures to secure model integrity, aligning with regulations like the EU AI Act. Cybersecurity strategies must balance performance, cost, and compliance,” said Bagchi.