What’s new: NXP is the first semiconductor supplier to be certified by TÜV SÜD to comply with the latest automotive cybersecurity standard ISO/SAE 21434.  The new automotive cybersecurity standard aims to provide connected vehicles with robust protection from malicious cyberattacks. The standard requires OEMs and their supply chains to apply a security-by-design approach to their components, servers, and processes to reduce the risk of being vulnerable to attacks at any point in the vehicle lifetime, from the initial concept and design phases to end of life.

Why it matters: From July 2022 onward, vehicle manufacturers (automotive OEMs) must comply with the R155 automotive cybersecurity regulation for new vehicle type launches in Europe, Japan and Korea, which represents over a third of global vehicle production. Other regions are expected to follow.

The standard ISO/SAE 21434 supports the implementation of the R155 requirements in organizations across the supply chain. NXP’s ISO/SAE 21434 certification helps enable OEMs to meet requirements of the R155 regulation.

More details: Connected vehicles will inevitably communicate with outside entities, from other vehicles, to smart city infrastructure and to the cloud. If left unsecured, the vehicle electronics systems could be compromised by attackers. Robust security measures are essential to prevent attacks and protect the vehicle, its systems, and the back-end networks that serve them from cyberattacks.

NXP leverages its long-standing expertise in security to address the needs of the auto industry. The existing policies and processes of NXP have been refined and extended to fully meet the requirements of the new standard ISO/SAE 21434. The assessment and certification was conducted by TÜV SÜD, a trusted partner of choice for safety, security and sustainability solutions. TÜV SÜD audited NXP’s organization, its policies and processes for compliance with new standard ISO/SAE 21434.

vSentry Edge AI is an embedded and real-time network IDPS designed for central and zonal gateways. It combines a highly configurable deterministic and rule-based firewall with machine learning and deep learning technology. vSentry Edge AI monitors the CAN and Ethernet communications from multiple domains and performs deep packet inspection and payload analysis. The AI solution uses unsupervised learning with minimal burden on the OEM.

The Alliance is working on four major areas of innovation in order to develop the mobility of the future: electrification, connected vehicles and services, autonomous driving, and new mobility services. As part of this effort, one of the main focus of the Alliance Innovation Lab Tel Aviv is cybersecurity. 

Today, most of the risk assessment in the automotive industry is conducted manually or using tools on a single component level. This methodology can’t scale and only provides partial information. An entire vehicle is a very complex system composed of over a hundred connected components, with a complex interconnection.

This strategic cooperation will focus on vehicle-level risk assessment, taking into account the architecture of the vehicle model and the automated assessment of a vehicle’s complex mesh of software and hardware.

Upstream offers specialized cloud-based data services for connected cars, including cybersecurity, quality enhancement, and data monetization opportunities. Salesforce offers its leading CRM platform to automotive OEMs, dealers, suppliers, and mobility services. The partnership between the two companies will bring real-time end-to-end data-driven solutions to the automotive sector.

As the automotive industry becomes a smart mobility ecosystem with connectivity at its root, new tools are needed. Utilizing connected car data such as telematics, OTA (over the air updates) and mobility applications opens extensive opportunities for automotive OEMs, dealers, suppliers, and value-added mobility services. A growing number of the world’s largest vehicle OEMs and mobility providers already rely on Upstream’s platform to transform their automotive data into a comprehensive cybersecurity solution utilizing vehicle digital twins and insights.

This new partnership with Salesforce Ventures will enable the digital transformation of smart mobility players by producing an end-to-end automotive data service, beyond cyber capabilities, that will allow additional players in the automotive ecosystem to both understand the connected car data and enact real-time actions based on the insights found within that data.

Upstream C4 is one of the first cloud-based automotive cybersecurity platforms to offer in-depth integration with Azure Sentinel. Through this integration, contextually rich and automotive fluent alerts from Upstream C4 can be used to automate responses based on an OEM vehicle manufacturer’s or connected fleet’s unique security policies. Security analysts within vehicle operations centers (VSOCs) can use the integrated solution to develop and enforce customized playbooks as well as perform domain specific threat hunting activities using Upstream’s automotive data platform. Customers will also benefit from integrative dashboards and reports within Azure Sentinel for unified access to real-time threat analysis and contextually rich mobility focused investigation timelines.

As more vehicles are connected to the network, they are increasingly prone to the growing risk of cyber-attacks. International and domestic committees such as UNECE/WP.29 (The UNECE World Forum for Harmonization of Vehicle Regulations)  have already started discussing regulation and standardization of cyber security for connected vehicles. Car manufacturers and fleet operators need to address and protect against vehicle data loss and unlawful vehicle application control, while developing solutions for security operations.

Upstream C4 is a cloud-based automotive cybersecurity solution that leverages AutoThreat Intelligence, the industry’s first automotive threat feed. Driven by data, the solution protects connected vehicles and smart mobility services against cybersecurity threats. By integrating such solution with Fujitsu’s ICT-SOC (ICT- Security Operation Center) solution and big data processing technology, the two companies will develop a comprehensive connected vehicle security solution that can detect the threats not only in vehicle side but also in center side. The solution will be gradually rolled out during 2020 for car manufacturers and other mobility companies in Japan, North America and Europe.

Upstream Security is a Tel Aviv-based start-up company which provides cybersecurity solutions designed specifically to protect connected vehicles from cyber threats or misuse while stationary and in motion.

The investment is a direct result of the Volvo Group’s partnership with DRIVE, the leading innovation centre that focuses on disruptive start-ups in the Israeli mobility sector.

Market research shows that there will be substantial growth in the market for cybersecurity solutions for connected vehicles in the coming years.

The inclusion of these four companies increases the strength of the Auto-ISAC’s position as the voice of the global auto cybersecurity information sharing community as it works to prevent cyber threats to the connected vehicle.

The Auto-ISAC was formed by automakers in 2015 to promote collaboration between suppliers, commercial vehicle companies and automobile manufacturers around vehicle cybersecurity issues. Additionally, the Auto-ISAC has a strategic partner program that brings great value to our membership collaborating with innovators who support learning and sharing tools and techniques in managing the emerging complexity of automotive cybersecurity.

The Auto-ISAC operates as a central hub to share and analyze intelligence about emerging cybersecurity risks. The focus of the Auto-ISAC is to foster global collaboration for mitigating the risks of a cyber-attack and to create a safe, efficient, secure and resilient global connected vehicle ecosystem.

The project is based on UltraSoC’s unique embedded analytics technology, which allows technology companies to design self-monitoring capabilities into the microchips that power their products. Machine Learning (ML) experts from the University of Southampton will work alongside UltraSoC engineers to develop algorithms and code to intelligently identify security and safety issues, while the Institute of Future Transport at Coventry University will develop a testbed demonstrator representing a full-scale automotive functional architecture to prove the resulting solutions. Finally, Copper Horse will model cybersecurity scenarios and test the robustness of the project’s output.

UltraSoC’s embedded analytics deploy dedicated hardware to identify security problems such as hacking far more quickly and reliably than traditional software techniques. The complexity of connected and autonomous automotive systems and their critical safety implications create a compelling need for such capabilities.

Innovate UK is part of UK Research and Innovation, a non-departmental public body funded by a grant-in-aid from the UK government. With a strong business focus, its aim is to drive productivity and economic growth by fostering new ideas and innovations. Since 2007, it has invested around £2.5bn to help businesses across the UK to innovate, with match funding from industrial partners taking the total value of projects to over £4.3bn.

The funding will be allocated to expand GuardKnox’s R&D team in order to meet the growing needs of its customers. The company will also distribute funding to support its global expansion, opening subsidiaries in strategic locations. These initiatives will enable GuardKnox to achieve its aim of eliminating risks of cyber security threats from connected and autonomous vehicles worldwide through its innovative next-level solutions.

GuardKnox pioneered the approach of using a deterministic model of cybersecurity protection, a zero-trust method allowing no margin for unexpected communication by passing all messages entering vehicles’ networks through routing, content and contextual layers. Messages received by the GuardKnox system that are not precisely designated as acceptable are immediately rejected.

The technology powers an electronic system, capable of managing up to 4.5 terabytes of data processing power per hour, a fivefold increase in capability over GM’s current electrical architecture. The new architecture also provides more rapid communications within the vehicle itself and to outside sources thanks to Ethernet connections of 100Mbs, 1Gpbs and 10Gbps.

The system’s DNA includes additional protective features at the hardware and software levels that reflect the company’s foresight in this regard.

Debuting on the recently-unveiled 2020 Cadillac CT5 sedan, the electronic platform will go into production later this year and should be rolled out to most vehicles within GM’s global lineup by 2023.

With the new “ZF AI & Cybersecurity Center,” ZF is now expanding its activities in the area of AI research in order to coordinate and control the company’s AI activities from here in the future.

The group expands company-wide AI activities in Saarbrücken and becomes shareholder of the German Research Center for Artificial Intelligence (DFKI) and forms Strategic partnership with Helmholtz Center for Information Security (CISPA).

ZF is thus expanding its international research and development network, which consists of internal and external AI experts. For example, ZF also has access to AI expertise and specialized development resources through existing partnerships with NVIDIA, Microsoft, Intel Mobileye and its participation in development service provider ASAP.

The three layers of the connected car ecosystem vulnerable to attack are — the vehicle layer (telematics, communications module, infotainment system, key), the network layer (cellular network, satellite communications, grid infrastructure) and the application layer (telematic service providers, public and private clouds, data intermediaries).

BlackRidge’s patented First Packet Authentication technology authenticates identity and enforces security policy on the first packet of a network session, before a connection is established. It is applicable across the entire ecosystem and can be embedded as the infrastructure for connected cars is built. The technology can block or redirect network traffic, control access, and enable network microsegmentation and segregation.

C2A has developed a unique suite of solutions that protect the car’s internal systems against cyberattacks, ensuring passenger’s safety. Using a bespoke suite of solutions that communicate with one another, C2A is able to detect and mitigate any type of attack, ranging from autonomous systems hacks to chip-level vulnerabilities.

C2A has already integrated a production-ready suite of solutions to leading manufacturers worldwide and plans to utilize the new funding to grow its R&D team and support its rapidly growing customer base.

Some key findings from the survey highlight:

• Lack of cybersecurity skills and resources: More than half of respondents say their organization doesn’t allocate enough budget and human capital to cybersecurity, while 62 percent say they don’t possess the necessary cybersecurity skills in product development.
• Proactive cybersecurity testing is not a priority: Less than half of organizations test their products for security vulnerabilities. Meanwhile, 71 percent believe that pressure to meet product deadlines is the primary factor leading to security vulnerabilities.
• Developers need cybersecurity training: Only 33 percent of respondents reported that their organizations educate developers on secure coding methods. Additionally, 60 percent say a lack of understanding or training on secure coding practices is a primary factor that leads to vulnerabilities.
• Cybersecurity risk throughout the supply chain: 73 percent of respondents expressed concern about the cybersecurity of automotive technologies supplied by third parties. Meanwhile, only 44 percent say their organization imposes cybersecurity requirements for products provided by upstream suppliers.

AVT in Singapore is slated to be Desay SV’s sole global upstream R&D Centre to develop and prototype new technologies for fully autonomous L4 and 5 vehicles. These new technologies will be adapted and incorporated at Desay SV’s headquarters in Huizhou, Guangdong, China into new commercial products with current L2 chip-controlled autonomy to L4 vehicle autonomy.

AD in Singapore will seek and develop next-generation technologies to augment Desay SV’s in-vehicle products, as well as become Desay SV’s only AD team globally to focus on three competencies: cyber-physical system security (CSS), in-vehicle network (IVN) and wireless multimedia communications (WMC).

Desay SV intends to develop manpower and capabilities in Singapore relating to AVT and automotive cybersecurity by hiring and training up to 46 local Research Scientists & Engineers for its AVT and AD teams, and forming collaborative alliances with local research organisations such as its recent research partnership with Nanyang Technological University, Singapore.

vXRay uses advanced, unsupervised machine learning paradigms in a fully autonomous process to establish the normal behavior of the vehicle without dependencies or previous knowledge of ECU properties and protocols. Once the behavioral baseline is established, the machine learning models can accurately detect, categorize and flag any abnormal behavior and report it to the connected vehicles’ SOC for further analysis.

SafeRide will demonstrate its vXRay technology at CES 2019.

ZeroDayGuard is Dellfer’s IoT cybersecurity solution that prevents zero-day cyberattacks on IoT devices through built-in code execution protection. It is enabled with one operation in the development of IoT device code, and subsequently can instantaneously detect root cause hacks and cyberattacks remotely in the cloud. Dellfer’s solution approach does not use signatures or machine learning to thwart attacks, but an inside out rapid instrumentation to increase immediate precision and virtually eliminate the false positive problem that plagues many cybersecurity solutions.

Dellfer and DENSO to demonstrate ZeroDayGuard at CES 2019.

Recent investment areas for DENSO include:

• Autonomous Drive: DENSO invested additional dollars into Ridecell’s Series B funding round for the development of shared mobility. Its partnership with ThinCI is enhancing deep learning capabilities required for autonomous vehicles.
• Cybersecurity: DENSO led Dellfer’s initial funding round to help the company develop cybersecurity safeguards for connected and autonomous vehicles.
• Electrification: An investment in FLOSFIA is focused on a semiconductor device expected to reduce the energy loss, cost, size and weight of inverters used in electrified vehicles.
• Sensing: Along with a handful of other strategic investors, DENSO invested in Metawave Corporation to accelerate the development and improve performance of in-vehicle, “smart” radar sensors for autonomous cars.