Overcoming OEM Uncertainty About Automotive Cybersecurity

May 21, 2019. New technologies and evolving markets can create uncertainty for OEMs and their Tier suppliers. How can cyber security vendors and manufacturers work together to overcome these issues?

The Good, The Bad, and The Ugly

When new technology enters any market place, it can be difficult to convince potential customers of the necessity of new a solution. This is especially true of new solutions designed to overcome previously unknown vulnerabilities, even when customers know they need it.

The good thing about this situation is that everybody involved knows that, and therefore the market starting point is the same – in other words, you have relatively the same status as the competition.

The bad thing about this situation is that with such a level playing field, OEMs and Tier 1 suppliers can often be unsure about which solution best suits their needs. As a result, the industry has ended up in a sort of choice paralysis scenario, which is one of the reasons why the industry has seen a slow adoption of cybersecurity technologies.

Thankfully, one area we don’t need to handle is awareness. Since the famous Jeep Cherokee hack by Miller and Valasek in 2015, the automotive industry has been acutely aware of the safety, financial, and legal risks, and as a result OEMs and Tiers are now actively gathering huge amounts of information about cyber security threats.

Understanding Your Playing Field

Naturally, it’s important to be aware of your market, and you need to keep an eye on the dynamics of the industry. Understanding the relationships and interests of all automotive players is very important.

For instance, in the early days of SheeldS (formerly Arilou), we very quickly realized that introducing a great technological solution to a Tier 1 company was not enough to generate a commitment. This was because requirements for solutions came from the OEMs at the top of the supply chain.

The just-in-time nature of the automotive industry means that margins are tight, and Tier suppliers often cannot justify the cost of developing new solutions and products without an obvious need or clear development request from an OEM.

Offering a modular solution is also important. OEMs usually set specific requirements and any features outside these specifications are considered out of scope. Unnecessary features can increase cost and reduce development and production efficiency. By offering modular and transparent solutions – that can be integrated into the Tier supplier’s systems – Arilou can help them fulfil OEM requirements in the most cost-effective manner possible.

Building Experience and Credibility

Using this strategy, we’re gradually building a wide network of partners to accommodate a wide selection of use cases. As a software IDPS provider, we’re able to integrate with many different technologies, offered by various types of suppliers – from chip manufacturers and operating system providers, all the way to Tier 1 manufacturers of ECUs and IVN gateways. The larger you build your ecosystem, the greater your chances of success.

Of course, to achieve this level of collaboration and integration it’s important to develop strong relationships with suppliers. Building these kinds of relationships is never easy – there’s a lot of trial and error. Experience and credibility are vital components in this process and gaining them are much easier when you can present successful testing by official facilities.

For this purpose, we’ve worked with UMTRI – the University of Michigan Transportation Research Institute – which is the most well-known testing facility for automotive cyber security. In addition this, we have participated in various testing and benchmarking activities with OEMs, which has helped us to build a catalogue of relevant case studies.

Close Customer Relationships

Having an innovative solution, understanding the market, and having credibility within the industry is vitally important to overcoming OEM uncertainty, but none of this matter without a close relationship with your customers.

All automakers have teams that handle cyber security – the majority of whom have important backgrounds in network and electrical engineering – but they often lack specific experience of the cyber security domain and this is where Arilou adds value.

As pioneers of in-vehicle cyber security, we deliver more than just innovative technology. We leverage our extensive experience to provide in-depth, expert security consulting to our customers and partners.

**SheeldS, previously known as Arilou