With the 2019 National Cybersecurity Awareness Month (NCSAM) upon us, we decided to get the latest download on the state of cybersecurity in the automotive industry from HARMAN’s Vice President & General Manager of Automotive Cybersecurity, Asaf Atzmon.
Q) What are some interesting developments that took place in the automotive cybersecurity space in 2019? Did any events or trends surprise you?
Asaf Atzmon: In 2019, the automotive industry experienced a lot of trends and developments that were similar to those seen in previous years, including process and policy definition, security by design and hardening. From a business perspective, our team saw an increased appetite among automotive OEMs for services around consulting and guidance.
Specifically, China was aggressively pushing to catch up and close the necessary gaps needed to become an active market for automotive cybersecurity. I call that the ‘first wave of automotive cybersecurity’ and it was driven mostly by OEM program management teams and product security professionals, along with those from quality, policy and governance departments.
Now we are seeing initial signs of a ‘second wave’ that is being driven by different stakeholders, primarily the CIO/CISO, IT department, and connected vehicle and mobility initiatives. These key stakeholders are more concerned with risk management, visibility and analytics, which is why we believe there is a possibility for the second wave to be manifold bigger than the first wave.
Q) Thinking ahead to 2020 and beyond, what do you anticipate as some major trends or issues that enterprises like HARMAN may be focused on in the coming year(s)?
A.A.: I expect great interest from the CIO/CISO community for this second wave of automotive cybersecurity. This will be a result of some underlying challenges we’re seeing the industry face right now. For starters, OEMs are expanding their capabilities into the digital and mobility space in a way that is competitive with the likes of an early adopter like Tesla. To get there quickly, automakers are embracing quicker development practices and expanding the perimeter of their solutions beyond the vehicle, into areas like cloud infrastructure, user mobile applications and more.
Improved connectivity naturally demands an increase in security. Development processes being undertaken today are likely to have more vulnerabilities, misconfigurations, and implementing gaps and features that need to be continuously developed and verified. An increased perimeter of vehicular digital technologies offers up a bigger attack surface, incorporating more open and common software and cloud settings, which are all targets for attackers. There is now also a greater need to face a larger suite of compliance, regulatory, and audit requirements, as a result of developments like privacy and GDPR, electrification, and self-driving solutions.
Ultimately, we think this will push the trend of the ‘automotive SOC’ (Security Operations Center), a central command and control setup that will monitor fleets, assess the security posture of the systems involved, which is also capable of addressing and managing risks and incidents. A 2019 report by IHS Markit stated that cloud-based subscription revenue for SOC will grow to $1.64 billion by 2025. Additionally, new vehicles using SOC services will jump from 3.7 million in 2019 to 50.7 million in 2025.
Q) Getting more specifically focused on our own products and solutions, we’ve been offering HARMAN SHIELD to customers and partners. What are some unique features that make our offering the most comprehensive solution available?
A.A.: HARMAN SHIELD is a robust offering for risk management. Its value proposition is to allow OEMs and mobility service providers to drive their digital expansion and mobility agenda while managing their risks in a way that does not hinder their growth.
As a solution it provides visibility, analytics and response with means for identifying vulnerabilities, understanding risks, detecting anomalous or malicious behavior, all while investigating and remediating to sustain an adequate level of risk. The solution also applies multi-disciplinary skills which are marrying the proven practices of the IT SOC with the domain expertise needed to understand automotive cyber security. Our platform also applies advanced machine learning technology for detection and is built upon the HARMAN Ignite data platform for scalable data collection, transformation, processing and storage.
Q) What benefits does an Over-the-Air (OTA) approach to mitigating threats in connected cars provide? What are the alternatives?
A.A.: OTA is a critical component in an overall digital and mobility roadmap, and it should be part of any car-to-cloud architecture. OTA allows the OEMs to have continuous development and integration of functionality, configuration, and security updates. HARMAN OTA is the de-facto standard in the industry, already selected by 24 global OEMs with 30 million vehicles on the road, and naturally there’s a tight synergy between our offerings – HARMAN OTA, HARMAN SHIELD and HARMAN Ignite. OEMs must move into offerings which are elastic and that grow over time - the days of buying a car and expecting it to be the same five years is past us.
Q) What does working with HARMAN on cybersecurity look like for OEMs? What benefits might end users (drivers) experience in a HARMAN SHIELD-equipped car?
A.A.: Drivers are not directly exposed to HARMAN SHIELD, but its impact is evident by the features and services it enables. Our OEM customers that adopt HARMAN SHIELD benefit with a quicker go-to market time, which allows them to introduce new features and be proactive in preventing disruptions. This translates into higher revenue potential, a competitive advantage over rivals and a better user experience (UX) to drivers and passengers alike.
HARMAN SHIELD is not a generic, ‘download and install’ solution. Our cybersecurity experts work hand in hand with the customer to:
- Identify and map the ‘risks map’ aligned with the OEM roadmap and architecture
- Design and develop the ‘instrumentation of data’ for analytics purposes across the vehicle and the IT infrastructure
- Provide analysts to drive the SOC across all levels of analysis and investigation
Q) If you had one message for OEMs concerned about cybersecurity within the connected car space, what would that be?
A.A.: I would advise that OEMs look at cybersecurity as a key piece of their puzzle to become a leader in mobility. Rather than viewing cybersecurity as an ‘insurance policy’, automakers should view it as a business enabler and a solution that allows them to monitor risk. Having a robust cybersecurity platform will allow them to continue to innovate, and in a safe manner!
A collaborative effort between the government and the industry to raise awareness about the importance of cybersecurity, National Cybersecurity Awareness Month is held in October every year. A major goal of this initiative is to ensure that Americans have all the critical resources they need to be safer and more secure in the digital realm. HARMAN is at the cutting-edge of advanced automotive cybersecurity solutions, built to help automakers offer drivers and passengers with a seamless, safe and secure ride. For more info: https://car.harman.com/solutions/safety-cybersecurity/automotive-cybersecurity