3 Questions OEMs Should Ask About Automotive Cyber Security

Trust and reliability in a cyber security solution are vital. What questions should OEMs be asking when assessing a solution? Ayal Lichtblau, VP of Sales at Arilou, answers the 3 most common questions.

Cyber Security is a young technology in the automotive industry and both the reliability of the solution and trust in the vendor are at the heart of OEM decision making. Ayal Lichtblau, Cerrado's VP of Sales, walks us through the key questions OEMs ask when considering a cyber security solution.

Dropping the Can We Test and Evaluate Your Cyber Security Solution?

Testing and evaluation is a very common practice in the automotive industry. This step is a valuable opportunity to build trust and confidence in the cyber security technology and to establish whether a relationship would work long term for both the OEM and the supplier.

Partnerships between OEMs, Tier suppliers and other vendors can last many years. Traditionally OEM support for software in a vehicle might last only for the length of a warranty, but with cyber security, a solution would be in place and need to be supported, for the full lifetime of the vehicle. Currently, this can be anywhere up to 15 years.

As a new technology, cyber security is being approached with caution. The automotive industry is naturally conservative and the need for a testing period reflects that. To overcome OEM doubts it’s important that evaluation is embedded within the sales process.

Supporting customers with our expertise and offering a holistic process is important as this provides both additional assurances, and helps to improve each parties understanding of how a cyber security solution will impact a specific in-vehicle network design, strengthening the cyber protection for the vehicle in question.

Watch the Video to Find Out More About Cyber Security KPIs:

Are You Compliant with Automotive Standards?

Compliance with automotive standards is vital and this question is one of the first asked, long before evaluation takes place. Safety is a critical factor in automotive design and to be seriously considered by an OEM there are many different standards with which an automotive cyber security vendor must comply.

These standards include AUTOSAR (both classic and adaptive), which provides a software development methodology. ISO26262 which determines functional safety for road vehicles. ISO21434 which is a standard for cyber security engineering, and many others such as MISRA-C and A-SPICE which provide development and process frameworks.

In addition to software compliance, there is also the need for hardware solutions to go through rigorous environmental testing, to make sure the product performs well for all automotive use cases, such as extremes of temperatures or prolonged use.

By making sure that solutions comply to these standards and tests, and by being open – sharing such information with customers – it is possible to head off a lot of objections and create a shared understanding of what to expect from the start.

Has Your Solution Been Officially Tested by a Certified Facility?

For such a young technology, this question – swiftly followed by “or have you been awarded by a known manufacturer” – is common. Those who are serious about evaluating a cyber security solution will ask to see evidence of previous partnerships, and if possible any available documentation, including testing reports.

It’s important to be able to provide the customer with reasonable assurances to support their decisions. Nobody wants to be a guinea pig for new technologies, and a certain level of quality must be proven. Having a solution tested by other OEMs, Tiers, or a reputable research institute such as UMTRI can go a long way to proving reliability and generating trust.

Cooperation is key, and an open, collaborative discussion is valuable because both participants benefit: The vendor from a greater understanding of the market; and the customer from access to knowledge which can help them to grasp the possibilities of the technology (and enable them to finetune their requirements).

Trust and Reliability

The questions discussed above are the beginning of a conversation and are asked long before any commercial terms are discussed. It’s clear that the key element for any customer is that they can trust the vendor to deliver a reliable security solution. Taking the lead, sharing expertise and helping the customer establish their true requirements is the first step in this process.

Trust is at the core of all decision making and an open dialogue is important for creating the kind of long-term relationship that is needed to develop that trust and prove reliability. A commitment to providing assurance and an understanding of the safety critical nature of the automotive industry can help to manage expectations, on both sides.

Cyber security represents a key area of responsibility for OEMs and they must get it right the first time. They must do this in a period of limited legislative guidance, using continually evolving industry best practice.

Cyber security expertise and strategic guidance from someone they trust, and who can demonstrate reliability, is a must. If left unprotected, future attacks on connected vehicles could represent a real risk of human causalities – a risk which automotive manufacturers are not willing to take.

**Cerrado, previously known as Arilou