The automotive security market is at a clear inflection point—safety issues are forcing the industry to move from effectively no security to robust security implementations almost instantaneously. Many powerful market drivers and fast changing dynamics are putting security into the driver seat, especially when the driver isn’t a human.
When any embedded system, especially a vehicle, becomes connected, the first thought should be “how secure is it?” For connected vehicles, until recently, security has been an afterthought at best. That fortunately is changing, which is important because vehicles are becoming largely defined by software as they evolve toward connected autonomous drive.
As entrepreneur and software engineer Marc Andreessen famously said, “Software is eating the world.” If that is true, the next course will be served on wheels. It should be clear to any observer by now that software is already becoming the basis of automotive competition for automakers. Statistics show that software will become the main driver of an automaker’s profitability.
Autonomous driving, connectivity, and other initiatives are making automotive software highly complex with more lines of code than a sophisticated fly-by-wire jet fighter. Connectivity and large code size make vehicles more vulnerable to hacking, raising safety issues. In fact, the industry was given some high profile wakeup calls over the last few years.
Hacks of automotive buses and electronic control units (ECUs), most notably by Dr. Charlie Miller and Chris Valasek of the Jeep, undeniably illustrate that robust cryptographic security is needed, and quickly. That’s due to the simple calculus in the increasingly software-based connected vehicle (and smart highway infrastructure)—without robust cryptographic security, there cannot be safety (Fig. 1). Security will become the table stakes for any new automotive design, right down to the specific processors. Security must become endemic to automotive systems and subsystems just like DNA is to an organism.