Driving Toward a Trusted Future: Thales Strengthens Mobility with Cybersecurity at Its Core

• Enterprise
• Automotive

Modern vehicles are evolving into connected digital platforms, creating new cybersecurity challenges. From threat detection to secure charging and digital keys, layered defences and hardware-based trust are essential to protect data, ensure safety, and build driver confidence.

• Discover how Thales is helping automakers secure the connected future

The cars of today are in many ways unrecognisable from what they looked like just a few decades ago. Powered by hundreds of millions of lines of code, numerous sensors, alert and control systems, cars today are far more advanced from the purely mechanical machines of years gone by. While this shift has supported new safety, comfort and automated functionality, it also brings unprecedented security challenges. Hacker attacks, data theft, software tampering and future risk of quantum attacks - issues once confined to IT - have become realities the automotive sector must face.

As a global leader in cybersecurity and digital identity and a chair member of the Connected Car Consortium (CCC), Thales is bringing decades of cybersecurity expertise to meet the needs of the automotive industry as they navigate these challenges - ensuring secure communication within the car, with infrastructure, and with drivers, helping protect the automotive digital future.

As vehicles evolve from closed systems into open, connected platforms, protecting their expanded attack surface has become critical. Thales is addressing this challenge through advanced threat detection and response systems designed specifically for the automotive environment.

Remote and large-scale cyber threats have become a shared challenge across the industry. Regulations such as those from the UNECE and various national standards have created technical barriers, turning cybersecurity into a "must-have" for market entry.

Detect and Respond: Building a Layered Defense to Tackle Emerging Cybersecurity Challenges

Against this backdrop, Thales, in collaboration with Renault and Soft Republique, has introduced an integrated "onboard + offboard" threat detection and response system, providing automakers with a practical approach that balances compliance and efficiency. The system performs real-time analysis on the vehicle, while leveraging AI and automotive CTI (Cyber Threat Intelligence) for further detection, offering a more streamlined and rapid reaction.

More importantly, it translates complex regulatory requirements into deployable technical modules. With built-in compliance frameworks, it helps automakers quickly meet international standards as they're designing new vehicles, turning traditional compliance costs into tangible brand security assets.

© Thales

Embedded Secure Element (eSE): Establishing a Hardware Root of Trust for Multiple Applications

After building a layered defense, security ultimately relies on an immutable physical foundation. Thales' Embedded Secure Element (eSE) is the perfect hardware complement to software cybersecurity protection, offering additional protection in critical scenarios like digital keys, in-car payment and vehicle charging. It brings security standards, validated in financial institutions and the public sector, into the automotive industry, forging a vehicle-wide "root of trust" within a tiny 5×5 mm chip.

The chip delivers three core values: automotive-grade secure storage that isolates digital identities and cryptographic keys within hardware; high-performance secure computation to support real-time communications; and standardised, future-proof evolution - planning ahead for post-quantum cryptography to keep systems secure over time.

EV Charging Security: Building Cross-Platform Trust to Unlock a Seamless Charging Experience

Interoperability and payment security of charging infrastructure have become key bottlenecks for widespread EV adoption. Users expect not only seamless cross-network charging but also simple, secure payment processes that fully protect their identities.

Thales' ISO 15118-compliant "Plug & Charge" solution addresses this challenge. By establishing mutual digital identity authentication between the vehicle and the charger, it enables a frictionless experience enhancing convenience while eliminating risks of identity fraud and unauthorised charging.

To enable this trusted interaction, Thales has developed an end-to-end protection architecture that spans the entire EV ecosystem. On the terminal side, embedded secure elements (eSEs) or other tamper-resistant components safeguard and execute digital identities. On the platform side, the Thales Security Manager Platform provides unified management and secure rotation of large volumes of digital credentials. Meanwhile, on the connectivity side, eSIM-based communication ensures chargers remain reliably connected while encrypting data in transit across all environments.

More importantly, this identity-centric architecture not only solves current payment security issues but also helps create a secure foundation for future V2G (vehicle-to-grid) interactions and smart energy management. In the process, it serves as a basis to build long-term, trusted relationships between users and energy service providers.

© Thales

Digital Car Keys: Redefining Vehicle Access and Enabling New Mobility Models

With the rapid rise of connected cars and smart mobility services, physical keys can no longer meet the demands of dynamic access sharing and remote management. In response, Thales has introduced a digital key solution based on global standards, enabling secure authentication and fine-grained permission control between smartphones and vehicles.

At the core of this solution is hardware-level security: eSEs protect digital keys on both the phone and vehicle, preventing duplication or tampering. This security foundation fits commercial use cases such as fleet management and car rental, allowing companies to flexibly grant, limit, or instantly revoke vehicle access.

Within this end-to-end architecture, the phone-side eSE protects digital credentials, while the vehicle-side eSE verifies operational commands.

As a complement to the Digital Car Key, Thales NFC cards offer a reliable backup vehicle access option that supports OTA updates, delivering the ideal balance of convenience and security in scenarios such as valet parking.

Successful deployments of digital keys demonstrate that, within a mature security framework, convenience and security are not trade-offs but complementary pillars of the smart-car experience.

A future threat: Quantum attacks

Looking further, the automotive industry is now considering Post-Quantum Cryptography (PQC) to counter the "Harvest Now, Decrypt Later" threat, protecting connected vehicles throughout their long lifecycles against future quantum attacks. Current cryptographic standards, like RSA and ECC, are vulnerable, posing risks to driver privacy, firmware integrity and entire fleet security. Thales addresses these vulnerabilities by providing PQC-ready solutions, including Luna HSMs and secure eSIMs, while actively co-developing global standards with organisations like NIST and GSMA. Our focus on "crypto-agility" ensures that vehicle identities and over-the-air updates remain secure even as quantum capabilities and cryptographic requirements evolve. Ultimately, Thales enables manufacturers to maintain regulatory compliance and long-term trust in an increasingly connected and complex mobility ecosystem.

Whether it's cyber threat detection and response, providing a hardware-based root of trust, enabling secure vehicle charging and access, or protecting from future threats, Thales has developed security architecture that spans the full spectrum of automotive security needs.

In combination, these functionalities provide a trusted foundation for the automotive industry, transforming security capabilities into a core brand asset for all automakers. With hardware-level security as the base and an open ecosystem as the link, the industry is poised to advance steadily toward a safer, more connected and trusted digital future.

Related Articles

Receive the latest Cyber and Digital insights straight to your mailbox