As modern cars evolve into highly-sophisticated and internet-connected machines, it is incumbent on automotive companies to adopt cyber-protection measures in an effort to safeguard vehicles and passengers' lives, something no less important than the deployment of airbags or the use of ABS. We spoke to C2A Security founder and CEO Michael Dick on the topic.
C2A provides in-vehicle end-to-end cybersecurity protection. Using a bespoke suite of cybersecurity solutions, C2A provides automotive manufacturers with all the tools to protect themselves from cyber-attacks. C2A products are based on a deep knowledge of the automotive industry's pains and requirements and have been engineered from the ground-up with automotive manufacturers' needs in mind: reliability, cost, time-to-market, and integration complexity.
We had the opportunity to chat to C2A Security founder und CEO Michael Dick:
This is a trust-based industry. I think that a position is gained once you have proven your ability to deliver. OEMs and Tier 1 companies worry that what has been delivered at the POC stage will not meet their production requirements or will behave differently. For example, in the automotive field, unlike IT, your cyber security product has to have a minimal footprint and minimal compute resource consumption, in order to fit into a real automotive ECU. I think the biggest challenge is the ability to deliver an automotive-compatible product. In addition to this, the fact that we have a veteran leadership with a track record of delivering security products on a large scale is also a key factor in this industry. There is also the issue of how hungry the customers are for your products. Our philosophy is to provide products that answer a real market need.
It is very simple. If you want to be able to protect passengers’ lives and do mitigation in real-time to stop an attack, you have to do cybersecurity inside the vehicle.
Cybersecurity equals safety. Cybersecurity became a safety issue from the moment we made our vehicles connected. But for the end consumer, there will be a psychological barrier to put their lives into the hands of a non-secured driverless car and hence there will be a strong requirement from the OEMs for cyber security solutions. When John Doe buys an iPhone, he knows that the government cannot extract data out of it. When he sees an autonomous vehicle, he will ask if it can be hacked.
Public efforts, such as the new ISO standards for automotive cybersecurity, and an industry-driven cybersecurity community, like Auto-ISAC, will improve automotive cybersecurity capabilities and readiness. Having said that, there is still a very long way to go. Some OEMs are still internally discussing basic security features, while others are already testing and integrating advanced solutions. With time, I believe we will see consolidation in the OEMs’ cyber roadmap, each integrating multiple layers of security – starting from secure boot, then the perimeter, networks and endpoint protection.
From my experience delivering cybersecurity to mass markets, a major challenge will be the ongoing management of the cybersecurity lifecycle. Without being well prepared for this, it becomes a painfully expensive issue the day after rolling out vehicles with security solutions on board.
Michael was a co-founder and SVP of NDS, which was acquired by Cisco for $5bn in 2012, and served as VP in Cisco, specialising in Security Delivery.
He is a pioneer in embedded, network and content security and managed many global clients. He has global experience working on large scale systems that protected billions of dollars of content for customers including BSkyB, Foxtel, Star TV, Sky Italia, Direct TV and others.
Find C2A Security in Hall 5, Booth B30!