A game of cat and mouse

Panasonic’s head of Cyber Security, Dr. Jun Anzai, speaks to Alex Kreetzer about the importance of protection in the development of the connected car.

Due to the emergence of the Internet of Things (IOT), vehicles are becoming more and more connected to the cyberspace through the internet. This has allowed software developers to work towards ‘the third living space’, making consumers’ journeys better than ever before. However, preventive measures against threats such as hacking, glitches and computer viruses have become an important need for the safety and comfort of car users. Such cyber security technologies are not just extensions of already existing technologies and software led by automotive providers, but rather a new paradigm that needs to be addressed. With vehicles becoming increasingly connected and the age of autonomous vehicles rapidly approaching, it is crucial that connected car specialists prioritise cyber security and provide automakers with the ability to protect vehicles throughout their lifespan.

Dr. Jun Anzai

The risks of hackers taking control of systems in connected cars has become a real threat, with new security vulnerabilities being discovered every day that pose a risk for remote exploitation. It is therefore more important than ever not only to implement security measures in each car but also to analyse new attacks by constantly monitoring in-vehicle systems from the cloud and utilise the results to implement countermeasures against cyber-attacks to all vehicles. Automakers must understand that securing vehicles and passengers from attacks through these services is paramount to ensuring consumer trust, the success of these platforms and safety.

Speaking to Dr. Jun Anzai, Manager, Cyber Security R&D, Panasonic Corporation, I find out how the automotive industry can get the best out of the IT available, while ensuring top levels of safety for connected cars of the future. “As far as cyber security is concerned, we are proceeding its introduction to automobiles while customising it with the knowledge of the IT industry,” he explains. “The automobile industry is trying to realise the development of a connected car by incorporating cyber security measures into the development process.” 

The need for OTA

In recent times - and the foreseeable future - there has been a great need for monitoring and updating software within vehicles, to make sure that they remain as safe as possible from any threats or issues. Anzai believes that over-the-air (OTA) updates can help the industry overcome one of the biggest issues in the development of the connected car. “From the perspective of cyber security, it is difficult to deal with unknown attacks and vulnerabilities when shipping cars. Therefore, OTA is required to respond to these attacks and vulnerabilities after shipment,” he says. By doing so, automakers and software specialists can make sure that they stay ahead of hackers by constantly analysing vehicles in order to predict when a problem in the system may occur and addressing it before an issue arises.   

However, there is a downside to this process of constant updates, as it makes the systems more vulnerable to a breach. This could mean that the increased use of OTA in vehicles could, in fact, make it easier for hackers to exploit backdoors. “From the perspective of cyber security, OTA has its advantages and disadvantages, because updating features brings the possibility of new vulnerabilities,” adds Anzai. This raises concerns over the future of OTA updates, which will inevitably be the way that the automotive industry goes in the future. Developers and automakers must ensure that software is completely safe before releasing it, which could delay the development of these innovations. Anzai says that, in terms of cyber security, it is difficult to realise software that is completely invulnerable because new concept vulnerabilities and attack methods are being discovered. “Therefore, in order to prevent system security from collapsing with one vulnerability, we must deal with a multi-layer defense that implements multiple security functions in multiple layers.”

We have already seen cyber attacks on a number of automakers’ infotainment systems. There will be some hiccups during initial testing, although the industry cannot justify putting consumers at risk. Anzai believes that there is no perfect outcome for cyber security, but that companies must take the correct precautions to minimise the risk of an attack or issue as much as possible. “It is important to combine multiple measures and to continuously monitor the connected cars for new attacks or vulnerabilities,” he stresses. With this approach - and continued research and development - the industry can move towards a certain level of cyber security.

The power of the supplier

In the past, infotainment was not really a part of the driving experience, which created a white space on the map of connectivity. The arrival of the connected car has altered the way that we update and share software, which means that automakers have to source this kind of innovation out-of-house. This is where suppliers like Panasonic come in, aware of the bigger picture when it comes to a connected ecosystem and able to grow and support customers through software updates and distribution.  

This has spawned collaborations between suppliers and automakers, which has become a vital element to the development of cyber security. Although, this has created uncertainty around the security which could leave backdoors open that would make it easier for hackers. “There is concern that the security level of the whole car will be reduced due to differences in the suppliers’ ability to handle cyber security when viewed from the car manufacturer,” says Anzai. “We should use the power of our supplier who is good at cyber security measures to design and operate the whole car.” By doing so, the entire vehicle is connected as one, instead of having many different facets that pose a higher risk. 

With the automotive and technology industries starting to interlink, and with multiple joint-ventures between OEMs and software developers increasing, mutual benefits will arise in the connected car sector. This will also mean that the technology will become progressively more centralised to the vehicle, taking over almost every component within it. “The tendency for OEMs to collaborate with the technology industry to possess software development functions is expected to increase more and more due to the increasing complexity of automobiles,” Anzai continues. “Perhaps the most important core technology of the car may be software in the future. Therefore, it is thought that we will move to the next phase such as integration and competition from the current complementary relationship.” 

AI vs. AI

Cyber security is a very broad topic. Believe it or not, the first recorded case of cyber crime goes back as early as 1820 - albeit very different to what we are seeing today. There are so many levels and types of breaches that are difficult to prepare for, especially with artificial intelligence on its way into the connected car. AI will bring a new age of technology, both positive and negative for software specialists; these companies will be able to create revolutionary systems that can operate on their own, but must ensure that hackers do not target and manipulate AI systems. “In the past, cyber security was not making progress between attackers and defenders, and as threats were coming from human beings with malicious intentions, we could not expect changes in that relationship,” says Anzai. “On the other hand, with the evolution of AI, both the attacker and the defender may move towards the new age to utilise AI, and this may change the new relation of AI vs. AI.” 

So how do we overcome these serious issues on the horizon? Well, we must first start by sharing and discussing information through organisations filled with OEMs, software suppliers and authoritative bodies. Anzai agrees with this: “If many defending organisations can share the information necessary for learning globally, defenders will have a better chance to win.” This is starting to happen, but the industry needs to push for more awareness of the risks of cyber attacks in the future. Without the correct precautions and standards put in place, the industry could become a very hostile environment where it becomes a game of cat and mouse against cyber criminals.  

You may also like:

Don't miss out

Be the first to know about the latest news in the automotive and transportation industry, through our weekly mailer and bi-monthly publication: New Mobility Visions.

New Mobility | Visions | Three6Zero Limited © 2018