‘Connectivity’ is a big thing in the auto industry these days and will continue to grow in importance in coming years. Where connectivity before was confined to having smartphones interface with the infotainment systems in the car, the next phase will see vehicles ‘talking’ to other vehicles as well as being controlled in some aspects by various systems not within the car itself.
Above all, progress in automated driving will drive growth in the connectivity of vehicles. This will result in new interfaces to the transportation infrastructure via Car2X and to other vehicles via Car2Car. The connected car of the future is expected to interact autonomously with numerous data networks operated by other services and providers. The complex network of control units in the vehicle and communication with the cloud both increase the risk that unauthorised parties could gain access to the car or the infrastructure connected to it.
“With growing connectivity, today’s technical approaches are no longer adequate for the digital vehicle. Extending our own know-how and collaborating more intensively with international experts therefore represent an important step in satisfying the expectations of our customers where data security is concerned,” said Ralf Milke, Head of the Electrics and Electronics Development, Body Electronics and Vehicle Electrical Systems Department at Volkswagen.
“Cybersecurity is more than just technical safeguarding of the infrastructure and systems. It also involves IT security processes, information security risk management, classification of information and more. However, to address the issue of cybersecurity effectively, we also need a new perspective – and indeed that of a hacker,” added his colleague, Beate Hofer who is Head of Information Security at the Volkswagen Group.
Drawing on expertise from the cybersecurity industry, Volkswagen established a business in 2016 to develop advanced solutions in the field for the next generation of networked automobiles and mobile services. This is CYMOTIVE Technologies which, together with Volkswagen, will be further optimising the data security of vehicles and their control units.
CYMOTIVE’s work is obviously not explained in detail to the public but it assesses and tests software as well as hardware, looking for any security gaps in the hardware and in the data interfaces between the processors. Hackers might analyse which data is exchanged between the small chip sets and then attack this weak link.
To understand how hackers could operate and infiltrate a system or network, CYMOTIVE has a ‘Red Team’ which is the ‘offensive department’. Its mission is to try to infiltrate hardware and often mimics those of engineering development, but in reverse, so to speak. Based on knowledge of a component’s structure, the Red Team attempts to access other data. Then it is just a matter of the bits and bytes – the software. The specialists look for weaknesses and potentials for manipulation. Have the developers barred all the digital doors? The young employees are highly motivated. If they discover possibilities for manipulation, then they have won.
When a weakness is discovered, then the ‘Blue Team’ – the defensive department of CYMOTIVE – will start its work of shutting the open ‘digital door’ in the system. The objective is to have the findings flow back into a component’s development and secure a weak point.
But this is not all, the Blue Team also serves as the R&D centre for security solutions for the connected car and its eco system. The team works together with Volkswagen’s development teams to embed state-of-the-art security solutions into the carmaker’s future platforms. With concurrent development and continuous improvement, there will be an increasingly higher level of security. Positioned as it is, CYMOTIVE is another important part of the development process of future vehicles which will be like ‘smartphones on wheels’.