Automakers and supplier companies are increasingly starting to adopt cyber security solutions to protect critical data or any digital asset stored in a vehicle or any vehicle related digital memory device. Cyber threats are becoming the major concern with the ever more connected car and the usage of mobile devices and applications. In order to learn more about the demand and supply of the right tools, Automotive IQ spoke to Philip O’Hara from Rogue Wave Software how software solutions help automakers detect, monitor, report, and counter cyber threats and maintain the reliability of IT systems.
Mr. O’Hara, we’ve seen the headlines in the past about the importance of software security for embedded automotive software systems. How much of it is just hype and how much of it reflects a new era in the automotive industry?
I think it’s certainly not hype. Several studies have demonstrated that hacking into a car is not just theoretically possible, but physically possible – it has been demonstrated that this can happen. The issue is, now that cars are running a software code base – there are hundreds of millions of lines of code, it’s just enormous, so the potential for an attack is quite significant. Just to put that into context, I flew to the States on a passenger airplane 747, but in reality, that probably doesn’t have much software in it at all - perhaps. An airbus however, would probably have 10 to 20 million lines of code, and that’s just to keep the aircraft flying in the sky. A car will have around 100 million lines of code. So, it’s a really complex beast.
But the issue really is that once you can get into a car’s infotainment or navigation system, you have a very good chance of getting into just about any other part of the car. That could be the ECU where you can affect the engine speed; it could be the braking system, the adaptive cruise control, etc. There are some semi-autonomous functions in cars today and within a few years cars will be completely autonomous. So it’s not theory, it’s a very real possibility and we have to do all we can to protect against the issues that in the future could pose a really serious problem. Because of this threat, automakers and supplier companies need to be keenly aware of how to secure their software before it poses a problem, and causes big implications for not only their consumer customers, but their business health.
You mentioned different areas of vulnerability for the car the more it gets connected. Do you think that the OEMs and the customers today are really aware of the threats out there?
No I don’t. I think most consumers are really only aware of credit card fraud and the like. And sadly it may well take a problem with a car where somebody hacks into it and steals data, or makes the car perform unintended actions. That will get into the newspapers and only then there will be an awareness. We are trying to create that awareness, not to perpetuate scare tactics, but to enable a more secure process for automobile manufacturing all around.
There are different motives for cybercrime, such as data theft or financial and personal information theft, for example.
It’s easy to say that the issue is someone taking control of a car and making it change lanes or stop or accelerate when it shouldn’t. But what most people don’t realize is that the other thing is data theft. Once you’re into the navigation system, you can start building up a picture of the person in the car: what they do with their lives, where they go, and so on. That’s pretty scary, really. Indeed, you could even just take over the navigation system and when the driver plugs in a certain destination, you override that destination and the car takes the driver to somewhere where they have no idea where they are. So it’s quite scary, and you wouldn’t have to do too much to take control of some of this stuff.
It seems that companies are slowly moving from creating awareness about the problem of service security to providing actual solutions. In your view, how is the role of companies within the automotive supply chain changing over time?
A car is obviously a mechanical device. Until a few years ago, all the automotive OEMs and all the automotive suppliers had great big assembly lines where they were machining lumps of metal, and of course they still are. The problem is that that they’re now adding lots and lots of software onto those devices, and traditionally they have not been software companies. It’s a huge change for them and they’re bringing in more and more software developers. I think a lot of it is that some of the tier 1 and tier 2s are driving the OEMs in best practice. They’re developing so much of this software, and suddenly compliance issues are creating potential legal problems for them if their software crashes – it might not even be a security crash, it could just be a quality crash. The implications financially are huge. The automotive industry has the opportunity to learn from other industries that had to make this leap into the software realm – such as telecom. Our company has roots there and years of experience in the security world that we can use to steer companies in the right direction.
Where do you expect the biggest troubles?
Just to correct a Microsoft laptop today, you go to check it and it comes up with an update. Imagine that on a car! It’s not easy. Only recently, Ford had to ship USB sticks out to about 30,000 drivers to update the firmware on their entertainment system because of a known quality issue. So the costs are big. The suppliers are very much cost driven, and many of the OEMs push a lot of the costs down to those suppliers. They’re looking at this stuff very hard. Certainly as an organisation, Rogue Wave probably works more with tier 1 suppliers than we do with OEMs. It’s the tier 1s who generally supply the entertainment systems, the engine systems, the braking systems, the mobile camera systems, etc. For all of those devices, we have people using our technology to secure them, and then it’s the OEMs who pull all those things together and integrate them in their own vehicles. Maybe they have their own user interfaces on top, but a lot of the underlying stuff is all the same from various OEMs. So the key is that companies producing the software need to be sure it is bulletproof before it is shipped to mitigate costly problems like I’ve mentioned.
Let’s assume that management in a company within the automotive supply chain has committed to developing safe and secure code. What is a smart way to handle this?
I guess it revolves around three areas. First, there are various software policies. Once you’ve got policies established, you need to put in place processes to make sure those policies are adhered to. Then you can use tools to often automate those processes.
In terms of policies, there are a couple of issues particularly around the areas where we work. First of all, you want to make sure that the code as you write it is secure. So we have tools that analyse the code as you type it to indicate to you various security or quality defects, and also help you comply to various industry standards.
They’re coding guidelines that the motor industry recommends you follow when you’re writing code for an embedded automotive device, and these help ensure the quality and security of the code, think about the MISRA automotive standards. But just giving your developers a 200 page manual and saying, "Here are the MISRA coding guidelines, now apply them," is just not going to work. You have to have a tool that actually forces the developers to follow those guidelines. As I mentioned before, our experience in other industries in helping them implement these steps has proven extremely effective.
The real challenge is in finding some sort of system of checks and balances between the automotive manufacturers and companies who provide products with related software code.
There is. The MISRA standards are very big in the automotive world. All of the OEMs will demand that their suppliers deliver MISRA compliant code. There’s some form of a safety net and confidence that they’re getting secure and high-quality code. Of course, how do you confirm to your end customer that you’re actually supplying them with compliant code? And that’s where the tools come in. Klocwork for example, which is our source code analysis tool, is actually certified by the German TÝV. If you use it to enforce the MISRA coding standards, it does what it says on the tin. It’s an approved product that actually checks for the rules and you can use that as your evidence to your end customer that you are actually enforcing the policies.
How important are open source software solutions?
There’s a lot of open source code out there and a lot of open source components. One of the issues is that not only are we trying to make code more secure and more reliable, but also the time to market is just absolutely falling as manufacturers scramble amongst themselves to get the best infotainment system, the most semi-autonomous car out there. There’s a time-to-market pressure, and therefore people are saying, "Look, there’s a bunch of open source components out there. Let’s put all of them together and all we’ve got to do is bind them together and there’s our software." The problem is that open source does not mean safe. It does not mean it’s legally compliant. Just because it’s an open source component doesn’t mean there’s no licensing issue. So we also have a tool called OpenLogic which helps customers enforce their open source policy. What you do is, you put in a governance piece, and that governance piece allows developers to go online and say, "Ok, we use some open source components. Which ones have been approved by my company?" They’re pre-approved on the basis of having no known security issues and that they are licensed within the supplier. That’s the governance piece. You can also scan existing code to find any open source components that may have been missed or that you haven’t licensed. It just ensures that whether you’re writing code from scratch or downloading open source code that’s already written and out there, whatever it is, it’s secure and it’s high quality.
Thank you very much for your insights on this topic.
Philip O’Hara started his career as a mechanical engineer designing aircraft before he entered the area of software development. Today, with more than 15 years experience in software technology, he is Regional Vice President, EMEA, at Rogue Wave Software.Rogue Wave provides software development tools that allow companies to improve the quality of the code they are developing and to ensure they are delivering safe, secure code, while still shortening development cycles to speed time to market.