The Integration of Enterprise and Embedded Systems in Automotive Security

In recent years, the automotive industry has seen a significant shift toward interconnected systems, particularly with the integration of enterprise and embedded systems. This integration has broadened the attack surface, making it crucial for security experts to work together to address vulnerabilities.

Enterprise systems, such as web applications and cloud components, are increasingly being used in vehicles for various functions, including over-the-air updates and telemetry data. This brings security to the forefront, requiring testing to identify vulnerabilities and ensure the systems are secure. And that’s where ETAS comes into the picture.

Enterprise pen testing was the topic of a February 2025 episode of “Empowering Tomorrow’s Automotive Software” podcast, with ETAS’s Zane Pelletier and Michael Scharl lending their expertise. You can hear the full episode here, or wherever you listen to podcasts (e.g., Spotify, Apple Podcasts, Amazon Music, iHeart Radio, etc.). Here are some of the key topics Zane and Michael address.

Onboard vs. Offboard Systems: The pair discuss the distinction between onboard systems (i.e., physically within the vehicle) and offboard systems (i.e., back-end systems), their interconnectivity within a vehicle and impact on one another, requiring thorough testing of both for vehicle security.

Cloudification: The shift toward cloud-hosted back-end systems is on the rise in automotive, with vehicles connecting to cloud systems for updates and data monitoring. As the host for a variety of vehicle services, if you can get into the cloud, you can access these services and functionalities, increasing the need for robust security measures.

Critical Vulnerabilities: Referencing an article by Sam Curry, Zane and Michael highlight critical vulnerabilities in various car manufacturers' systems. These vulnerabilities demonstrate the need for enterprise security in automotive, as compromising one car can lead to compromising an entire fleet.

Simulations: Red team exercises help simulate real-world attack scenarios, similar to those in Same Curry’s article, and improve security measures. Critical to this is understanding it’s not just testing vehicle systems, it’s testing the cloud-based infrastructure – individually and together. For more information on red teaming, check out this episode.

Breaking Down Silos: This is where Zane and Michael agree that a lot of improvement needs to be made moving forward. Enterprise and embedded security experts need to collaborate and share knowledge for successfully addressing evolving security challenges. Bringing different types of testers, red and blue teams (traditionally on opposite sides) together to build a holistic solution benefits everyone.

The integration of enterprise and embedded systems in automotive security presents new challenges and opportunities. Security experts must work together, conduct thorough testing, and stay updated on the latest trends to ensure the safety and security of vehicles. As Zane and Michael point out, no automaker is safe, and no single person has the answer. Securing tomorrow’s vehicle will take communication and a group of experts learning and working together.