TowerSec VP on solutions that address the dark side of car connectivity – Q&A
With car connectivity comes a dark side. While you are driving, a hacker could put your life in danger by taking over the car's steering, brakes and transmission from a remote location. Help is at hand from a rising tide of tech companies, including TowerSec. Originally founded in Israel, now headquartered in Michigan and owned by Harman, TowerSec's cyber security solutions protect vehicles from outside intrusion. To find out how, Matthew Beecham spoke to Harman-TowerSec's vice president of automotive cyber security, Saar Dickman.
Can you give us an introduction to TowerSec?
We founded TowerSec as an organisation in 2012 and our vision was to create as much trust in its products as drivers already place in seatbelts and airbags. Our founders have a background in various security industries; from Israeli defence industries, information security as well as industry experts. We wanted to create software solutions that would be easy for OEMs, suppliers and telematics providers to integrate with no additional hardware requirements.
Is security such a big concern for OEMs or customers?
It is a major concern, fuelled in part by some of the more 'frightening' stories the media carries about hacking into cars. These early hacks, which are merely 'research work' at this point, have clearly demonstrated the potential and feasibility of compromising safety-critical systems by taking remote control over the vehicle, and OEMs are clearly concerned about that. Consumers are beginning to recognise these risks. McKinsey released data that suggests some really high numbers of car buyers are worried. Something like 43 per cent in the U.S. are afraid of people hacking into their car and manipulating it whilst the car is connected to the Internet. So car makers and suppliers need something that is reliable and provides ongoing protection. What is unique about TowerSec products is that we can retrofit our software into vehicles already in production, so OEMs don't need to plan four years ahead to provide cyber-security for cars.
What is the risk? What I mean is why are hackers trying to get into cars?
I don't think there is one single reason, but rather multiple scenarios involving different profile of attackers and different motivations. On the 'cyber-crime' front, criminals will typically look for financial gain, focusing on the theft of sensitive data or using electronic means to break into a car and steal it.
Other scenarios could involve taking control over critical systems of vehicles for motives ranging from ransom, organised crime or even a revenge act of a disgruntled employee.
Lastly, cases involving nation-wide attacks or acts of terrorism are certainly of a wide concern, all-the-more-so, as cars are becoming integrated into the national infrastructure. At projects we have with customers, we would typically engage in 'assets analysis' where we would create an adversary model signaling 'what is at risk.' That way, we ensure our products are placed to provide the best level of protection to where the risk is the highest.
What products are you proposing to OEMs?
We have two TowerSec products, ECUSHIELD and TCUSHIELD. Both are focused on intrusion detection and prevention, and they are both provided as embedded software that requires no additional hardware from the customer.
ECUSHIELD detects intrusions by monitoring traffic on the internal network of the vehicle. Using advanced anomaly detection algorithms, we are able to alert wherever there is a deviation from the normal pattern of the car – such that suggests an attack.
Moreover, ECUSHIELD has some 'secret sauce' that provides real-time mitigation of any such attack attempts, making sure that the driver's safety is preserved. To my knowledge, we are the only one in the industry that can make that claim ECUSHIELD was awarded 2016 North America Frost & Sullivan Award for New Product Innovation; it's something we are really proud of.
And what is TCUSHIELD?
It is a double-perimeter protection software for telematics and infotainment systems. It protects both potential attacks over the wireless interfaces of the car, and offers a second layer of protection, blocking any attempt of an attacker to reach the internal network of the vehicle. Again, it needs no additional hardware and can be used across different operating systems without any design changes
Considering the various demonstration that were published of attackers exploiting cellular vulnerabilities to mount an attack – we believe this is a critical high-value technology and we are proud to be the only vendor with such a mature technology. .
Do OEMs or suppliers purchase TowerSec products?
The interest of OEMs in our products is currently at its peak. Cybersecurity, is not a 'plug-and-play' practice and we are committed to work very closely with customers from consulting on the requirements, analysing the risks and assets for protection and finally integrating our products into their production cycles. Our business model is a mix of service fees, installation costs, licenses cost for our products and an on-going maintenance and actionable intelligence.
What customers do you have?
We currently are working with some of the top OEMs in the world. Our products have passed several industry benchmarks and came our first, so obviously there is a lot of traction as the industry transitions from 'technology evaluation' into the 'procurement' process. With our recent acquisition by Harman in January this year we now have access to a much larger number of organisations that include other suppliers and telematics firms. We are happy to work with OEMs or their suppliers.
What are the next developments in preventing in car security?
The remainder of this interview is available on just-auto's Global light vehicle OE connectivity market - forecasts to 2030