OEMs, Tier 1s, and key supply chain players all differ in their approach to cybersecurity, opting for strategies that align specifically with their needs. Chief Product and Marketing Officer Nathaniel Meron outline the benefits of visibility-first cybersecurity, and how this new approach will allow for intentional, tailor-made cybersecurity policies based on individual needs.
By Nathaniel Meron, Chief Product and Marketing Officer, C2A Security
Introduction
Building a production-ready vehicle isn’t as straightforward as it sounds. Heightened consumer expectations, increased demand for computerized, connected vehicles, and the persistent top priority of personal safety all exert pressure on stakeholders in mass vehicle production to get it right. Recently, cybersecurity has emerged as a central sticking point in this narrative: can cars truly be safe, reliable, or road-ready without being fully secure, and resilient against attack?
As a result, OEMs and Tier 1 suppliers have hastened to adopt cybersecurity strategies, leading to fragmented supply chain communications and a multitude of approaches across the industry, neither of which account for the different cybersecurity strategies required for each vehicle. While the industry is looking to address this challenge, albeit gradually, the best approach is one that will see the automotive industry building a tailored cybersecurity approach from the ground up. Instead of aiming for a one-size-fits-all cybersecurity solution, key automotive stakeholders should embrace their differences through a visibility-first concept that will enable each OEM to plan and execute a tailor-made cybersecurity policy based on unique needs.
Can a customized approach really be cost-effective?
OEMs and Tier 1 suppliers differ in their approach to cybersecurity, as do their needs. While some are focused on the deployment of basic passive security solutions, others have advanced to active measures, each with their own approach: some OEMs and Tier 1s think that one-dimensional protection will suffice, while others are building multi-layered defense mechanisms. Though these cybersecurity end-goals are certainly important, the process of getting there is even more so. Today’s cybersecurity solutions undoubtedly provide real value to the ecosystem but are inhibited by their inability to scale easily and support different variants of vehicle models, and how each vehicle on the road may need a different configuration. Automotive manufacturers need a diverse toolbox to protect different systems from the vast array of potential attacks.
These tools must be as flexible as the approach itself. With a supply chain fraught with complication and the sheer volume of vehicle makes and models, it’s essential that solutions be scalable enough to accommodate customizations for all industrial manufacturers. Although the number of requirements for effective, scalable cybersecurity solutions is high, their cost doesn’t have to be. In fact, an approach that creates visibility across the vehicle lifecycle will produce cost savings. Streamlined communication means less overhead and a reduced risk of recalls, while solutions that are easily integrated into any system cost less in the long-term, particularly those that work with any hardware solution.
Though security requirements may change throughout the vehicle lifecycle, OEMs must be able to orchestrate, change, and update security across all different models and variations, quickly and effectively.
Security by design, customized to the automotive industry.
A tailored approach to cybersecurity embodies a new meaning of “security by design” for the automotive industry. No, one OEM can’t act as its own supply chain, but it can tailor its implementation strategy to match the architecture of its vehicle. Key players in the automotive industry have already started to master the art of vertical integration. Tesla’s rapid-fire approach to innovation has served its purpose well: they are the only automotive manufacturer to build everything from seats to computer processors themselves, with great success. This same principle can be applied to automotive cybersecurity. While suppliers will undoubtedly still be involved in the process, how can OEMs vertically control cybersecurity by leveraging a solution such as the one deployed by Elon Musk, and Tesla?
Typically, for any OEM, cybersecurity principles remain the same. Security and safety goals are still aligned, but the means of implementation are fundamentally different due to the solutions, vehicle architecture or networks within the vehicle. Take network perimeter security as an example: perimeter components are vulnerable to remote cyber attacks, meaning there are too many potential weak spots residing in the network. Sometimes, there is no isolation between those perimeter networks to inner safety systems at all – making fraught networks, with many potential weak spots, even more, vulnerable to attack. Therefore, OEMs need to apply additional layers to enhance security. A scalable, tailored, and visible cybersecurity lifecycle management solution that overlays existing solutions will address all of these needs seamlessly, creating optimal security for the vehicle and a cost-effective, streamlined approach for each OEM.
Visibility enables OEMs and Tier 1s to customize their approach to cybersecurity
A transparent cybersecurity lifecycle management platform will give the automotive industry the visibility required to perfect cybersecurity posture and achieve its cybersecurity and safety goals. This visibility-first approach means that all OEMs and Tier 1s can practically address the cybersecurity requirements of each individual vehicle at scale, regardless of make or model, streamline communication across the supply chain, and reduce the overall cost of cybersecurity per vehicle.
Visibility means security by design customized to the industry and its unique needs. While one OEM can’t own their entire supply chain, they can now own all communications across it and prioritize cybersecurity management throughout the vehicle lifecycle. OEMs will be able to orchestrate change and update security across all different car variants, quickly and effectively. The result will be cost-effective cybersecurity for every make, model, and individual vehicle, even as cars and trucks become more connected and complex.
About the Author
Nathaniel is passionate about bringing new technologies to the market to solve real problems, joining his first startup at the age of 20. With C2A Security, Nathaniel is bringing that same passion to help automotive OEMs and Tier 1s overcome the cybersecurity risks presented by today’s sophisticated connected vehicle architecture with new levels of visibility and control. With Nathaniel’s support and direction, C2A has announced a joint solution with NXP, collaborated with Marvell as a strategic partner, added an additional security control to Vector’s AUTOSAR basic software, joined the AUTOSAR alliance as the first and only Israeli start-up partner, expanded the company’s IP portfolio and completed a $6.5M USD funding round.
An international speaker, Nathaniel has presented at a number of conferences globally including the Consumer Electronics Show (CES), OurCrowd Global Investors Summit, Collision Conference, MOVE Mobility London, EcoMotion Tel Aviv, and Mondial.Tech among others.
For all of his work at C2A Security, Nathaniel draws upon his extensive experience as a team leader and officer of an elite unit in the Israeli Intelligence Corps. He holds a B.Sc. in Electrical and Electronics Engineering and an MBA, both from Tel Aviv University.
Nathaniel can be reached online at [email protected] and at https://www.c2a-sec.com/
