As cars on the highway become connected, the primordial idea of vehicles just being considered as well-oiled machines ceases to make sense. Smart cars are akin to the smartphones we carry around, with them being uniquely attuned to the needs of the users – albeit functionally remaining pretty identical vehicles.
A lot of this depends on the various sensors that are placed all around the vehicle, leading to the possibility of them being hacked and running into cybersecurity threats. This makes it imperative for OEMs to address the issue, as vehicles when hacked could lead to loss of data at the very least to wrecking lives at the worst.
FreightWaves caught up with Moshe Shlisel, CEO of Israeli startup GuardKnox Cyber Technologies, to discuss cybersecurity and how technology could help safeguard vehicles from getting hacked. The team of GuardKnox comes in with years of experience in the Israeli Air Force, having provided cybersecurity solutions for Israeli fighter jets and missile defense systems.
Shlisel started by explaining why he believed the cybersecurity domain needs to borrow technology from the defense sector, rather than perennially depending on the IT industry for solutions. “If you look at solutions coming in from the IT world, they are approaching vehicle protection like they would a computer. The difference between a computer and a moving platform like a vehicle or a fighter jet, is that you have a finite number of messages and protocols in a vehicle, while having an infinite number of protocols and messages in a computer,” he said.
This ascertains the need for a different approach, as computer cybersecurity systems use statistical mechanisms, which cannot guarantee absolute protection, as false positives are a common occurrence – averaging at around 9% of the total detections. “Never mind the company you are looking at from this industry, they are using mechanisms that protect parts of the entire network, and are not looking at the vehicle from a holistic point of view,” said Shlisel.
GuardKnox has a multi-layered approach towards security and looks to protect every engine control unit (ECU) within the vehicle, because as Shlisel said, the “vehicle does not live in a bubble.” And for this, the company asks the OEMs to furnish just two documents – the communication matrix and technical specifications of different ECUs.
“You give us specifications, and you have a solution that protects the vehicle. But that’s only the start, as we look at cybersecurity as the baseline of more important things that should be in a modern vehicle – not just cybersecurity, as it is all but an extension of safety,” said Shlisel. “The vehicle is the smallest area in the world where all our loved ones are gathered. You need to comply with a cybersecurity standard and a safety standard. You would also need to be able to protect the vehicle without having constant communication, by offloading part of the protection to the cloud.”
Shlisel also pointed out the need to provide security for communications with the cloud without imposing latency into the process, as several critical decisions in autonomous cars like braking or acceleration depend on it. “We are locking every bit in every field across every message in the entire vehicle. Which means, if you as an OEM decided that in bit number 17, we are going to have 1 instead of 0, we would make sure that in any case that this message appears, the bit number 17 will be 1 and not 0. And if this bit is altered, this message will be discarded,” he said.
From the point of view of OEMs, the data that is produced in the vehicle needs to be processed on-board as well, with only necessary data leaving the platform to the cloud. Since the OEMs end up paying for the communication, they would opt for a solution that reduces data relaying to the barest minimum.
The meteoric rise in autonomous driving possibilities would make it even harder for cybersecurity companies, as self-driving vehicles rely wholly on LIDARs, cameras, and ultrasonic sensors to stay on course. Shlisel insisted that GuardKnox’s experience in the defense industry helps it ward off attacks more efficiently than the contemporary cybersecurity offerings.
“The market is challenging, and we are in the middle of a paradigm shift. If you are not flexible enough and if you are not sensitive to your customer needs, then you are going to overshoot and miss the target,” he said. “A driver that drives a Formula 1 does not win when he drives fast on the straight lanes, but when he controls the curves. Challenges are about being connected with the customer at all times, understand their changing needs, and controlling the curves.”