The idea of a car being hacked didn’t seem feasible a decade ago. However, as the industry races towards connected vehicles and fully autonomous cars, hacking has become a serious concern. As a global leader in connected car technology, cloud services and IoT solutions, HARMAN is focused on protecting the increasingly complex connected car ecosystem with cutting-edge IT and embedded security solutions to keep vehicles safe and protected.
With October being National Cybersecurity Awareness Month, we sat down with Asaf Atzmon, HARMAN’s Senior Director of Business Development & Marketing for Automotive Cybersecurity to hear his thoughts around the evolving automotive cybersecurity market and his team’s work on responding to automotive cyber-attacks.
Q) Tell us a bit about yourself and what you’re focused on currently.
A) As HARMAN’s Senior Director of Business Development & Marketing for Automotive Cybersecurity, I lead a team within the Automotive Cyber Security group, with global responsibility for sales and customer development. I’m primarily focused on customer relations around HARMAN SHIELD, our comprehensive Intrusion Detection and Prevention Solution (IDPS) to detect, manage, mitigate and respond to cyber-attacks on connected and autonomous vehicles, keeping vehicles safe and protected.
HARMAN’s Automotive Cybersecurity is a full service global business unit that has deep experience in embedded security and traditional IT security, as well as several years of pioneering in automotive cyber security. As connected cars continue to grow, it’s important for the automotive industry to develop comprehensive security solutions that enable threat detection and promptly respond to cyber-attacks on connected vehicles.
Q) Can you tell us a bit more about the evolving auto-cybersecurity market in general?
A) The automotive cybersecurity market really started to ramp up in 2010. Connecting vehicles through wireless connections started in 1996 with the introduction of the General Motors OnStar safety system to notify emergency responders of collisions. Gradually, connected services started to grow, adding remote features such as remote start and unlock. As automakers started to expand services, such as apps with vehicle information, it was in 2010 when researchers began to see vulnerabilities that could open systems to hacking.
Since then, the R&D market around automotive cybersecurity gained heavy momentum. One key factor to understanding this young industry is that most of the research is coming from ethical hackers or researchers, and not so much from malicious hackers. However, this can change as the number of connected vehicles continue to grow, leaving automotive OEMs and end users rightfully concerned about vehicle cyber-attacks.
On the contrary, at HARMAN, we view it as every car that is connected to the cloud has an opportunity to be protected. My team and I look at the market in two segments - those with embedded modems (SIM cards), which enables automakers to remotely provision connectivity over the air to vehicles with an operator of their choice. Secondly – those vehicles with smart products that consumers can purchase (like HARMAN’s Spark powered by AT&T) allow them to virtually transform a modern car into a connected device.
Q) Cybersecurity has been listed by automotive executives as a main obstacle in the development of connected cars. What is your thoughts on that statement?
A) It’s a valid statement. The combination of the increasingly growing connected cars, combined with the number of software-based components within cars can create a large problem. Any wireless, cellular or short-range mobile connection is a potential attack vector to the vehicle. In the US and the UK for example, hackers used range extenders on the owner’s keyfob (which allows for keyless entry and ignition) to steal parked vehicles over night. In another instance, ethical hackers identified vulnerabilities in the mobile app of the vehicle, which could potentially be exploited for malicious reasons.
With these factors in mind, automakers and executives are focused on employing solutions that provide connected cars with the safety, visibility, remediation, and future proofing that is needed to protect vehicles from malicious hackers. We have to remember that automakers haven’t dealt with this obstacle during the first 100 years of their existence. Now that vehicles are becoming increasingly connected, their thought processes is already changing, and that’s part of my job and my team’s job – to work with and inform automakers of these potential cybersecurity vulnerabilities and deliver them a future-proof solution.
Q) What is in HARMAN’s cybersecurity product portfolio so far?
A) HARMAN has been growing its connected car capabilities over the last 10 years, enhancing the driving experience, making cars safer and more entertaining and enabling automakers to differentiate their brands and carlines. As mentioned earlier, HARMAN’s portfolio for automotive cybersecurity is packaged in our HARMAN SHIELD Solution. HARMAN SHIELD includes means to assess, investigate, respond and mitigate to cyber threats in real-time.
Another popular solution in HARMAN’s portfolio includes our Over-the-Air (OTA) updates - a term that refers to the wireless delivery of new software to a device. OTA in automotive is already changing the automotive industry – HARMAN’s technology is being used by 18 OEMs on more than 35 million vehicles. Leveraging OTA technology, automakers have the ability to design, develop, manage and operate in-vehicle applications from the cloud, capturing data to design cars better and engaging with drivers throughout the entire car’s lifecycle, essentially “futureproofing” cars on the road. Even more broadly speaking, with 90% of self-driving technology based on software, OTA is a critical element of our ability to respond to cyber threats and a fundamental building block to the deployment of autonomous vehicles.
HARMAN is protecting both the inside and outside of the vehicle through our two key technologies. The first is Wireless IDPS, with the main objective of monitoring the different remote interfaces like cellular and Bluetooth in a vehicle. There’s a long list of algorithms that we apply that allows us to understand if someone is trying to interfere with these interfaces, and through our solutions, we can block it and deploy all of the necessary protections as well. The second kind is In-Vehicle IDPS, where we monitor activity within the vehicle. In simple terms, we can train the system to have an understanding of what is normal behavior of the network, making it much easier to detect whenever there is an anomaly from the baseline of normal activity.
Lastly, I’d like to take a moment to talk about HARMAN SHIELD’s ‘off-vehicle’ component, the Cybersecurity Analytics Center, or CSAC for short. As an OEM or fleet manager, I must have visibility into my ‘Network of Vehicles’ (NoV), in order to keep connected vehicles protected against cyber threats. Our on-board SHIELD Agents, the Wireless IDPS and in-Vehicle IDPS, collect and report to CSAC on any security related event, providing OEMs and fleet managers with 24/7 visibility of broad vehicular security-related events. The analyst at the operation center can then assess the situation and develop a response to address and mitigate any cyber threats, in real-time. CSAC can be deployed as a standalone dashboard, integrated into HARMAN Ignite (automotive cloud platform) or integrated into a 3rd party SOC (Security Operation Center) or SIEM (Security Information and Event Management) system through an API.
Q) What other work is the group doing in the industry at large?
A) Beyond HARMAN’s robust product portfolio, HARMAN is very active in the industry. We’re heavy participants with the AUTO-ISAC organization, and HARMAN’s own Geoffrey Wood, Director of Cybersecurity Business Development, is on the Board of the organization and Vice-Chair of the Suppliers Committee
HARMAN is also involved with SAE International and we’re the founders of the SMART Range initiative in Israel, in cooperation with Ben Gurion University. Still in its developmental stages, the SMART Range will be initiated as a testing ground for autonomous technologies, smart mobility solutions and autonomous vehicles.
Q) Can you tell me about the Secure Development Lifecycle?
A) Absolutely. HARMAN is a strong proponent of setting security along the full-cycle of automotive engineering, from design through manufacturing and through the deployment lifecycle of the vehicle. That is why we have defined the Secure Development Lifecycle (SDL), a common framework for implementing a security-by-design approach throughout the process of our development.
HARMAN’s Senior Director of Automotive Product Security, Amy Chu, leads this team in our Novi facility, working primarily with HARMAN Connected Car division. This team works tirelessly to ensure that security is baked into every product and solution we offer our customers – head-units, digital cockpits, telematics units and other components. A big portion of this framework includes providing consultancy services to our OEMs, helping to shape security concepts and roadmaps, conduct comprehensive threat analysis methodologies.
In terms of projects we’re developing, HARMAN is focused on working towards the future’s truly autonomous vehicle. While autonomous vehicles are meant to make driving safer and less stressful, they also present a whole new range of security challenges—challenges that must be addressed long before these vehicles hit the road in large quantities. From a security standpoint, new in-vehicle connected technologies, including cameras and wheel sensors will serve as access points for hackers. If even one of these potential points of compromise is not properly secured, the entire operation could come crashing down.
Our Automotive Cybersecurity Team has an abundance of research published around protecting the connected and autonomous vehicle, in addition to the masterminds who are developing our cybersecurity solutions for automakers. To test our product solutions, we sometimes do reverse engineering and try to hack the cars ourselves to determine the effectiveness of the solution. HARMAN is also working on supply chain challenges, including protecting the code within the individual components.
Our team is working relentlessly on cutting-edge solutions that allow OEMs to know if someone from the outside is trying to exploit these things – much of what we can’t talk publicly about just yet! If there were one overall takeaway I’d like to share with readers, it’s that these complicated automotive cybersecurity challenges that can arise within connected cars and autonomous vehicles are manageable.
Learn how HARMAN is enabling the crucial cybersecurity building blocks to autonomous driving, which will forever change cities, transportation and the global culture at large here.