“Malware, ransomware, viruses, denial-of-service attacks – these threats can put businesses in a bind because they are difficult to recover from. Others may not recover at all, but that hasn’t stopped most industries from treating cybersecurity as an afterthought. Unfortunately, this is how it has been handled since the first hack. It’s only when one company is attacked that other companies start to react, often by scrambling to improve their own security in the hope that their business won’t be the next target.
By Marc Canel, VP Strategy – Security, Imagination Technologies
Malware, ransomware, viruses, denial-of-service attacks – these threats can put businesses in a bind because they are difficult to recover from. Others may not recover at all, but that hasn’t stopped most industries from treating cybersecurity as an afterthought. Unfortunately, this is how it has been handled since the first hack. It’s only when one company is attacked that other companies start to react, often by scrambling to improve their own security in the hope that their business won’t be the next target.
Self-driving vehicles mark a new milestone in how this strategy has changed, with vehicle manufacturers (OEMs) of all shapes and sizes looking for ways to prevent the worst rather than react reactively. They understand: Car hacking isn’t just about data or money, it’s about the safety of passengers and everything around the vehicle.
Vehicle OEMs are working hard to build in safety mechanisms from the most basic level of the vehicle to deal with any potential problems. They want to build it into semiconductor intellectual property (IP) to ensure the safety and protection of semi-autonomous and fully autonomous vehicles from security threats. As a member of the automotive industry ecological chain, Imagination has felt the industry’s extensive demand for network security.
The assembly line starts before
While it’s easy for other industries to ignore cybersecurity before it becomes an issue, vehicle makers know they can’t do the same. The safety risks to the vehicle’s occupants and the future success of autonomous vehicles are simply too great. Even ransomware is a huge threat. If hackers figure out a way to bring fleets to a halt, they can disrupt an entire ecosystem of ride-hailing or logistics vehicles without endangering any lives. An attack of this magnitude would be financially damaging whether or not the target business agrees to pay the ransom.
As a result, vehicle manufacturers are fully aware that without cybersecurity, they won’t be able to get the cars of the future — even human-driven, connected vehicles — into sales showrooms. They understood the need to develop protective measures, both hardware and software, long before vehicles entered production. In short, cybersecurity must be designed into the core components of the car from the start.
Vehicle manufacturers and their technology suppliers are exploring ways to achieve cybersecurity. The work begins by studying all potential threats to the vehicle and its occupants, then preparing for known deficiencies in technology and products, while planning for unknown deficiencies. This exploration has also become part of the strategic shift discussed earlier, as vehicle manufacturers no longer simply collaborate with their tier-1 suppliers and chip suppliers, but move further into collaborations with companies like Imagination Such IP vendors come together to discuss the lowest-level cybersecurity solutions that employ new technologies such as neural network accelerators.
Hackers always target the weakest spots. If the directional control components, brake components and acceleration components are well protected, they will find other ways to get in. Between infotainment consoles that include various ports (OBDII, USB, USB Type-C, etc.) and the slow-moving connectivity capabilities, it’s not hard to imagine how and where cyberattacks could unfold. But that’s exactly why it’s important to completely separate these connections from any system-level critical functions. It’s not just the driving mechanism that should be considered – every component must be protected from even possible malicious behavior.
ready to protect
While vehicle manufacturers are exploring cybersecurity, they cannot do it entirely on their own. This is why more and more manufacturers, suppliers and even insurance companies are turning to companies that specialize in mitigating cyber threats. Of course, network security technology based on IP-level underlying hardware is also an important foundation for the entire industry chain to build network security protection capabilities. Imagination and its world-leading customers have demonstrated this division of labor in today’s high-security automotive chip design and development.
In October of last year, Upstream Security announced a $30 million Series B round from a number of global automakers and venture capital firms, including Hyundai, Volvo Group, Renault Venture Capital ) and Nationwide Insurance. Last June, GuardKnox raised $21 million in a Series A round, while Karamba Security raised $10 million in 2018, bringing its total raised to $27 million.
These are just a few of the companies that have sprung up to protect the future of mobility. Each company offers different strategies for securing connected and/or driverless cars, but the ultimate goal is the same: making sure outside dangers cannot get in.
Cybersecurity has become a major topic at conferences around the world, but it has also inspired several other events dedicated to protecting against cyberthreats. The discussion involved academia: Given the complexity of automotive architectures, universities are collaborating with industry to leverage their millions of lines of code and a growing number of Electronic control units (ECUs) to define the best The system that protects the vehicle. To stay ahead of future cyber threats, the next generation of employees needs to understand cyber security risks today.
Awareness is the first step. Solutions are the key to actually preventing security breaches. The U.S. Department of Transportation (DoT) urged the industry to adopt “rigorous safety and functional testing of technology, people and processes” in issuing federal guidance on autonomous vehicles. The DoT also recommended a flexible safety plan that assesses and manages risk, adding that the response plan should be “aligned with emergency management and recovery protocols shared across all industry sectors”.
But how can we do this? There are several prospective standards under discussion, but the most prominent is ISO26262. Specifically designed for functional safety, the standard includes classifications for several Automotive Safety Integrity Levels (ASILs). They are not statutory, but they provide important guidance for determining the severity and likelihood of potential hazards, which is critical for developing smarter, safer and more efficient vehicles.
The way to lead
Autonomous vehicles are being developed, and the auto industry, with the help of its suppliers, is integrating lessons learned from cybersecurity in other consumer markets. Vehicle makers know better than anyone else that they can’t wait for hackers to attack — they must work to protect their vehicles today. Their early actions were more than rhetoric and empty promises; many were already clamoring for it while also pouring money into road-safe technology, which remains a top priority for the industry. This is a strategy vehicle suppliers should also be aware of, and one that other industries can learn from to initiate their own cybersecurity protections.