Dvir Reznik, Senior Marketing Manager, Harman Towersec
While news broke this week that Samsung has acquired automotive technology group, Harman Inc. for US$8 billion, Harman itself had already began to establish itself as a force in the connected car technology sector. To strengthen its presence in January 2016, it acquired Towersec, an Israeli cybersecurity firm, to solidify its position as a Tier 1 supplier in the sector. just-auto's Cat Dow caught up with Dvir Reznik, Senior Marketing Manager of Harman Towersec at TU Automotive Munich 2016 to discuss the developments in cybersecurity and the importance of starting from scratch.
just-auto: Security continues to grow as a hot topic. How did you become involved with Towersec?
Dvir Reznik: Automotive has always been a passion for me. I have been driving tractors and cars and, motorcycles—I think I was the first kids in high school who came to school on a tractor because I lived on a farm in Israel! I joined Towersec shortly after the acquisition by Harman. Before that I was working in the start-up industry in Israel for about seven years. Cybersecurity is obviously strong thing in Israel. There are lot of cybersecurity companies in a lot of industries.
j-a: What do you think it is the most pressing issue in the world of cybersecurity for automotive at present?
DR: It's a good question. Standards and legislation and [developing an] understanding of what other requirements from the automakers and from the market itself are key issues. On the one hand you can see a lot of consumers are asking for connected solutions and autonomous driving and you can see that the technology is there. In fact, autonomous driving "technology-wise", it will be available within the next two or three years, but the standardisation—how do you manage autonomous driving, the infrastructure, the insurance implications—we still have some way to go. If the car is manufactured and driven in the US but crosses into a state or country with different laws regarding ethics of autonomous cars, what happens then?
j-a: But those are more social issues than security ones, aren't they?
DR: True, but at some point you need to make cybersecurity part of that plan. Whenever you open up more ports for communication, either through 3G connectivity, or Bluetooth or Wi-Fi, there is more chance of attack. [Non-standardisation of the regulations just exacerbates the complexity]. OTA updates and more devices are coming into the car and though your laptop and smartphone are secure, you can potentially hack the car unwittingly. There is a very real need for more awareness. Not just those endgame scenarios where someone hijacks the car to crash into a tree [but more subtly]. The car is a device and it's a sophisticated piece of hardware and it needs to be protected.
j-a: Is it sufficient to just have security added on?
DR: At some levels, yes. However, I think it now it's time for the OEMs to think of it from a base level; security by a design. We are very strong supporters of that. You can always add layers of security. Our solution, ECUShield, can be retrofitted to existing vehicles but it's very different if you come with a state of mind that is security aware. If you look at Tesla, for instance, they are a software company that are building cars under their cars are very hard to hack and, as we have seen from other videos, there's a good reason for that. They put cybersecurity at the core of their design.
j-a: Do you think that it is enough to protect the connected car, but do you think that there is a need for an end-to-end secure solution from the very beginning?
DR: It's the latter. For the automaker, you need to close at the cycle. With cybersecurity, it's not just about saying 'Hey, I have a cybersecurity solution.' It's not even enough to say I have to detected an attack, or that I've mitigated that attack or I've quarantined it. What am I going to do with it now? I still have a virus. I still have a hack that is present on my ECUShield. That is keeping it away from the vehicle but at the same time that breach is still open. That needs to be addressed. So we must have an end-to-end solution for the OEM. It may be managed by the OEM or it maybe managed by a Tier 1, but [analysis will show] we have detected a set of attacks and it's coming from a single source and it was impacting our specific ECU or a specific telematics unit. We must prepare another campaign so we can push a fix to repair that breach. Eventually hackers will find other ways of penetrating at the vehicle [and so the cycle continues].
j-a: It has been suggested at this conference that the next step is to downsize on the number of ECUs in the vehicle itself to create a multi-purpose ECU which will allow more security? Is that going to be easier to protect?
DR: It may. I understand that the direction that [those suggesting this solution] are coming from. Currently you can have some cars with as many as 100 ECUs. At the same time the car is very sophisticated and very durable. Whenever your iPhone gets to 40°C, it shuts down. Yet, the car can operate at up to 90-95° and then -20 or 30°. Multiple ECUs are very low on resource, yet, can operate in maximum and extreme conditions. If you aggregate all of that– and we are seeing that with PCs also, we are seeing one CPU, one brain that is running the entire device whether it be a laptop or smart phone—it's not as durable as the smallest thing.
It also depends on the network architecture highly how are you building your network architecture? Do you have Gateway that is controlling all of those ECUs? Or do you have several gateways? If you have 100 ECU, you need some sort of centralised router to manage all of that. So I think we will see some kind of consolidation but the fact that the car is very durable, that's something that will be very difficult to recreate, if you are minimising the numbers of ECUs.
j-a: Doesn't a system with multiple ECUs mean that the functions are in a silo and provide a greater level of security?
DR: Each ECU has a file—basically a library of all the messages that go through the network. So you have a finite number of messages and what you do is, you map out, once you create an action in the vehicle—you push the brakes, you turn on cruise control—and there is a command that goes through to various ECUs and tell them what to do. There is logic in this system and although each ECU is in silo, it can still communicate from the others. So the question is, what happens when a rogue message is sending commands? That is the challenge when you have more and more ECUs. That is why I understand the direction to minimise that. But ideally, it needs to start from the bottom. Like a pyramid, if you are thinking securely from the beginning then your network is better protected. You have silos for the operating systems and the menus for the car, you may have silos for the various apps, you have network protection and you have OTA updates. You are building in your entire architecture based on solutions that will fit in the car of the future and the demands of the consumers.
j-a: On that note, do you think that there is a need to reengineer security architecture specifically for the car bearing in mind that the things that we have learned about PCs, which do not require there to be safety function?
DR: In some ways, yes. The car manufacturers are now looking at how you can facilitate stronger demand from the consumer for growth connectivity and storage. That requires you to re-examine cybersecurity, because when you have demands for more storage—intelligent mapping and OTA updates taking place around the car, at the house or at work when the car is not driving on the road–then you need to have all of those elements in place to provide better security and better communication and connectivity to the car. In part, when you are re-engineering the connectivity and the storage elements, you will also take into account cybersecurity.
j-a:What kind of threats exist if third-party app developers are invited to develop for vehicle platforms?
DR: I think it is that the OEM's responsibility at the end of the day because it's their vehicle, it's their reputation. If you had a problem with your airbag, you would not go back to the manufacturer to have it fixed, you would go back to the dealer. I think it the same way here with app developers and the ecosystem. On the one hand, the OEMs need to sure that they have differentiation and how they can operate with consumers and enhance the brand but on the other hand, they need to make sure that the other solutions that they bring in meet the standards. NHTSA recently published a set of guidelines that we will adopt in the next few years that you will be required to follow. Otherwise we won't allow your car or solution on the street.
j-a: The industry has generally been good at self-regulation, but we have seen more issues with cybersecurity. In the attack on the Nissan Leaf, the security expert gave the company six months to deal with the breach otherwise he was going to the media. Sure enough he ended up taking the story to the papers and it was only then the manufacturer responded. What is going through the collective heads of the OEM when this happens? Is the perceived indifference from the OEMs justified?
DR: I think it really depends on the OEM's approach toward cybersecurity and innovation. I can't attest for Nissan or any specific OEM, but in some cases when you look at Tesla, for instance, then they welcomed those hacks. In fact, they awarded the team that found a hack on the Tesla Model S. So it really does depend how open it you are to the advancement being made in the industry. OEMs are really paying attention to cybersecurity solutions and we're really beginning to get a lot of requests for penetration testing project. They asked us to come over, assess the car and let us know what entry points we detect. They want to how we can make their architecture and vehicles more secure and not protected. So you see movement in the OEMs towards understanding and accepting that cybersecurity is here to stay. Those attacks in the last 12 to 18 months really pushed that forward. [The media coverage] raises the awareness levels for the government, too, so they can say 'automotive cybersecurity is a threat and we need to address it now; not in two years time.'
j-a: There has been a lot of talk at the conference about openness and open systems. Do they create more complexity for cybersecurity? Or do they make it easier to fight potential threats?
DR: Openness makes [the issue of cybersecurity] more complex. When you have an open system it means that can be changed by anyone. If you have an open system in the vehicle, then that is a potential threat. It is a potential entry point. You can have certain solution on an OS embedded into the vehicle and you're saying to developers 'come and change whatever you want'. I don't know how fast the adoption of that will be and what areas it will be. Perhaps it will be silo-ed to the infotainment or other systems that are more consumer-facing and have no impact on the vehicle safety system or the vehicle drivetrain. These are safety critical systems and you can't give access to the gear shift or the engine, at the cost of a better looking infotainment system.
j-a:What cost can consumers expect to see in terms of the expensive equipment now being in the vehicle? Will there be a premium for cybersecurity protection, which will affect the price to the end user?
DR: I hope not. However, in the beginning, there maybe. I don't think it should be an opt it. It is not a feature like a 17-speaker sound system, so it should be built-in, the same way you have airbags, ESP, and all of those other three-letter acronyms, that give you a safer vehicles. I read recently that the auto industry is the only place at where you have 1 million people dying every year and it's a product that people still continue to buy. Cybersecurity shouldn't be add-on feature because it affects peoples lives. No OEM wants an attack on the vehicle but at some point that they are going to happen and what do you do to be ready for that time do you have a prevention system? Do you have over-the-air update solution to fix the car as soon as possible and not wait one months for it? You don't want to invite all of your customers to the dealership and update through the OBD to dongle. How can you prepare for that day when something like that happens? I think you need to be prepared for that event and that's part of the work that Automotive Industry Standards Committee are doing to share the information with the industry, to set standards, guidelines, benchmarks so that the OEMs Will know what sets one solution from the other. That's a big step. What we are seeing in the US is really leading the charge on that front.
j-a: Is there a priority, in terms of prevention or reaction to cybersecurity attacks? Or are they of equal importance?
DR: They are of equal importance. You can't protect a vehicle that pushes one software update if I can't protect the next update. Eventually, it will be like PCs ,laptops and smartphones. You have your Windows/Mac/Whatever OS devices coming with security, virus protection and a firewall. [The same] will happen with the vehicles too, but it will take a few years yet.
j-a: How many more years? Can you put the timeline on it?
DR: For all of the cars? That's a good question. We will be driving around in autonomous cars but we will have this cool kid still driving his 1995 Mustang that has no connectivity on it. Are we going to allow that? We may say if you want to drive legal you must add connectivity and updatability, and we'll need to check that every six months because the road is getting smarter. It is not like the phone of the laptop that has a lifespan of five years for 10 years. Cars can be 30-40 years old. Technology-wise, let's say by 2025, but it is also a regulatory question.