Building partnerships to defeat hackers

In January 2018 Honeywell and LG Electronics signed  a memorandum of understanding to develop and  demonstrate an automotive software technology and  infrastructure solution to address threats associated with the increase in vehicle connectivity technology.

The solution to be developed by the collaboration will integrate LG’s intrusion, detection and protection software (IDPS) technology for securing vehicle hardware from external attacks with Honeywell’s IDPS solutions for securing internal vehicle communication and control networks along with its security monitoring and analytics capabilities for security operation centers.

Automotive Industries (AI) asked Cristina Segal, Vice President and General Manager Connected Solutions, Honeywell Transportation Systems, what are some of the trends fueling such collaboration.

Segal: First of all, more and more cars are connected. By 2020 we will have more than 80% of the new cars on the road connected at all times to the internet. That means that an attack on a car is much more probable than it is today, and the impact will be much higher than it is today.

Because of that there are requirements, although not regulations as yet for cybersecurity. Car makers are putting different levels of security in place in order to avoid accidents that can also damage the brand.

Security in a car starts with the hardware and electronics and then it goes to the operating system and then to the application level. Different solutions can be stored in each ECU. At present there is no uniform way of treating cybersecurity in the car. However, there are more and more regulators and associations that are starting to treat rules for cybersecurity as a safety problem and not just as a cybersecurity problem.

AI: How is the industry managing public perceptions?

Segal:There is not much noise about cybersecurity at the moment. People don’t want to create panic or fear. But it is an area attracting a lot of investment. Completely outrageous prices are being paid for start-ups with cybersecurity solutions. The price is being driven by many factors – panic, fear, lack of regulations.

Much of the uncertainty is due to OEMs not working together on a uniform policy for cybersecurity. It is a very difficult problem
because the car is the most complex IoT device ever built with multiple entry points, from vehicle infotainment systems to the
ECU, and hundreds of components with their own ports that can be affected by Cyberattack.

The policy must also take into account the need to monitor millions of cars in real time. The volume of data is huge. Connected cars and autonomous cars with different levels of autonomy will require new regulations. It is an amazing journey right now.

AI: How can you help global automakers embrace automotive connectivity while ensuring vehicle integrity, safety and security?

Segal: Vehicle integrity is not only about Cybersecurity. It is also about vehicle health management. It is very similar to
what happened few years ago in the aerospace industry when airplanes became connected and there was a need for real-time
information. For automakers this is at present more aspirational than real in the sense that, while they understand the need for
such an integrated solution, it is not that clear who would benefit the most and who would be ready to pay for it.

Their focus is on the elements for which they believe people will be willing to pay. But, with cybersecurity in the connected car
you need a holistic solution. You start with hardware-level ECU protection – IDS or IDPS, but then you have a security operating
center in a very similar way to what we currently have in plants or PCs, servers and so on – and that means for me and for the
automakers an end-to-end solution.

With global automakers one of the issues is the exchange of data and data protection between different regions or countries.
Regulations, which at present differ between countries and regions, will have to be harmonized. Imagine you are driving across Europe, but when you get to Russia practically everything that happens in Russia has to stay in Russia.

You would therefore need to have a different way of consuming and sending data, or you would need to have common regulations between different regions. It is a very complex problem with a lot of discussions around it and there probably will be an evolution on this topic in the next 2-3 years.

AI: What are the biggest challenges in developing and implementation of end-to-end monitoring and management platforms for connected and autonomous vehicles?

Segal: One of the big challenges is that the car changes its position and therefore you would need to know what to connect
to and then to define cybersecurity solution before you design the car. There are two features: first, it has to eliminate the most
serious threats, and secondly it has to be economically viable.

AI: How can Honeywell help meet these challenges?

Segal:What we offer today in cybersecurity is just a pure software solution. However, the fact that we offer other solutions
that are hardware and software-related lets us understand both worlds. For example, the lifecycle of the electrical and the
mechanical parts is much longer than the lifecycle of the software and requires different approaches to managing them.

AI: What does the collaboration with LG offer in terms of automotive software and infrastructure solutions?

Segal: We provide the software gateway. It is Intrusion Detection Software for CAN, which is a communication protocol inside the car. Our strategy is to partner with as many physical gateway manufacturers as possible because IDS will be mandatory and will in the future not be differentiated in the same way as gateway manufacturing. Instead of investing in something that is not differentiated our approach is to say we have a critical solution. LG is one of our partners. We want to position ourselves as a neutral and independent software vendor, which is a market leader in the field.

AI: How does your next gen cybersecurity solution for system communication within the vehicle work?

Segal: You can have ECU protection. You can have hardware protection. You can have smart boot or secure boot. However, if you don’t link them you are not able to communicate back to the car manufacturer if an attack happens or to provide the information needed to reduce the risk of attack.

Our solution is embedded in the gateway and listens to the signals in the network to identify threats and attacks. It can filter out noise and identify abnormal signals that are not related to cybersecurity.

AI: What’s next for Honeywell?

Segal: We want to establish ourselves as a software player born out of the automotive industry, with the capability to adopt new trends like cloud monitoring and real time diagnostics, predictive management and aftermarket solutions. But, we also do integrated house management systems, as well as different kinds of e-controllers that have been in the car for a few years now. We want to be in the vehicle integrity world of the automotive industry and to remain an independent software vendor. We are not a Tier 1 like Conti, Bosch or HARMAN because we are not providing the hardware electronics.

Where we do provide hardware is turbo chargers and e-turbochargers. We have new products in the pipeline, some of which are connected with the traditional Honeywell turbo charger range. Others are new products for aerospace. There is also a technology transfer to automotive from aerospace technology that is mature and tested and validated.