Security Innovation Launches Automotive Centers of Excellence

Share Article

The Expertise to Provide Services and Share Cyber-security Research for Connected Cars

News Image
The connected automobile represents a natural extension of our historical expertise and why we have invested in the Automotive Centers of Excellence”, said Pete Samson, VP of the Security innovation Embedded Business Unit.

Security Innovation, an authority in automotive and software security, announced today that it has established Automotive Centers of Excellence (ACE) Laboratories in Seattle and Boston. ACE Labs will provide our customers with valuable insight into threat and attack profiles in their automobiles. Security Innovation’s Automotive Centers of Excellence have been created to help our automotive customers adopt best-in-breed security practices from other industries to move them along the maturity curve as quickly as possible.

Most new cars have multiple connections to external and nomadic devices and services – Bluetooth, near-field communications (NFC), Internet services, on-board diagnostics, etc. This new functionality has highlighted the stark reality that automobiles are vulnerable to attacks and connected vehicle technology is now susceptible to malicious exploits that were inconceivable when cars were originally designed. Unlike other platforms such as web, cloud, and mobile, there has been relatively little research conducted on automotive security.

Security Innovation’s Automotive Centers of Excellence have been created to help organizations in the automotive supply chain create and maintain secure software, which now constitutes a massive footprint in today’s cars. For many years, the engineers within the Boston ACE Lab have specialized in securing Vehicle to Vehicle (V2V) communications, trusted platform design and advanced cryptographic solutions. The Seattle Lab, drawing upon their extensive background in application and embedded system security, will focus primarily on penetration testing, reverse engineering, vulnerability analysis and a myriad of other services that evolved from the traditional information technology world.

Automobile manufacturers are increasingly eliminating mechanical links between the driver and the control systems in the car, leveraging software to control critical automobile functionality such as braking and steering. As a mobile computing platform, the modern automobile represents many unique security challenges that must be urgently addressed. The software operating a new car often has a hundred million lines of code – more than a modern fighter jet, jumbo airliner, or operating systems - spread among 100 or more processors, making the threat surface and number of potential vulnerabilities vast.

The automotive industry has come under scrutiny recently for security. A recent report published by US Senator Markey suggests that virtually all new connected cars have IT security issues, including some that are very dangerous. The report came on the heels of a CBS News 60 Minutes story detailing a remote hack by DARPA on a 2014 model year car and recently published research of hacks on Progressive’s Snapshot and ZUBIE on-board diagnostic devices.

The ACE Labs will specifically address three of the five specific recommendations made to NHTSA by Senator Markey. Namely:

  •     Ensure that vehicles with wireless access points and data-collecting features are protected against hacking events and security beaches
  •     Validate security systems using penetration testing
  •     Include measures to respond real-time to hacking events

Automakers understand the cyber threats and are starting to treat them with the necessary respect and urgency; however, the rapid evolution of information technology and its integration into vehicles makes it challenging to keep up and they need help from the security industry to identify damaging attack vectors and comprise counter-measures. Security Innovation has over 12 years of security consulting and research experience aimed at understanding the risks inherent in any connected software system. The company’s combination of expertise in embedded systems and software security provide an ideal skill set for producing valuable research in this market.

“The connected automobile represents a natural extension of our historical expertise and why we have invested in the Automotive Centers of Excellence,” said Pete Samson, VP of the Security innovation Embedded Business Unit. “We are fortunate to have world-renowned V2X (vehicle to everything) consultants as well as software security thought leaders with expertise in encryption, trusted platforms, security testing and the design of robust, secure and private software platforms.”

Frost & Sullivan interviewed SI’s Pete Samson in last month’s Movers and Shakers series. “Our research study Cybersecurity in the Automotive Industry identifies cybersecurity as today’s most urgent challenge for the automotive industry,” says Praveen Narayanan, Automotive and Transportation Research Manager at Frost & Sullivan. “SI's ACE Labs are well positioned to deliver research and best practices that automobile makers and suppliers can apply to make cars as secure as possible.”

“The past year has brought software security issues to the mainstream and the sanctity of the connected car is on the cusp of being compromised," said Rod Cope, CTO, Rogue Wave Software. "The good thing is that the experiences of Rogue Wave Software and Security Innovation's ACE Labs in automotive, combined with proven techniques and standards from other industries can bring strong security protection and privacy to in-vehicle software.”

About Security Innovation
A software security pioneer since 2002, Security Innovation is dedicated to protecting sensitive data in the world’s most challenging environments – whether on embedded systems, desktops, web applications, mobile devices, or in the cloud. Recognizing that software applications no longer exist in isolation, our clients are better prepared to anticipate, navigate and reduce software security risk regardless of technology or system complexity. There are more than a million licenses of Security Innovation’s eLearning products in use today and our embedded security products ship on tens of millions of systems each year. The company is privately held and is headquartered in Wilmington, MA USA. Visit the company at http://www.securityinnovation.com or follow on Twitter @SecInnovation.

About ACE Labs
Security Innovation’s Automotive Centers of Excellence build upon the company’s embedded and Vehicle-to-Vehicle communications expertise. They are research and development labs that combine the skills of systems engineers from Security Innovation’s ESBU (embedded systems business unit) and its world-class software security engineers who have been the cornerstone of the company since its inception in 2002. They are dedicated to advancing research on cyber-security challenges in the automotive supply chain and sharing the results to improve car safety car safety and anti-tamper capabilities. Our ACE security experts deliver solutions that identify threats and risks, harden communication schemes, uncover critical software vulnerabilities, and improve the process by which software is built.

Share article on social media or email:

View article via:

Pdf Print

Contact Author

Maureen Robinson
Visit website