Trusted Labs > Automotives
After smartphone, connected home, the automotive seems to be the next developing device that will concentrate all the know-how of connectivity and service consumption.
From entertainment to driving functions, that traveling space include many activities.
Let’s see how the automotive market requires all the attention of the security experts, like Trusted Labs.
With the always-connected and semi-autonomous cars, the automotive manufacturing chain is integrating advanced technology and is getting complex. It includes many actors and technologies that have to interface and integrate each other. This results in an automotive system, running in the car, which results in the combination of multiple technologies, mixing hardware and software pieces.
Those pieces are dedicated to various usages: car operation, car maintenance, car entertainment. One can enumerate between 50 to 100 processors in a car, named Engine Control Unit (ECU), all being orchestrated by the Head Control Unit (HCU). And guess what? That complexity impacts security and safety.
Let’s remind that whatever the complexity of a car, its prime objective is to transport people and goods, and have to be safe. Safe from incident, safe from the privacy point of view. Thus, it is obviously expected that the all-integrated system actually protects itself from cyber-attacks. In the long list of actors involved in the manufacturing and delivery of a car, each has to integrate some security requirements in order to contribute to the industry trust. The actual actions demonstrating efforts of implementing security are also the cement of the car business, as it allows different providers to demonstrate their liability.
Last but not least, as cars are not built in days but months, thus, due to that manufacturing cycle, early actors in the value chain, such as integrator and ECU manufacturers have to provide assurances on the level of security of their products, sometimes even before product conception, anticipating emerging standards and issues. How can car industry actor stay safe in that long and nested value chain?
Security is about process, control and anticipation. That is applicable to any piece of a manufactured tech product. Whatever is its place in the value chain of the car industry, each actor should manage specific security processes, guidelines and tests to prevent security failures for which the fallout could have both short term and long term impacts (expensive recalls, negative publicity …). In Trusted Labs, we do serve different industries, from software to hardware, and over the past years, we have gathered a strong experience, addressing a variety of architectures that are actually used today in the automotive ecosystem.
Small or complex ECUs with hardware based security and embedded software, communication gateways, TCUs, aftermarket dongles, back-end infrastructures, mobile applications, our know how is covering all of that. But, as neither standards nor security certification schemes are stable, as of today in that automotive industry, we propose a pragmatic approach, based on risk evaluation, with iteration and customized analysis.
For each of our customer in the car industry, whatever is its position in the manufacturing cycle, we follow our principle “Learn the risks – Mitigate them”. As we understand this industry and value chain, we can adapt to each situation. Because security support is different depending whether you stand in the product conception or design, your level of maturity and the level of targeted security.