Print Friendly and PDF

Engineering Next-Gen Security

Automakers and suppliers expand cybersecurity network for connected cars 

By James Amend

The automotive industry is moving at high speed on connected and autonomous vehicle technologies, but keeping malicious hackers away presents a tremendous challenge, so companies across Southeast Michigan are building their expertise in defense of future cars and trucks.

“One of the greatest threats to the automotive industry is a highly publicized remote attack of a vehicle’s safety-critical system with the intent of causing injuries or loss of life,” said Shamit Ghosh, president and CEO of P3 North America, a Southfield-based firm with an automotive cybersecurity specialty.

“This alone would not only be tragic, but would obviously cause the loss of customer confidence and the reputation of the manufacturers, subsequently setting back consumer adoption of upcoming connectivity and autonomous technologies.”

Automakers and federal regulators are convinced that advanced vehicle connectivity — such as cars that communicate with each other, as well as transportation infrastructure like stoplights and crosswalks — ultimately will lead to autonomous vehicles and sharply reduce crashes and slash harmful tailpipe emissions.

Keeping those communication lines secure has become a burgeoning field in Southeast Michigan, drawing experts in software development, cryptology and mathematics to local automakers and suppliers such as P3, which earlier this year opened a 25,000-squarefoot research and development office to help satisfy demand around autonomy, device connectivity, electro-mobility and telematics. It is home to 100 new employees.

“In a nutshell, P3 acts as a bridge between OEMs and suppliers, automotive and nonautomotive companies, but also as a gatekeeper for validating and developing new promising technology,” Ghosh said.

Ghosh explained while recent, highly publicized automobile security breaches have been performed by so-called “white hat” researchers driven by a desire to alert automakers of security flaws, nefarious activity could increase as connectivity rises and vehicles become more involved in our daily lives.

Our cars are already connecting with our homes through mobile devices and that capability is expected to grow exponentially in the coming years. Mobile devices have also become a focal point of vehicle engineering, allowing owners to bring reams of personal information into the car, and cars will soon be using cloud computing.

“It is plausible that there’s a shift to ‘black hat’ hackers or rogue states with ulterior motives, such as causing loss of property, invasion of privacy or, in extreme cases, threatens our economy and way of life,” he said.

Gov. Rick Snyder considers the state a leader in cybersecurity and calls it “an exciting opportunity” for the region as vehicles become more intelligent and make our everyday lives easier. As attractive as that sounds, he adds, it comes with great responsibility.

“I’m very proactive about promoting these technologies,” said Snyder. “But we need to be equally responsible and aggressive doing cybersecurity.”

Snyder said Michigan has a strong cybersecurity backbone, dating back to the founding of the Merit Network in 1966 at the University of Michigan, Michigan State University and Wayne State University. It connected the mainframes of the three schools, but later played a foundational role developing the internet.

“Michigan has a lot of background in cybersecurity, we just haven’t marketed it very well,” Snyder said. “We have companies, such as Barracuda Networks and Duo Security, that are in Michigan doing security for the general IT world. This will extend into vehicles.”

In addition to those Ann Arbor-based firms, Lochbridge in Detroit boasts 40 years of expertise in organizational cybersecurity and is building out consulting and technology innovation around the emerging Internet of Things (IoT) and the connected car.

Local automakers and suppliers recently formed Auto-ISAC, an information- and best-practices-sharing consortium that serves as the tip of the spear for the industry on cybersecurity. Delphi, which has a cybersecurity technology unit to supply automakers with the latest defense technology, was among the first parts makers to join the group.

Jeff Owens, chief technology officer at Delphi, said its membership in Auto-ISAC demonstrates the supplier’s commitment to holistically address cybersecurity.

“We bring multiple layers of knowledge to the initiative by considering all aspects of an interconnected vehicle and associated brought in and embedded technology, including software, hardware and the architecture that connects the vehicle to ensure a safer and secure driving environment,” he said.

Alan Hall, communications manager for Ford Motor Co., said the automaker has been at the forefront of emerging cybersecurity technologies to keep its customers safe.

“Ford has long been aware of security threats to connected vehicles and takes cybersecurity very seriously by consistently working to mitigate the risk,” Hall said.

While he could not discuss specifics, he outlined several steps designed to put a safety shield around Ford vehicles, including builtin firewalls and “white-listed” functions that separate the vehicle control systems network from the communications and entertainment network and functions. Ford also utilizes “threat-modeling” to review potential attack and security issues.

“Our security team has developed extensive safeguards and processes to help secure private information and mitigate remote access risks through an embedded cellular connection, including the use of cryptography solutions to prohibit updates to the modem software or access to potentially sensitive information,” Hall said, adding that software updates must be “code-signed” and recognized as coming from Ford in order to update the system.

But more is needed going forward, said Ghosh.

“There is a definite need for more cybersecurity expertise with the capabilities to dive deeper into the solutions required to move the automotive industry forward, and it needs to be here in Southeast Michigan, where the actual development and testing is done,” he said. “With cybersecurity so embedded in the vehicle, experts need to understand the automotive processes and cybersecurity together in order to move the industry forward and implement viable automotive solutions.”