MADISON, Wis. — Thanks to the Jeep hack that led to Chrysler’s recall of 1.4 million vehicles last year, car OEMs today see automotive cybersecurity as a real-world problem that could ravage their bottom line.
This change in perception, compared with just a year ago, is seismic.
Their subsequent cry for help has fueled a mad dash among a slew of startups such as Argus Cyber Security, Karamba Security and VisualThreat, all of them pitching automotive cybersecurity technology solutions.
Incumbents in the computer world and embedded operating system companies — including Symantec, VMware, WindRiver, Green Hills — have joined the stampede.
“Everything is gearing up” for cybersecurity technologies, said Egil Juliussen, director of research & principal analyst for automotive technology at IHS Markit.
Yet, in reality, “Auto cybersecurity is still an emerging market” that comes with “minimal historical data on market size and market segments,” he acknowledged.
In these pages, EE Times attempts to break down the layers of automotive cybersecurity. We first look at where in a vehicle such software will reside, its functions and likely evolution.
What to protect
Car makers have only begun scratching cybersecurity’s surface. Many OEMs are focused on building firewalls to protect their infotainment ECUs from external attacks.
“Any security is better than nothing if you have a vehicle with an embedded cellular module/modem or a smartphone integration solution,” noted Greg Basich, senior analyst at Strategy Analytics. “Given that the frequency of automotive hacks is increasing, and the media is paying attention, OEMs need to do something for their existing vehicle models and electronic architectures.”
But the places inside a vehicle that need protection go well beyond firewalls for infotainment.
Juliussen believes that driving control ECUs (which communicate with OBD-II or work with over-the-air updates) need a separate firewall. Today, car OEMs often use one modem — shared by infotainment ECUs and driving control ECUs — to communicate externally. Given that driving control ECUs are connected to the mission-critical drive train, “I suspect that two separate modems will be needed in the future,” said Juliussen.
Protection for driving control ECUs becomes more critical as ADAS/ autonomous driving capabilities emerge.
Next page: Automotive cybersecurity segments