The digitization of the automotive sector can only succeed with comprehensive cybersecurity, a priority aspect for next-generation connected vehicles.
The car of the future will be 100% electric and fully connected, thus providing a fully integrated digital experience in our daily lives. CARIAD is working on this transformation, which requires high-quality connectivity and data exchange, as well as the vehicle's ability to exchange information - at any time and from anywhere -with other players in the digital ecosystem in which it will be embedded.
These are the requirements for using a wide range of digital services: from navigation, to automatic payments for charging, to more complex Car2X communication. In all of this, the top priority is cybersecurity, which means cyber, data and IT security. CARIAD approaches security in a holistic way, considering both the individual solutions and the ecosystem in which they are integrated.
Markus Brändle, Head of Information and Automotive Security
From car thieves to hackers
Markus Brändle, Head of Information and Automotive Security, and his team ensure that all solutions developed by CARIAD contribute to a pleasant and comfortable driving experience but also, and most importantly, a safe one. Brändle has more than 15 years of experience in the security industry and, prior to joining CARIAD, was Head of CyberSecurity at Airbus.
"If we want to succeed in the transformation of the automotive industry through digitization, we must address security from beginning to end", Brändle explains. The car burglars of yesteryear have evolved into hackers and are always looking for new ways to gain access through the vehicle's software, or alternatively through software that interacts from the outside with the vehicle itself. These are all possibilities that need to be considered and neutralized in advance.
But how is the automotive industry different from all others when it comes to cybersecurity? The main difference is the time factor: today companies react much faster to hacker attacks, whereas in the past it would take an average of 200 days before they became aware of an intrusion into their internal systems. Today it only takes 11, but for the automotive industry and its products this is not quick enough, because, in the worst case scenario, threats can also directly affect users' security.
When it comes to deal with a hacker attack or security breach, speed of response is critical. Assuming that it is impossible to create a perfect system, CARIAD is working to be able to react as quickly as possible to any problems by implementing appropriate technologies and strategies, and to set a standard for the entire industry.
A team effort
The team of specialists led by Brändle is working with its partners to develop a monitoring capability that can examine its entire IT landscape, so not only the IT of the car but also the digital ecosystem in which it is integrated.
The solution the Brändle team is developing is building a defensive back-end within the company to detect, analyze, and respond to incidents as quickly and effectively as possible, both for the vehicles and for the company's internal IT infrastructure.
Brändle emphasizes that security is not about a single department: "The strength of security is measured by its weakest link, so it is a topic that involves and requires everyone's contribution". Jan Lange, an analyst of CARIAD's Security Operations team, feels the same way: "Secure products greatly reduce the risk of something bad happening to our infrastructure, to the products themselves, and, most importantly, to our users. Security is an ongoing process in which we are constantly committed". And one that has exciting implications: "Understanding what has happened on a compromised system means solving a very, very complex puzzle".
"Do your part"
For CARIAD, it is important to raise awareness about this topic among everyone in the company. That's why, for the second time, a month dedicated to automotive safety has been promoted in the company, under the motto "Do Your Part - Be Security Smart." The aim is to explore the various facets of security and make them tangible.
In this context, Brändle, his team and other security experts will explain why it can be a good idea to hack a car to improve its security. Automotive Security Month will stimulate employees' curiosity and provide an opportunity to explore other topics, for example, the relationship between mobile working and security in the automotive sector or the possibilities of strengthening the security of a code already when writing it.
VGI | Responsible OU: VP | Creation date: article date | Class 9.1