In December I attended the Cybersecurity in Automotive Workshop, run by the Global Semiconductor Alliance and leading management consulting firm McKinsey to collect feedback from key industry players on one of the biggest challenges facing the automotive industry.
As well as being expertly moderated by partners at McKinsey’s automotive practice, the workshop was attended by senior representatives of VW Group, Bosch and NXP, reflecting the urgency of cybersecurity as a topic in both the technological and business minds of the industry.
McKinsey presented its background research, including synthesis of a survey of industry executives (to be published later this year along with the workshop output), and a hypothesis of the key strategic and operational challenges facing the industry in the sphere of cybersecurity.
The analysis formed the basis of some interesting discussions in the group breakout sessions. In particular, the conclusion that cybersecurity in connected and autonomous vehicles (CAV) is a major threat to the OEMs’ current business model.
Let me explain: The lifetime of a car is between 8 and 12 years, over which time the manufacturer must ensure it is both safe and secure. Given the historical rate of increase of processing power, it would be dangerous to assume that a chip implemented in a new car would have the power to support the encryption and authentication workloads required throughout its lifetime. However, bringing a car back to the garage to replace hardware more than once or twice would simply not be economically viable.
A paper from McKinsey (The race for cybersecurity: Protecting the connected car in the era of new regulation)* states the problem succinctly: “Automotive players must consider cybersecurity over the entire product life cycle and not just up to when the car is sold to a customer, because new technical vulnerabilities can emerge at any time.”
Solving this problem will need alternative security practices. The McKinsey presentations and the paper both really highlight the need to ‘embed security best practices in….components’. That resonates with everything we do here at UltraSoC, especially in 2020 as we roll out the recently launched Bus Sentry hardware-embedded cybersecurity product, and as we take on more automotive projects and cybersecurity customer discussions.
*Johannes Deichmann, Benjamin Klein, Gundbert Scherf, and Rupert Stützle, McKinsey Center for Future Mobility, October 2019)
