Harman International is a leading original equipment manufacturer (OEM), supplying infotainment and other components to many of the world’s major vehicle manufacturers. The company’s in-house online magazine recently carried out a Q&A with their VP and General Manager of Automotive Cybersecurity, Asaf Atzmon, to discuss the state of cybersecurity in the car industry.
Q. What are some interesting developments that took place in the automotive cybersecurity space in 2019? Did any events or trends surprise you?
Asaf Atzmon: In 2019, the automotive industry experienced a lot of trends and developments that were similar to those seen in previous years, including process and policy definition, security by design and hardening. From a business perspective, our team saw an increased appetite among automotive OEMs for services around consulting and guidance.
Specifically, China was aggressively pushing to catch up and close the necessary gaps needed to become an active market for automotive cybersecurity. I call that the ‘first wave of automotive cybersecurity’ and it was driven mostly by OEM programme management teams and product security professionals, along with those from quality, policy and governance departments.
Now we are seeing initial signs of a ‘second wave’ that is being driven by different stakeholders, primarily the CIO/CISO, IT department, and connected vehicle and mobility initiatives. These key stakeholders are more concerned with risk management, visibility and analytics, which is why we believe there is a possibility for the second wave to be manifold bigger than the first wave.
Q. Thinking ahead to 2020 and beyond, what do you anticipate as some major trends or issues that enterprises like Harman may be focused on in coming years?
A.A.: I expect great interest from the CIO/CISO community for this second wave of automotive cybersecurity. This will be a result of some underlying challenges we’re seeing the industry face right now. For starters, OEMs are expanding their capabilities into the digital and mobility space in a way that is competitive with the likes of an early adopter like Tesla. To get there quickly, automakers are embracing quicker development practices and expanding the perimeter of their solutions beyond the vehicle, into areas like cloud infrastructure, user mobile applications and more.
Improved connectivity naturally demands an increase in security. Development processes being undertaken today are likely to have more vulnerabilities, misconfigurations, and implementing gaps and features that need to be continuously developed and verified. An increased perimeter of vehicular digital technologies offers up a bigger attack surface, incorporating more open and common software and cloud settings, which are all targets for attackers. There is now also a greater need to face a larger suite of compliance, regulatory, and audit requirements, as a result of developments like privacy and GDPR, electrification, and self-driving solutions.
Ultimately, we think this will push the trend of the ‘automotive SOC’ (Security Operations Center), a central command and control setup that will monitor fleets, assess the security posture of the systems involved, which is also capable of addressing and managing risks and incidents. A 2019 report by IHS Markit stated that cloud-based subscription revenue for SOC will grow to $1.64 billion by 2025. Additionally, new vehicles using SOC services will jump from 3.7 million in 2019 to 50.7 million in 2025.
Q. Getting more specifically focused on our own products and solutions, we’ve been offering Harman Shield to customers and partners. What are some unique features that make our offering the most comprehensive solution available?
A.A.: Harman Shield is a robust offering for risk management. Its value proposition is to allow OEMs and mobility service providers to drive their digital expansion and mobility agenda while managing their risks in a way that does not hinder their growth.
As a solution it provides visibility, analytics and response with means for identifying vulnerabilities, understanding risks, detecting anomalous or malicious behavior, all while investigating and remediating to sustain an adequate level of risk. The solution also applies multi-disciplinary skills, which are marrying the proven practices of the IT SOC with the domain expertise needed to understand automotive cyber security. Our platform also applies advanced machine learning technology for detection and is built upon the Harman Ignite data platform for scalable data collection, transformation, processing and storage.
Take a look at the rest of this fascinating interview via the link.