Automotive Cyber Security - A Glossary of Terms

Our team at Arilou Cyber Security, part of NNG Group, put together this handy glossary to help you make sense of the growing collection of cyber security terms.

Making sense of automotive technical terms can be a challenge. Add cyber security to the mix and you end up with a broad collection of abbreviations and terms that can overwhelm even the most seasoned of engineers.

To help you avoid confusion, the team at Arilou – part of NNG Group – have put together this handy glossary. Covering as many terms as possible, this glossary will help you hold your own in your next automotive cyber security meeting. Check back regularly for updates.



Accuracy is a combination of Precision – the solutions ability to identify malicious attacks with the least possible false alarms – and Recall – the actual number of malicious attacks identified. High accuracy means a greater number of attacks detected with fewer false alarms.

Automotive Cyber Security

The discipline related to protecting automobiles against cyber-attack from malicious agents (hackers). Involves securing the vehicle’s IVN, ECUs, and Cloud connectivity using automotive-grade cyber security solutions and strategies.


AUTomotive Open Systems ARchitecture – AUTOSAR – is a global partnership of OEMs, suppliers and service providers formed in 2003. Their mission is to develop a standardized vehicle network architecture for intelligent mobility.

Connected Vehicle

A vehicle that contains one or more internet-enabled ECUs or other wireless data transceivers. These connected components allow the vehicle to communicate with devices both inside and outside the vehicle – enabling V2X uses cases, OTA updates and other Cloud-based use cases – but opens the vehicle to cyber-attack.

Controller Area Network (CAN) Bus

A type of IVN developed by Robert Bosch GmbH in the 1980s. Uses a looped bus structure. Developed prior to the connected vehicle, it allows unrestricted communication across the bus. CAN forms the primary IVN in use today, although it’s low bandwidth could see it replaced by Ethernet.

Denial of Service (DoS) Attack

When a hacker attempts to overwhelm a network with fake or malicious messages, making usual operation impossible.

Electronic Control Unit (ECU)

ECUs are like mini computers which control a variety of different processes and features throughout the vehicle – from infotainment and telematics to suites of sensors which monitor braking or measure fuel consumption. ECUs connect directly to the IVN.

Endpoint Security

Endpoint, in cyber security, refers to the protection of the endpoint – or functional component – of a network. In the field of automotive cyber security, this refers to ECUs or other components attached to the IVN.


Automotive Ethernet is a type of IVN based on the BroadR-Reach standard developed by Broadcom as part of the OPEN Alliance SIG. Uses a switched, star-type topology. Ethernet offers greater bandwidth than other IVNs, opening options for V2X and other data-heavy use cases.

Gateway Security

Gateways security refers to the protection of connections between IVNs. Gateways enable the flow of traffic in, out, and between networks, and can serve a variety of functions, including filtering (firewalling/whitelisting) or translating between different protocols or data formats.

Arilou, IVI, Infotainment, Glossary, Automotive, Cyber Security, Security, Automotive Cyber Security Glossary

In-Vehicle Infotainment (IVI)

Housed in head-units, dash, central consoles and driver-facing instrument clusters. Controls systems such as HVAC, digital radio and GPS navigation. Can include USB ports, feature Bluetooth and cellular connections enabling Wi-Fi LAN, SMS and handsfree calling.

In-Vehicle Network (IVN)

A harness consisting of electronic cables that form the central data transfer network of the vehicle. Various network topologies are used to relay ECU messages throughout the vehicle.

Intrusion Detection and Prevention System (IDPS)

A combination of IDS and IPS solutions. Consists of software, hardware – or a combination of both – and monitors the IVN for anomalous traffic. Upon detection, it reports anomalies to the SOC for review where prevention can be activated if required.

Latency (of a Cyber Security Solution)

Refers to the speed of detection, or more accurately, the difference in time between the moment the attack happens and the moment a cyber security solution identifies it as a malicious attack.

MAC Address

The Media Access Control (MAC) address is a unique device identification number that is assigned to hardware connected to a network. The MAC address can be used as a network address for various network types, including Ethernet.

MAC-Spoofing Attack

Involves changing factory assigned MAC addresses via vulnerabilities in the software drivers of target hardware.

Mobility as a Service (MaaS)

A commercial response to new technologies that has prompted a shift in consumer tastes – from vehicle ownership to shared ownership services such as Zipcar and Car2Go, or peer-to-peer ride services such as Uber and Lyft.

Arilou, OBD-II Port, Glossary, Automotive, Cyber Security, Security, Automotive Cyber Security Glossary

On-Board Diagnostics Port-II (OBD-II)

The OBD-II port allows direct physical access to the IVN from within the vehicle’s cabin. Allows diagnostic tools – or malicious devices – to be attached to the vehicle. Standard in new model vehicles since the 1990s in the United States of America, and early 2000’s in the European Union.

Over-the-Air (OTA)

OTA refers to hardware or software updates, performed wirelessly and remotely using a variety of communications methods. These updates can include new configuration settings and/or software patches, which can be distributed from one central location to all users of the target device.


Refers to the network or system resources a cyber security solution requires to operate. A solution with high overhead can dramatically reduce the performance of the IVN or ECU to which it is deployed.

Security Information Event Management (SIEM)

Refers to cyber security products and services which combine data storage, inspection and analysis tools. SIEM services aggregate and correlate data from software and hardware cyber-security solutions.

Security Operations Centre (SOC)

Can refer to one of two different definitions. SOC in organisational structure can be a facility where a business’s information systems are monitored, analysed and protected. SOC in technology can be a software program designed to collate SIEM data and present it in a way that is easy to monitor and control.

Arilou, Telematics, Glossary, Automotive, Cyber Security, Security, Automotive Cyber Security Glossary


These ECUs transmit data between the vehicle and a telematics service provider. This data can include diagnostics, as well as OTA updates and remote commands. Features a GPS unit providing location data, a cellular data connection, and remote access via GPRS and Wi-Fi bearer protocols.

Arilou, TPMS, Tyre Pressure monitoring System, Tire Pressure Monitoring System, Glossary, Automotive, Cyber Security, Security, Automotive Cyber Security Glossary

Tire Pressure Monitoring System (TPMS)

Air pressure sensors located in each tire feed data back to the main TPMS ECU via wireless transceivers. This ECU feeds data to the vehicle control module which aggregates it with other data to manage fuel economy, exhaust emissions, and a host of safety features. Mandatory in new US vehicles since 2008.


The shape and structure of a network. Various networks use various topologies to overcome design limitations. From the star topology of Ethernet to the bus topology of CAN.

Vehicle-to-Everything (V2X)

V2X covers multiple connected vehicle use cases – from vehicle-to-infrastructure (V2I) and vehicle-to-vehicle (V2V), to vehicle-to-home (V2H) or vehicle-to-grid (V2G). With each use-case potentially needing a different communication method, they greatly widen the surface area for cyber-attack.

Zero-Day Attack

An attack which exploits a software or hardware vulnerability unknown to the OEM, relevant suppliers or security vendors. Day-Zero refers to the first day on which the defending party discovers the vulnerability and begins the mitigation process.


Subscribe to this blog

Get notified when a new post is out.