SAIC Motor UK Technical Centre Limited on the challenges of taking device design implementation to the next level

As cars become ever more connected their attack surface grows exponentially. This in itself increases the demands for Cyber Security and, when coupled with the user‘s demands for ease of use, presents new challenges.

Automotive IQ interviewed Alistair Goodfellow, Body Electronics Engineer at SAIC Motor UK Technical Centre Limited, and discussed about the key challenges in taking device design implementation to the next level. 

1. Can you tell us more about your role as a Body Electronics Engineer at SAIC Motor UK?

I work for the Connected and Autonomous Vehicles team here at SAIC Motor UK. I have twelve years of experience in electronics and come from a body electronics background. Originally I was employed as the lead Body Control Module engineer here (this controls the wipers, lights, seats, mirrors, etc in a car) but moved into Cyber Security last year to be able to assess and respond to the increasing security threat posed by ever more connected cars.

2. Which developments in automotive cyber security seem most promising to you? 

There is a real awareness in the industry of the importance of cyber security now. Recent high profile news articles have raised the general public’s awareness to the threat posed by targeted cyber-attacks. Legislation is fast catching up to this – bill H.R. 2288 was unanimously passed in Washington making it illegal for a manufacturer to sell, import into the US or even exhibit partially automated .vehicles without cyber security measures. The UK government has recently published its own Cyber Security Guidelines and ISO has published J3061 (Cybersecurity Guidebook for Cyber-Physical Vehicle Systems) with a more detailed book to follow.

3. What are the most important things to remember when designing with security in mind?

It is important to understand and define the functionality of the system to be able to correctly define which areas of focus are a priority. As an example, a denial of service attack would be a priority for a cyber-physical system such as steering (as this could affect safety) and confidentiality would be a priority for an in car app which processes personally identifiable information. It is also important to reduce the attack surface where possible by turning off, disabling or not installing features which are not important to the vast majority of users. Users that really need it or want it should be forced to take explicit action to obtain that feature.

4. What are the greatest challenges you currently face in your role?

The ever increasing spread of connected devices will exponentially increase the available attack surface. The greatest challenge therefore is to provide the level of connected functionality that the customer desires but with the level of security that the customer requires. The fact that cars have now become a target of cyber-attacks only serves to highlight how important this now is.

5. What advice can you give to someone who might aspire to become a Body Electronics Engineer?

A genuine interest in the field will always get you a long way. Studying maths through college and a degree in electronics at university will help but the industry, and threats, are ever changing and always moving forward. One cannot stand still once graduated and an interest in the field will ensure that you keep up to date and motivated through your career.