Once hacked, twice shy: How to set the auto supplier Harman learned how to fight cyber carjackers

LAS VEGAS (Reuters) – When researchers at the distance, may be compromised, and a Jeep Cherokee in 2015, it will slow it to a stop in the middle of an AMERICAN highway, is the portal the hackers used an infotainment system supplier Harman International.

Harman, now a division of Samsung Electronics, which has since developed its own cyber security products, and it bought Israel-based cyber security company, TowerSec for $70 million in order to help with the development of production processes, and investigate the third-party supplier of the software.

For the duration of the work to prevent one other breach, and has helped it become a major player in the automotive cyber security, but they are showing the strain of its third party suppliers and for the automakers face in dealing with this new phase of automotive technology.

“At the end of the day, the automotive industry is a highly competitive business with thin margins. If a competitor has to eat the cost in order to win the business, you will have to do the same thing,” said Geoffrey Wood, Harman’s director of cyber security business development manager, who joined the company at the end of 2016.

The car is cyber security market has seen exponential growth. While the total revenue was around $16 million a year in 2017, it is expected to reach $2.3 billion a year by 2025, according to IHS Markit, led by Harman, Garrett Motion, Inc., as well as German suppliers, Continental AG, Robert Bosch [ROBG.UL], and a number of smaller AMERICAN and Israeli companies.

How to protect cars against hacking, it is a complex task for them. Modern vehicles run on 100 million lines of code, it is loaded with hundreds and hundreds of different technologies, and it can hold up to 150 for the electronic control units of different systems.

In contrast, consumer-electronics, cars, be able to continue to use it for a few years, long after the operating system and the add or remove programs will stop being supported by updates that patch vulnerabilities – is a challenge facing the industry is still grappling with.

Automotive cyber security requirements of a number of within the hundreds of pages in just one page, about five years ago, according to interviews with a dozen or so of the automotive cyber security professionals.

Her bid for the 2024 games, vehicles is under development at BMW AG, for example, suppliers are required to ensure that the system of audit the units do not have a direct connection with customers, internet-connected devices, said Michael Gruffke, the head of the security service, the functions of the system in the CAR, what are the sources of the parts of a Harman.

Small car rental providers with thin margins that are often the weakest link in the hacks, said, Rotem Bar, a cyber security professional, until recently the Israeli company CyMotive, who has teamed up with the German car maker, Volkswagen AG, VWOG_p.DE.

However, car manufacturers will usually hand out the test and to ensure the safety and security of the data systems and their sub-contractors, and experts from the industry, he said.

“It’s really a shifting of the burden to suppliers because, the vehicle manufacturer is not in a position to test and make sure everything along the supply chain,” said Dennis Kengo Oka, senior solutions architect at Synopsys Inc., which conducts research in the automotive field of cyber security.

In the car, which is more than 70% of the components in the vehicle are made by outside suppliers. “We should, therefore, expect that our partners will take the responsibility for the implementation of cybersecurity and the appropriate supplies,” the automaker said in a statement.

General Motors said in a statement that the deal “a significant amount of work done in connection with the security and without passing on the cost of the supply chain partners.

Ford Motor Co. and Fiat Chrysler has not responded to requests for comment. Volkswagen and Daimler AG, declined to comment.


Harman saw that a Jeep and hack the experience, if there is a viable business opportunity, the supplier currently sells cyber security software to help automotive manufacturers in the control of the fishing fleets and the over-the-air updates to the software. Analysts at IHS Markit consider Harman one of the best performers in this segment of the market, with about 20 manufacturers using over-the-air services.

Harman does not break out the revenues of the company. However, the company is trying to recover some of the costs through higher prices for more advanced security.

“We have to educate our sales people are in talks with car manufacturers’ purchasing departments, and say, “don’t let this go without the need to add cybersecurity to your quote’,” said Amy Chu, Harman’s senior director of automotive, the security of the product.

Asaf Atzmon, the israeli vice-president and general manager of the automotive cyber security, he said, Harman has come a long way since it came out in March of 2016, as part of the TowerSec deal.

At the time of Harman’s work, only a few security architects, and the company later changed its organizational structure, the appointment of, or the hiring of professionals, such as Wood, and Space) in order to maintain control in the area of cyber-security efforts, Atzmon said.

The changes have helped Harman to consider cyber security issues in every phase of the manufacturing process, creating a check list for engineers that includes the scanning of the software to any third party for any errors, and the increase of Harman’s own cybersecurity defenses and make a risk assessment of the potential vulnerabilities of each component.

Instead of just adding of convenience features, such as Bluetooth, for example, designers will now have to see how it would make such a connection.

A particular challenge has been the securing of vehicles over their entire life cycle, said Chu. Cybersecurity professionals are to be used only for the issuance of a software patch, but the automotive engineers take note that only a small fraction of the vehicles are to receive over-the-air updates.

When the Jeep’s hack, there was the recalls had been issued for the 1.4 million vehicles to fix a software defect, at the dealer. Tesla, Inc. provides over-the-air updates, as well as a standard for safety-critical functions, and is so far the exception to the rule.

“Things are not as easy for us in the auto industry,” said Chu.

Be aware of the many challenges facing the industry over the past few years has been to come together in a rare show of co-operation. Automakers in 2015 and, shortly after, the Jeep’s script, created for a group of people to share the threats and vulnerabilities, and companies are now trying to define industry-wide cybersecurity standards, which, in turn, could have a lower cost for the providers.

Still, the common standards are not expected to be published in the next year. Some of the standards could be watered down to protect small suppliers and ensure they have the resources to comply, he said, Victor Murray, is a group leader at the Southwest Research Institute, which is the testing of cars and components for the cyber security vulnerabilities.

“You want to be careful and not to box someone in because, if the smaller suppliers are being inundated with mandates is that they are out of business,” Murray said.

editing by Edward Tobin

Follow us

Don't be shy, get in touch. We love meeting interesting people and making new friends.

Most popular