Movers & Shakers Interview with Pete Samson - General Manager of Security Innovation

Published: 20 Jan 2015

Doug Gilman, a senior connected vehicle analyst at Frost & Sullivan, had the pleasure of engaging in a free-wheeling interview with Pete Samson, general manager of Security Innovation's embedded security business unit. Doug and Pete spent just over an hour discussing Security Innovation's upcoming ambitions and outlook on the growing trend of cybersecurity, and the necessity of cyber-securing the car. The interview covers subjects ranging from hacking into the car to vehicle automation. Pete offers a fresh perspective on protecting the vehicle from hackers and what Security Innovation believes the future holds.

Peter Samson is an information technology (IT) veteran with over 40 years of experience helping organizations match emerging technology to their business needs. He leads a team that specializes in security solutions and services for the automotive industry. Pete's international background includes senior management positions with both Microsoft and Unisys Corporation.

Frost & Sullivan: Pete, thanks so much for taking the time to talk to Frost & Sullivan today. We do truly appreciate the opportunity to speak with an industry leader such as Security Innovation.

Security Innovation: It's my pleasure, Doug. I respect Frost & Sullivan's market influence and am grateful for this chance to share our thoughts on automotive cybersecurity.

Frost & Sullivan: Excellent! Well, let's just jump right into things. First off, what do you think the current state of the automotive industry is with respect to security?

Security Innovation: There is a growing realization of the need to address the cybersecurity and information privacy challenges. New functionality, like connected cars, has highlighted the stark reality that most automobiles were not built to be a secure environment, even though the modern automobile is—from a computational perspective—more complex than a fighter jet. With over 100 million lines of code spread among 100 or more processors, the threat surface and number of potential vulnerabilities are huge. In some ways, the challenges parallel those we have seen in IT over the past 15 years. But as a mobile computing platform, the car represents many unique security challenges that must be urgently addressed.

Frost & Sullivan: Great! Now, as a company with direct exposure to the concept of cybersecurity, do you believe the industry as a whole is giving this idea the respect it deserves?

Security Innovation: Although the automakers understand the concept, the vast majority of consumers do not appreciate the risks inherent in a hacker gaining control of the car from inside—or even the outside—of the vehicle. Security Innovation has over 12 years of security consulting experience and understands the risks inherent in any connected system, so we are very encouraged that the automotive industry is treating cyber threats with the respect they deserve. Our core message, regardless of the platform or technology, is that security has to be an inherent design objective and be treated by development teams as seriously as functionality, performance, and reliability. The earlier in the software life cycle that security is built into a system or network of systems, the more cost effective and hacker-proof it becomes. However, reality and human nature being what they are, we spend as much time helping secure and remediate older systems as we do helping prevent vulnerabilities being engineered into the system.

Frost & Sullivan: Currently, where do you see the industry's readiness to adapt to the threat of cybersecurity?

Security Innovation: The industry is faced with a real challenge, with no easy answers. Much of the technology embedded in cars over the past 10 years is now potentially susceptible to malicious exploits that were inconceivable when the cars were designed. Connected vehicle technology now exposes these insecure systems to real threats. The electronic control units (ECUs), transmission control units (TCUs), and other critical on-board functionality are more and more vulnerable to rogue data and instructions that could affect safety, whether these attacks are injected over the Internet, via Bluetooth, through near field communications (NFC), or directly through the on-board diagnostics (OBD) port. And that is by no means an exhaustive list. Unfortunately, the counter-measures are difficult to implement because of the obvious differences between a car and a traditional networked computer. For example, the life expectation of a car is about 12 years versus a personal computing device, which is replaced more frequently. Because of this and other reasons it is either impractical or impossible to retrofit a secure computing environment into most vehicles; plus, how can one safely update automotive software without requiring a trip to the dealer? The over-the-air (OTA) software update industry is new and itself fraught with security challenges. Nevertheless, we expect to witness an industry awareness and maturity process that parallels that of the PC industry, but hopefully with a faster maturity cycle.

This cycle has three phases: The first is typically a panic and a scramble for quick fixes; the second phase is what we call the “pit of despair,” where the scope of the challenge becomes obvious and successful exploits are publically acknowledged; and the final phase is the realization that there are no quick fixes and that an organization-wide approach is needed to address security as a core business process. GM's appointment of a cybersecurity czar is an example of phase-three thinking. Only once an original equipment manufacturer (OEM) reaches this level of organizational awareness can they start to develop the structure, tools, and
processes to build a more secure vehicle or mitigate the impact of previous engineering decisions. It's at this point we see processes being created, tools getting developed, and experts such as Security Innovation being invited to help with threat modeling, penetration testing, risk ranking, gap analyses, and other security services.

Frost & Sullivan: Yes, I can imagine there could be panic. So, within the automotive space, where do the vulnerabilities lie? What do these OEMs and Tier I participants need to focus on?

Security Innovation:

There are many ‘attack vectors' the OEMs must think about: internal, external, and intra-vehicle. Internally, these include the DVD player, USB, aux input, and, most dangerously, the OBD port, which is the area we believe OEMs need to focus on most. Direct injection into CAN bus, high-speed media bus, or Ethernet are also risks.

Externally, vehicles are now accessible through Bluetooth, the Internet, and NFC devices such as the key fob or the tire pressure monitoring system. The CAN bus is also accessible from outside the vehicle, with an already documented ability to inject malware by removing a tail light. However, inter-car communication such as vehicle to vehicle (V2V) is by far the most secure system by design. The digital short range communications (DSRC) environment has been developed with security as a primary design criterion, but alternative implementation paradigms such as LTE may not be as robust.

In response to your question of priorities, I believe that both security and information privacy must be treated as equally important. However, the first step should be a comprehensive risk assessment that addresses the five traditional indicators of risk, namely motivation, feasibility, impact, threat status, and scale. This triage process is well understood by any experienced security consultant.

Frost & Sullivan: Pete, could you give us an example of how V2V communication could be interrupted?

Security Innovation: First, I must stress that DSRC—the high-speed and low-latency 5.9 GHz short-range radio link—is independent of other in-vehicle protocols and non-interruptible. However, any safety application that uses 4G or LTE is susceptible to interruptions, and, therefore, compromised safety. Think of a family traveling in an area where there is less than perfect mobile coverage, with two or three children streaming video or playing games that happen to use high bandwidth. In this scenario, the safety functionality may be limited.

Frost & Sullivan: It definitely sounds like automotive companies are taking steps to make sure that what once was an afterthought is now at the beginning of the process, as you mentioned. How do you identify the reality of the need for securitization?

Security Innovation: As I mentioned previously, we look at five different aspects of risk analysis, and those are as follows:

  1. Motivation: Modern cars are essentially wallets on wheels, so for people motivated by theft of financial data, the car is a potentially valuable target. And although it may seem far-fetched, extortionists, enemies of the state, or simply aggrieved people could turn a car or fleet of cars into a weapon.
  2. Feasibility/Cost: How complex is the threat? What is the risk?
  3. Impact of the Attack: If the vehicle is successfully hacked, what will the impact be? Could someone take control of the vehicle? Could someone acquire personal and private data that is stored in the vehicle?
  4. Status of the Threat: Sometimes threats are only theoretical or experimental, and, therefore, impractical. Others are so hard to pull off that only the most persistent attackers will succeed, and then usually only on an individual vehicle.
  5. Scale: Can the attempt or exploit affect one or more vehicles? What is the potential impact of a hacker taking over a fleet of vehicles and then using blackmail or extortion to achieve their financial or political objectives?

Building better security into new vehicles is happening already. A tougher challenge is how to address vulnerabilities in the connected vehicles already on the road. How can these threats be mitigated; how is software updated; how should the industry address zero-day vulnerabilities?
These are all-important questions, and, once again, there are no simple answers. We know there is no single solution, no magic bullet. An in-depth defense approach is needed that will require the application of traditional IT mitigation techniques such as network segmentation, cryptography, virtualization, black and white listing, intrusion detection, trusted platform and trusted execution, and many more buzzwords. In short, the solution must be holistic.
Unfortunately, a reality of the security world is that the manufacturers need to be right 100% of the time—the bad guys only need to be right once.

Frost & Sullivan: It is clear the threat is very real. Now, after your great analysis of the industry as a whole and where OEMs and leading Tier I suppliers need to focus their attention, can you provide an overview of what Security Innovation brings to the table?

Security Innovation: For over 12 years, we have been securing software wherever it runs. We started out protecting servers and desktop systems and subsequently evolved our services and consulting to include mobile and embedded software. The connected automobile represents a natural extension of our historical expertise and why we have launched Automotive Centers of Excellence (ACE) in our Seattle and Boston research laboratories. We are also lucky enough to have world-renowned V2X consultants, as well as the world's broadest security eLearning curricula for developers, architects, QA teams, and management. And then there's Aerolink, our implementation of the US and European V2X security libraries, which has been implemented in more vehicles than any other supplier and was selected for the 2017 Cadillac V2X subsystem.

Frost & Sullivan: Could you elaborate a little bit on where Security Innovation fits in the whole scheme of things? For example, what role do you play in the various securitization processes? Do you work directly with OEMs and/or Tier I suppliers?

Security Innovations: We have always been a specialized provider of software security and privacy solutions. In the automotive market, we work on the technologies required to maximize the drivers' trust in the security of their vehicles and the privacy of their trips. We offer a ‘turnkey' approach that includes services, consulting, and products to improve both security and privacy.

Frost & Sullivan: Understood. In this newer space within the industry, what sort of educational steps must be taken from the OEM and Tier I side to improve their knowledge?

Security Innovation: Actually, that's one of my favorite questions. But first, to put things in perspective: NASA achieves zero errors per line of code, a goal which they've achieved and which frankly will not happen in the automotive space. However, this must be the objective. So a cornerstone of our business, historically and today, is to do whatever possible to improve the security of software by helping organizations ensure their development teams are well-educated and well-resourced through our TEAM Academy on-line training and knowledge base.

We want to minimize the impact of a threat because 80% of all exploited vulnerabilities can be tied back to the application layer, so if a hacker gets through the firewalls and if the applications are not written in a secure way, it becomes relatively easy to exploit the system.

Frost & Sullivan: It definitely seems like Security Innovation is positioning itself well to become an industry leader in the automotive security space. Where do you see yourself in 5 years?

Security Innovation: Well, we're in a very complex ecosystem and understand the niche nature of our business. But, nevertheless, as we deliver more products and services into the car, I can really see us being synonymous with vehicle security. As in the traditional IT world, we will be recognized for mitigating risk, minimizing the impact of breaches, protecting data, and improving the internal expertise of our customers.

Frost & Sullivan: One final question: We've heard that, to date, there has not been a documented case of a hacker entering the vehicle and causing any kind of damage. Can you confirm this as a leader within the security industry?

Security Innovation: Yes, that is true. I am not aware of any malicious OTA hacks yet. But they are inevitable. If it can be done, it will be done. A truism in our business is that there are only two types of companies: those that know they have been hacked and those that don't. Unfortunately, this is the world we live in, and all we can do is help the industry to be as prepared as possible for the security threats posed by greed, fraud, pride, or malice. We are not trying to scare anyone, but you and I would not be having this conversation if the threats were just a figment of our imagination.

Douglas Gilman is a senior connected vehicle analyst for Frost & Sullivan, a growth partnership firm. Doug's insight about the connected car has been quoted in numerous industry-leading publications. He recently completed an innovative study about mobile advertising within the infotainment space. With vast experience in the telematics and infotainment market, Doug offered challenging and relevant questions that resulted in a thought-provoking discussion. Frost & Sullivan would like to thank Security Innovations for their time and valuable input.

Sign in to read the rest of this article

Not signed up? Register now Forgot your password?

Help Desk

Full list of offices

For more information and general enquiries, contact Frost & Sullivan near you.

North America
tel: +1.877.463.7678

Select a location near you..