Creating the software to protect the hardware

Cristina Segal, Vice President and General Manager of the global connected vehicle business enterprise for Honeywell, explains how automakers can protect their products from cyber attacks.  

Cristina Segal has been around the Internet of Things (IOT) and the new generation of cars with advanced connected systems for over seven years now, with great experience in the field. Because the car is becoming more and more connected it is expected that by 2022 over 80% of cars around the world will be directly connected to the internet, creating a whole new space for companies to focus on. Like many others, Honeywell moved into this area because it identified a need in the automotive market, as the traditional car morphs into an entirely connected product that will create a new way to travel. In addition, this transition into IOT software introduces new capabilities that remove the burden of taking a vehicle into a garage, through predictive maintenance, asset management and general user experience. Once this level of connectivity is achieved, users can have the same experience in cars all over the world, making their lives much more convenient and enjoyable.   

But this is not the only trend changing the way we operate a car. Mobility services have changed the way consumers buy and operate vehicles. The majority of people today are leasing a car and, soon, people will not even think about owning their own vehicle, utilising the growing trend of these new services in urban ecosystems. This is an exciting time for consumers, but it does bring new problems into the market, which Segal believes need to be addressed as soon as possible. “Through this change, cyber security becomes much more important as these are processes that can be exploited through cyber hacks. When you have such a high percentage of the car connected, you become vulnerable to a massive attack,” she says.  

Software security was never a big hurdle for automotive manufacturers, but it has become more important over time and there will soon be an expectation of safety requirements in connected vehicles. Segal believes that this requires a regulation process to create a sufficient level of security, informing different players in the industry about the risks of these systems. “These new vehicle systems are the most complicated devices we have today and will require multiple levels of security, from ECU and the software to even the powertrain and automatic emergency braking system,” she warns. There are so many different levels that need to be protected from cyber attacks, which means that the industry needs to work towards a sufficient level of protection for future products.  

Software overhaul

Typically, carmakers are not used to dealing with this level of connectivity and the complications that come with it, one of which is cybersecurity. This is where an expert such as Honeywell can be so helpful, educating companies that do not necessarily have this kind of knowledge. “This is a relatively new process in the lifecycle of the car manufacturer,” warns Segal. “I remember five years ago, there was a big discussion about the development cycle needed for a software overhaul in a car. A big part of this is the product life cycle, which is around three to five years and still too long compared to what we see with other devices.” This is not easy for a car manufacturer to deal with because this changes everything, from shortening the life cycle, changing the supply chain with larger ECUs and the way they have to think about part replacements if something goes wrong.  

However, it is becoming more about the software, rather than the hardware that has been so common prior to this shift. Companies like Google, Amazon and Uber all state that they are making autonomous cars because it is the software that is taking control of the vehicles. “It is becoming more about the software than the hardware through the innovations we are starting to see and this will continue to be the case as we move forward,” adds Segal. Of course, the manufacturing side of things is extremely important as there needs to be an infrastructure or skeleton for the software to be installed onto, although the software is starting to, quite literally, drive the vehicle. With such a dependence on the software, the automotive world must adapt and create bridges between it and the technology field in order to reap the benefits without the complications that may arrive with it.  

The vehicle itself is a beautiful premium car with a great design. When it comes to the powertrain and chassis, all the standard technology you expect remains, but refined to a premium level. However, everything is completely new inside the car, with high speed connectivity through an advanced infotainment system, combined with an interior that allows you to rotate the front seats when in autonomous mode, creating a revolutionary user experience. "It is important to analyse what people really want in the car and you can already see this on the road today,” adds Breitfeld. “On my morning commute, the average speed is between 5-8 mph due to the traffic. 95% of people have their left hand on the steering wheel and their right hand holding their smartphone. This shows us how people want to make use of their time in situations like this, so why not offer them this kind of innovation directly from the car in a much more efficient and safer way?” 

Setting the bar 

The leading OEMs are starting to build their own identity in the technology field, with thousands of software engineers being brought in to move the brand into the new era of transportation. Due to this, there is a hugely competitive market with automotive players racing to bring this software out faster than their competitors - but is this safe? Segal believes that this will all come down to creating a standard when it comes to the software. "There will need to be more standardisation on what kind of cybersecurity components you will need to have in the car and how you validate them. It is quite similar to the safety standards behind the process of building a car; so we need to achieve these standards and make sure certain things are mandatory." 

If we achieve a standard for cyber security, the industry can work towards a high-level of efficient software that is as safe as possible. What this approach brings is that extra level of safety, especially with car-to-cloud standardisation, something that we should expect to see in the near future. However, some companies are put off by this idea, believing that they will lose out on their identity in the market. “There are OEMs and new innovation companies that are very reluctant to standardise because they feel as if they will lose their differentiation, but I believe that body regulators will do what they have to do in order to protect the user,” says Segal. “This is a solution that will allow better monitoring of the software and any attacks on systems, protecting the car and consumer.” However, this all depends on the regulators, with different regions such as the European Union and China working towards introducing their own safety standards for connected cars and the ecosystem that surrounds them.

Preparing for safe, efficient technology

At the end of the day, an OEM is producing cars for everybody around the world, which means that they typically do not want to use different software in many regions. There will be a tendency towards this global approach, especially in terms of security, but also because having multiple systems will cost more money; we already see this happening in other areas of the automotive industry. However, says Segal, “this will take some time because of the lifecycle of the vehicles, meaning that cars set for 2022 are already close to the production line. Due to this, these companies need to think five years ahead, which can be hard to predict.” This can become confusing for two industries with very different product life cycles. This will bring periodic software updates over the cloud in order to keep the product up to date, as cars will start to operate like a smartphone, with new connectivity features introduced over the lifecycle of the vehicle.

Due to this, automakers are starting to buy companies that are able to provide over-the-air updates because they realise that it is more simple and cheaper. “These application updates are the direction that that car manufacturers are going,” continues Segal. “This may become a problem for automakers with a large variety of models which is why, in the future, I expect there to be a lot less variation in the market.” Once you have this, the process behind over-the-air updates will be much simpler and create a better experience for consumers. Fundamentally, this all comes down to agileness of the company, with many traditional OEMs struggling to adapt to the technology overhaul as they have so many existing systems in place. Segal uses Tesla as an example to show how a smaller line up can actually work in an automaker’s favour. “Tesla is the Apple of the automotive industry, benefiting from over-the-air updates through a much smaller line-up than a typical manufacturer. Older OEMs have multiple suppliers and components which makes updating software very complex to put in place and this needs to change.” 

Two worlds, one solution  

Honeywell is in a strategic position within the industry, knowing both the hardware and software side of things. When the company puts the software into the hardware, it understands the processes from the other side, which is an advantage over new startups that never developed the hardware. This means that Honeywell is able to understand all of the complexities that come with the development, providing a safer platform for the technology.  

Segal believes that, over time, the marriage between software and hardware will become distant, as automakers look to install the technology onto existing ECUs within their vehicles. “I predict that the hardware and software lifecycle will be decoupled, which already happens with other devices. This means that you will have multiple versions of software on the same hardware which allows you to increase the functionality and modality of the car through updates.” This will be a big change for the automotive industry, but with this comes over-the-air updates which will introduce a standard by bringing in regulations and creating a more structured defense strategy against cyber attacks. This then leads to less variation on the hardware side because the differentiator will come with the functionality managed by the software. “Take autonomous driving for example,” says Segal, “it is all about new components that are capable of simulating the behaviour of the driver through software. The revolution will come from the technology, allowing you to change functionalities on the same vehicle across is lifecycle and completely change the culture of the OEMs.” When you utilise these software updates, cyber security will improve through constant monitoring of the systems and prediction technology, ensuring that the cars and their passengers are always protected.   

You may also like:

New Mobility | Visions | Three6Zero Limited © 2018