Better late than never: major semiconductor vendors such as Freescale, Intel, Magna International, and IBM are investing in automotive security. This ABI Insight delves into the recent investments and makes the case for even more funding in automotive cybersecurity.
Registered users can unlock up to five pieces of premium content each month.
Log in or register to unlock this Insight.
Tech Giants Invest in Auto Cybersecurity
The past quarter has seen a flurry of investment by tech giants keen to capitalize on the security demands in the automotive sector. Three major announcements in September 2015 have upped the stakes for silicon vendors. Freescale, a vendor of secure, embedded processing solutions, which has had a strong presence in the secure automotive market for some time, has just consolidated this position with the acquisition of CogniVue, a developer of image cognition IP. The IP is already available in Freescale’s S32V processor, which is part of its SafeAssure functional safety program (structurally designed to comply with ISO 26262).
Intel has committed on its end to mitigate automotive cybersecurity risks through the establishment of an Automotive Security Review Board (ASRB) to work on the security of cyber-physical systems. The firm plans to provide the ARB with its own automotive advanced development platform on which security analysts will be able to test their research in all areas – hardware, software, and services (with the promise of a new car for the most "impactful" contribution). An accompanying whitepaper was released with the announcement offering a first set of best practices and recommendations for automotive security and privacy.
Magna International, a manufacturer of automotive components, announced the signing of a partnership agreement with Argus Cyber Security to package Argus’ Intrusion Prevention System solution and cloud-based monitoring services with its own offerings to protect onboard diagnostics systems.
The most recent announcement is the partnership between Giesecke & Devrient (G&D) and IBM, which have planned to work collaboratively on crypto security for connected vehicles. The duo are presenting a Secure Gateway ECU at New Mobility World this month. The demo will highlight the ability to manage trusted identities (including key creation and lifecycle management) in a secure environment through a TSM service (undoubtedly G&D’s). The Secure Gateway ECU will enable secure communications between the car and the backend. The platform will leverage embedded Secure Elements for storing crypto keys, accompanied by a subscription management for the M2M SIM modules. IBM will likely power the security intelligence capabilities on the backend side.
Hacks Drive Concern
Better late than never, the interest in automotive security from the semiconductor industry is finally kicking off. While vendors such as Freescale, NXP, Renesas, Magna, and Infineon, among others, have already started focusing on the issue, other global players in the tech industry are finally turning their attention to the problem. Hardening the SoCs has become a critical priority, and automotive OEMs are welcoming silicon provider efforts in this area. With numerous high-profile proof of concepts this summer at Black Hat and DEF CON, automotive OEMs can ill afford to ignore the warning signs put out by security researchers. It is only a matter of time before cybercriminals and other organized crime groups capitalize on insecure designs to hack cars. Commonly used tools for Grand Theft Auto (such as a slide hammer puller and screwdrivers) will quickly enough be replaced by hacking skills.
Efforts to secure V2V, V2X, and internal car communications must not only rely on the communication vector but ideally also make use of a minimum hardware-based, tamper-proof security mechanism to counter potentially complex attacks. Automotive security is compounded by the need to secure cyber-physical systems and functional safety as well, and renders the task even more critical. The increasing reliance on SoCs and connected technologies is finally focusing OEM attention on automotive cybersecurity.
New Markets for Semiconductors
The automotive OEM market is seeing a dynamic investment by semiconductors and other silicon vendors from the PC and the mobile markets. The IoT generally is opening up new opportunities for vendors from those saturated markets. The lack of internationally agreed security standards means that there is plenty of room for successful technologies in either space to make it in the IoT. Automotive is particularly attractive, not just because of the numerous high-profile proofs of concept and hacks, but also because semiconductors already have an established presence in the industry. The play now is to mass market secure SoCs in the space with the most cost-effective proposition. The automotive market is ripe for inherent security design and development; it is only a matter of investment by semis (from partnerships to acquisitions) to bring their various solutions to market.