There was more cybersecurity news this week following last week’s news from Auto-ISAC, FMI, BlackBerry, GuardKnox and Cyber 2 and the previous week. This week there are cybersecurity deadlines in California, Argus Cybersecurity, Continental, DENSO, Upstream and Trillium.
April 2: All Self-Driving Cars In California Must Have Cyber Security
On April 2nd, new California rules go into effect that requires all autonomous vehicles on the road (with the exception of test vehicles) to be certified to help defend against, detect and respond to cyber-attacks, unauthorized intrusions, or false vehicle control commands. The reminder comes with Argus Cyber Seucurity, that works with the leading OEMs to help them prevent, understand and respond to cyber attacks. Speak with our automotive cyber securityexperts to see how to get your driverless cars compliant with California’s cyber requirements.
Argus Cyber Security News
At Automotive World Japan, Argus Co-founder and CEO Ofer Ben-Noon shared a session with top executives from Denso, Toyota and Infineon where he briefed the attendees on the state of global automotive cyber security regulations and how Argus is helping the automotive industry comply.
Continental Protects All Components
Continental uses cybersecurity technology to ensure comprehensive protection against possible hacker attacks on safety-relevant vehicle components and in production plants.
“Our experts are working to bring security to the next level and safeguard our systems against hacker attacks, including the production security in our plants. The first production lines have already been equipped to integrate cyber security functions into the products,” said Robert Beaver, Chief Engineer Vehicle Dynamics at Continental. “Security affects every single vehicle component, which is why not only communication interfaces need to be protected but also – and especially – safety components such as brakes systems need to be as well.”
Cryptographic processes for a safety-relevant system have been implemented for the first time in the latest brake system, the MK C1. With the MK C1, the brake actuation feature, the brake booster and the control systems (ABS and ESC) are combined into a compact, weight-saving braking module. The MK C1 is more dynamic, lighter and more compact than conventional brake systems and has been specially developed for vehicles with extensive advanced driver assistance systems as well as recuperation and automated driving capability.
As the level of connectivity and the number of in-vehicle interfaces grow, this necessitates increase, and so does the risk of hacker attacks. Hackers are motivated by many reasons, which include data theft, financial interests and reputation. In response, Continental is strengthening all possible points of attack and implementing cybersecurity solutions on multiple levels and layers: on the first level, the individual electronic system components are protected; on the second level, communication between the in-vehicle systems is protected; on the third level, all the vehicle’s external interfaces are protected; and on the fourth level, data processing outside the vehicle is protected against theft and manipulation and also includes cloud and backend solutions. These offerings have been significantly augmented with the multiple end-to-end solutions provided by Israeli startup, Argus Cyber Security, which Continental recently acquired.
All future products from Continental – including the MK C1 – will contain cryptographic functions that can be used to introduce security keys. These keys are generated individually for each product, which ensures maximum security — even if one car is hacked, a second one is still protected.
“The keys can be used for various operations and cannot be read externally, just like the PIN for your smartphone,” said Dennis Kutschke, Cyber Security program manager at Continental. “When it comes to cyber security, Continental also learns from the experiences and technologies in other industries. Cyber security is relevant to vehicle systems not only when they are integrated but also during the loading of software and digital keys— which is why a special production security concept valid for all locations is being introduced worldwide. The concept is based on a risk analysis conducted to identify weaknesses. Automotive manufacturers, too, benefit from being able to transfer their own keys to the system via the secure Continental network.”
Cyber security is an asymmetric challenge. While Continental must keep its eyes on many systems, hackers need to identify a single weakness.
“It’s an ongoing race between the people who want to protect the systems and those that want to hack into them,” said Kutschke. “This is why it is so important to act as quickly as possible whenever any weakness is identified.”
Continental has introduced an incident response management system, which is an additional layer of security that responds immediately if there is an attack. This was developed with the expertise of Argus Cyber Security. Together with Elektrobit, which specializes in embedded and connected software solutions, the security experts have already unveiled an all-in-one solution for over-the-air software updates. This solution will ensure that millions of cars can instantly be upgraded to the latest security level without having to visit the auto repair shop, an important requirement for “Vision Zero” – a future without road deaths, injuries or accidents. Continental is also utilizing this knowhow to support car manufacturers in all matters relating to cyber security.
Karamba Security News
New to Karamba Security’s management team is Guy Sagy, a decorated officer and 25-year cyber architect with Unit 8200, the elite technology unit of the Israeli Intelligence Corps, who has been appointed Karamba Security chief technology officer. Assaf Harel, Karamba Security’s co-founder was appointed Karamba’s chief scientist.
Amir Einav, who ran HP’s ArcSight cybersecurity products, and before that global marketing for HP’s telecommunication markets, has been named Karamba Security’s vice president of Marketing.
In addition, Karamba Security has expanded its Chief Technology Officer (CTO) Advisory Board with two industry executives: Paul Mascarenas, former chief technical officer at Ford Motor Company and Bruce Coventry, former Powertrain business unit leader at Chrysler and Daimler and most recently the chairman of TowerSec.
DENSO Cybersecurity in Israel
DENSO Corporation t unveiled its newest innovative satellite R&D team in Israel, accelerating advanced technologies like automated driving, cybersecurity, and AI. Starting in April, DENSO’s R&D satellite will begin collaborating with local startups to pioneer new technologies.
DENSO’s satellite R&D activities in Israel build on the country’s surge in innovative technologies in fields spanning cybersecurity, telecommunications, AI, sensing, and software. Israeli companies and tech startups have an established track record for successful collaboration with companies overseas, and are expected to play a major role in global innovation across a number of fields.
DENSO will tap into Israel’s technology strengths to quickly develop more competitive technologies, both internally and through collaborative research with local companies and universities. The technologies and products developed in Israel will contribute to DENSO’s mission to deliver safe and sustainable mobility solutions that improve people’s lives and benefit the environment.
BSI NIST CSF
British Standards Institution (BSI), the leading certification body in information security, announced today it has launched 3rd party verification and certification to the National Institute of Standards and Technology’s (NIST) Cybersecurity Framework (CSF) voluntary consensus standard to protect the nation’s critical infrastructure
Mandated in response to Executive Order (EO) 13636, issued by President Obama in February 2013, the Framework is designed to help protect the nation’s vital industries from cyber-attacks. BSI was part of the team of experts that worked with NIST to develop the Framework and is uniquely qualified to offer the independent certification program.
BSI’s program integrates NIST CSF with ISO/IEC 27001 certification and validates the wider information security program, facilitating the organization’s comprehensive risk management system and communication.
Upstream Ups Personnel
Upstream Security, cloud-based cybersecurity platform for connected cars and autonomous vehicles, announced two key appointments to its executive management team. Dan Sahar has joined as Vice President of Product, and Jeff Lebowitz as its Vice President of Market Development. Both are experienced executives with deep domain expertise in cybersecurity and information technologies. The news comes on the heels of a string of recent successes for Upstream, including closing of a $9 million Series A funding round and the launch of its ground breaking product: Automotive Fleet Cybersecurity Platform. In their new roles, Sahar and Lebowitz will support the company as it executes an aggressive go-to-market strategy, which includes expansion into international markets in 2018.
Upstream Security is the first cloud-based cybersecurity solution that protects the technologies and applications of connected and autonomous vehicles. Founded by cybersecurity veterans, Upstream leverages big data and machine learning to provide OEMs and vehicle fleets with unprecedented, comprehensive, and non-intrusive defense. With application security, real-time data protection and anomaly detection, attacks are identified and blocked before they reach and harm the vehicle’s network.
Trillium Joins Linux Foundation
The Linux Foundation, the nonprofit organization enabling mass innovation through open source, announced the addition of 35 Silver members and three Associate members one of which is Trillium. Trillium is an IoT cybersecurity venture focused on protecting mission critical automotive and IoT networks from malicious cyber attack including intrusive manipulation and passive monitoring or eavesdropping.
SUBSCRIBE
You are welcome to subscribe to receive email notification of publication of Connected Car News Cybersecurity, you can also get weekly news summaries or daily emails.