September 2, 2020
Cybersecurity – the new dimension of automotive quality.
Quite a lot of folks seem to think that the automobile of the 21st century is a mechanical device. Sure, it has added electronics for this and that, some more than others, but still, at the end of the day – it’s a work of mechanical engineering: chassis, engine, wheels, steering wheel, pedals… The electronics – ‘computers’ even – merely help all the mechanical stuff out. They must do – after all, dashboards these days are a sea of digital displays, with hardly any analog dials to be seen at all.
Well, let me tell you straight: it ain’t so!
A car today is basically a specialized computer – a ‘cyber-brain’, controlling the mechanics-and-electrics we traditionally associate with the word ‘car’ – the engine, the brakes, the turn indicators, the windscreen wipers, the air conditioner, and in fact everything else.
In the past, for example, the handbrake was 100% mechanical. You’d wrench it up – with your ‘hand’ (imagine?!), and it would make a kind of grating noise as you did. Today you press a button. 0% mechanics. 100% computer controlled. And it’s like that with almost everything.
Now, most folks think that a driver-less car is a computer that drives the car. But if there’s a human behind the wheel of a new car today, then it’s the human doing the driving (not a computer), ‘of course, silly!’
Here I go again…: that ain’t so either!
With most modern cars today, the only difference between those that drive themselves and those that are driven by a human is that in the latter case the human controls the onboard computers. While in the former – the computers all over the car are controlled by another, main, central, very smart computer, developed by companies like Google, Yandex, Baidu and Cognitive Technologies. This computer is given the destination, it observes all that’s going on around it, and then decides how to navigate its way to the destination, at what speed, by which route, and so on based on mega-smart algorithms, updated by the nano-second.
A short history of the digitalization of motor vehicles
So when did this move from mechanics to digital start?
Some experts in the field reckon the computerization of the auto industry began in 1955 – when Chrysler started offering a transistor radio as an optional extra on one of its models. Others, perhaps thinking that a radio isn’t really an automotive feature, reckon it was the introduction of electronic ignition, ABS, or electronic engine-control systems that ushered in automobile-computerization (by Pontiac, Chrysler and GM in 1963, 1971 and 1979, respectively).
No matter when it started, what followed was for sure more of the same: more electronics; then things started becoming more digital – and the line between the two is blurry. But I consider the start of the digital revolution in automotive technologies as February 1986, when, at the Society of Automotive Engineers convention, the company Robert Bosch GmbH presented to the world its digital network protocol for communication among the electronic components of a car – CAN (controller area network). And you have to give those Bosch guys their due: still today this protocol is fully relevant – used in practically every vehicle the world over!
// Quick nerdy post-CAN-introduction digi-automoto backgrounder:
The Bosch boys gave us various types of CAN buses (low-speed, high-speed, FD-CAN), while today there’s FlexRay (transmission), LIN (low-speed bus), optical MOST (multimedia), and finally, on-board Ethernet (today – 100mbps; in the future – up to 1gbps). When cars are designed these days various communications protocols are applied. There’s drive by wire (electrical systems instead of mechanical linkages), which has brought us: electronic gas pedals, electronic brake pedals (used by Toyota, Ford and GM in their hybrid and electro-mobiles since 1998), electronic handbrakes, electronic gearboxes, and electronic steering (first used by Infinity in its Q50 in 2014).
BMW buses and interfaces
In the year 2000, Honda introduced electric power steering (on its S2000), which, given certain conditions, can turn the wheel itself. Keyless ignition systems appeared around the same time, permitting control of the engine without a driver. Since 2010 some dashboard displays are completely digital, and can give you readings on just about anything. Since 2015 the electronics of the body (doors, windows, locks, etc.) of practically all new cars are connected to the central computer, which can make decisions for them itself. And all information about the world outside a car (via cameras, assistants, radars, microphones…) is accessible to the internal bus – read: in the cloud.
Finally, I close this brief historical digression with a document, adopted in 2019 by the UN, which introduced standards for full digitalization of brakes. Before, electronic control of brake pedals had to be duplicated by a physical cable. No more… //
Connect or die
So what operating systems do today’s cars run on? No surprises here: Windows, Linux, Android – also one called QNX, which, together with Linux, is the most popular (but, as analysts point out, Android is fast catching them up). Btw – like any software, automobile-OSs need updating occasionally; but get this: some updates can be a few dozen gigabytes in size. Ouch!
BMW onboard-computer updates
Now for another short stop before the main course…
So – if a modern car is a computer, and it gets regularly updated, that must mean it’s connected to the internet, right? Right. And these days it’s not an option; it’s mandatory on all new cars – in Russia (since 2017), in Europe (since 2018), and elsewhere. And today the percentage share of ‘connected cars’ (connected to the manufacturer’s cloud) is fast approaching 100% in the world. There are a few countries where there are restrictions on such cars, but that appears to only be due to outdated legislation, which will inevitably eventually be updated.
Btw, the first connected vehicle appeared back in 1996, the result of cooperation between General Motors and Motorola – the OnStar telematic system. This can connect with an operator automatically in case of an accident – yes, kinda like the ‘accident’ in Die Hard 4:
Remote vehicle diagnostics came along in 2001, and by 2003 connected cars had learned how to send the manufacturer reports on the condition of the car. Telematic data-only blocks arrived in 2007.
In 2014 Audi was the first to offer the option of installing 4G-LTE-WiFi hotspots in a car. In 2015 GM didn’t just provide the option, it started fitting all its new cars with hotspots – and received more than a billion telematic reports from car owners! Today, manufacturers have even started monetizing telemetry – with BMW leading the way, and also converging smartphone and automobile tech.
Now – question: What’s here in this screenshot? ->
That, dear readers, is your car; at least – how it looks to the manufacturer (in real time, all the time, to folks working at the manufacturer maybe on the other side of the world). Software that can see and tinker with all control units, the network topology, routing rules, loaders, updates – all as if in the palm of their hand. But… also in there: bugs and vulnerabilities that can make you shudder… and want to return to the 80s when a car was a car – not a computer ). And it’s not just me scaremongering. The threats are real, folks!
The light at the end of the tunnel
After the electro-digi-auto-build-up of the last 20-or-so years, it does feel like a revolution in the car industry is just around the corner. However!… A bright future of ultra-connected computerized cars is all very well dreaming about, but there’s some harsh reality getting in the way – both legislative and technical. Here, I’ll talk about the latter…
The new automotive paradigm simply cannot be superimposed onto even the very latest auto-electronics architecture. Why? Because under the hood of a new car these days there are around 150 electronic units developed by different manufacturers at different times and according to different standards – all without taking into account the full cyberthreat landscape of this new auto-paradigm.
At least the car manufacturers seem to understand that building a utopian V2X-future upon the mess hodge-podge of diverse electronics of a modern car is simply out of the question (and there are plenty of examples demonstrating this, and plenty more that never made it into the press). So, for now – the automobile manufacturing industry has come to a dead-end.
Dead-ends like this one are common – you may recall the long dualism of the two architectures of Windows (9x and NT) that existed in parallel. Still, channeling lessons learned in that case, for an opening to appear at the dead-end the auto-industry finds itself in now, I see two possible scenarios.
The first: cheap, cheerful, quick, and wrong: to do what I’ve just said really should not be done – applying the new paradigm onto today’s motor vehicle as it is (with its digital soup of 150+ ingredients). It’s wrong as it would delay the second scenario – but not before causing harm to life (these are cars remember, not a PC in the corner of your room), some serious reputation damage, financial losses, plus folks saying ‘told you so’.
The second: not cheap, not quick, and right: to build up a new architecture from the ground up – based on three main principles:
- Separating hardware from software (flexibility)
- Consolidation of electronic functions (manageability)
- Being ‘secure by design’ (safety)
The automotive industry has plenty of experience and know-how regarding the first two principles. Regarding the third – what are needed are experts with the deepest knowledge of the cyberthreat landscape who are able to come up with a solution. The smartcars of the future will be hacked in scenarios just like those we see with computers and networks today. And who knows those scenarios inside-out better than anyone? You Kuessed it! And so, now, onto the third and final segment of this here somewhat long blogpost: what we’ve got to offer.
We’ve had a dedicated transportation cybersecurity department up and running since 2016. In 2017 we launched the first prototype of our Secure Communication Unit (SCU), which, as the name hints at, secures communications between a car’s digital components and the infrastructural components outside the car. And already today we have platform based on our own secure operating system for the development of electronic automobile components.
And in June of this most unusual of years, another related event took place I want to tell you about. Together with AVL Software and Functions GmbH, we announced the development of an advanced driver assistance system (ADAS), also based on Kaspersky OS, which assists the driver and even lowers the risk of accidents.
The unit features two high-performance system-on-a-chip-processor safety controllers and provides vast connectivity capabilities – including links to cameras, lidars and other related components. It supports the new AUTOSAR Adaptive Platform standard. Such a configuration on the one hand provides secure-by-design protection (details – here), while on the other it opens up a whole array of possibilities for the installation, adjustment, and updating of automobile functions – kind of like what an app store is to a smartphone.
But here’s the key bit: even if a vulnerability is discovered in one of the components of a car, hackers won’t be able to execute dangerous commands or gain access to other components. All processes are fully isolated and their behavior is filtered by a security subsystem with adjusted rules.
Epilogue
Fingers crossed – we’re on to a real winner here with our automobile automation tech solutions. It’s a busy market, but we’ve no competition when it comes to the (crucial) cybersecurity niche section of it.
And being members of GENIVI and AUTOSAR, and keeping up with forums (e.g., UNECE WP.29) and industry events, we see various attempts by others at building new architecture, including Linux-based (not that you’d ever see me getting into a car with Linux-based architecture!). But not one of them provides the broad horizon of possibilities and mathematically proven ‘security by design’ formula – where fixes and bodges later on are simply never needed.
Our formula features: (i) written from the ground up micronano-kernel architecture with compact code; (ii) granular component communication rules; (iii) complete isolation of processes; (iv) operations carried out in a protected address space; (v) default deny; (vi) optional open source code for customers; (vii) examples of successful implementation… – it’s specifics of our operating system like these that are attracting the automobile manufacturers – the ones that want to do things properly: reliably and built to last.
But that’s not all that attracts manufacturers.
Besides our native in-vehicle security we’ve a jaw-dropping portfolio of infrastructure solutions and services. Protecting the car of the future is only one piece in the puzzle. Further along the chain there’s: protecting backend data, including endpoint nodes; cloud audits (to check there are no leaks); development of secure mobile apps; protection against online fraud; supply-chain control; pentesting of infrastructure; and a lot more besides. Because who wants to work with a whole ‘zoo’ of different vendors to get all these things sorted out separately?
To close, a few illustrative quotes from McKinsey’s report on connected cars’ cybersecurity – IMHO the most accurately visionary analytical material in the market:
“Automakers need to assign ownership and responsibility for [cybersecurity] along core value-chain activities (including among their numerous suppliers) and embrace a security culture among core teams.”
“Automotive players must consider cybersecurity over the entire product life cycle and not just up to when the car is sold to a customer, because new technical vulnerabilities can emerge at any time.”
“Automakers must now consider cybersecurity an integral part of their core business functions and development efforts.”
In other words – ‘cybersecurity will become the new dimension of automotive quality‘.