Imagine the radio in your car mysteriously switching stations while you drive. Or worse, you step on the brakes but you can’t stop your car. Such potentially disruptive and deadly incidents are an increasing threat to drivers.
The rise of autonomous cars and internet-connected vehicles is creating a new generation of smart transportation – and millions of new targets for hackers.
“As cars are becoming more and more software-based, they are also becoming more connected,” said Michael Dick, CEO and founder of Israel-based C2A Security. “And if you are not secure, you are not safe.”
With every car becoming a computer on wheels, cybersecurity is as vital for passenger safety as seatbelts and airbags. C2A believes its technology will protect cars from even the most sophisticated hackers and is designed to fit with the in-car computer systems being developed by major auto manufacturers.
C2A’s Autosec system, unveiled in October, provides a platform for car-makers and car-part providers to keep track of the protections and vulnerabilities in their technology, allowing them to ensure their cars – and hundreds of parts – are safe from cyber attacks.
Dick compared Autosec to the now-common and automatic software updates and security patches for laptops and cellphones.
Between 2016 and 2019, the number of reported hacking incidents in the automotive sector rose sevenfold, according to a report from Upstream Auto, an Israeli automotive cybersecurity platform. While incidents like remotely taking over the steering or brakes of a vehicle largely remain confined to cybersecurity labs and experiments, real-world incidents have included car thefts by hacking into keyless entry systems, data breaches and interruptions to navigation platforms.
The rising number of incidents, and demands from government regulators, are fueling the industry’s search for solutions, said Ben Ellencweig, a partner and mobility expert at McKinsey, which expects the global automotive cybersecurity sector to double in value to $9.7 billion by 2030.
“A car is basically becoming a data center on wheels so, like anything else, there are risks in hackers interfering with it,” Ellencweig said, explaining that most cars made today are connected to some extent with the outside world through sensors, Bluetooth and onboard internet. “These are not threats that the auto industry can allow itself. This, at the end of the day, is about safety.”
Incidents are expected to increase, especially as the market sees more electric vehicles, shared mobility apps like Uber and Gett, and, eventually, driverless vehicles, Ellencweig said. And protection is complicated because cars have hundreds of parts and points of vulnerability.
But as carmakers, technology companies and startups race to provide solutions, C2A believes its Autosec platform is unique because, instead of securing individual components of cars, it offers a way to secure the entire vehicle, from manufacturing through the end of its days on the road.
“We are not offering a widget, one solution for one particular problem, but rather we are trying to give the market a comprehensive solution,” Dick said.
Dick is one of Israel’s most successful high-tech entrepreneurs. He was a co-founder of NDS, the Jerusalem-based TV signal encryption pioneer that was sold first to Rupert Murdoch’s News Corp. and then to Cisco for $5 billion. Other members of the C2A team were previously at Argus, a vehicle cybersecurity developer acquired in 2017 by Continental, a German transport technology giant, for a reported $430 million.
The Autosec technology also allows carmakers to track cybersecurity issues in all parts of their vehicles on an ongoing basis and immediately and automatically coordinate software updates and patches for vulnerabilities.
“Core to C2A’s mission is to see the automotive industry truly secure, protecting companies and drivers alike,” said Nathaniel Meron, C2A’s chief product and marketing officer. A company survey of top auto manufacturers and suppliers found it took them more than three weeks to perform a thorough risk assessment of security threats to their software. “With AutoSec, risk assessment takes a matter of seconds,” Meron wrote in a recent blog post.
Most other solutions cover only individual components, like the car’s entertainment platform or keyless entry system, making it difficult for car companies to integrate and track cybersecurity for the whole car, Dick explained. The lack of integration means that keeping track of vulnerabilities or responding to reported security and data breaches is cumbersome and time-consuming.
Demand for the technology is already strong, he said, partly because of new government and industry cybersecurity regulations for vehicles. United Nations regulations requiring in-vehicle cybersecurity measures will begin to take effect in 2021 in the European Union and many Asian countries, including Japan and South Korea. The US is not included but it will have to comply if it wants to sell or manufacture cars in those places. The International Organization for Standardization, a global group that includes the US as a member, is also developing requirements for cybersecurity in vehicles.
Car manufacturers “know that it’s going to become compulsory and they know they are going to have to become compliant,” Dick said. And just as car buyers read crash-safety reports about cars, they will also begin to see cybersecurity features as equally important, he said.
“This is a safety industry,” Dick said. “End users are worried about cyber security.”
C2A is backed is backed by Israel-based venture investors More Ventures, OurCrowd and Maniv Mobility. While the company declines to talk about its customers, in April it announced a development partnership with AUTOSAR, a global automotive consortium that includes BMW Group, Bosch, Continental, Daimler, Ford, GM, PSA Group, Toyota and Volkswagen.
“C2A’s entry marks the first and only time an Israeli startup has partnered with the alliance, and positions C2A Security as a cybersecurity contributor to the consortium,” the company said.
For more information on C2A Security, click HERE.