On this week's episode of “Left to Our Own Devices”, Felipe Fernandes took some time to chart the future of secure automobiles
Growing Into Automotive Security
Felipe has a long family connection with Fiat, a company that employs over 30,000 people in his hometown in Brazil. Felipe’s father worked at the company as a test driver and his father-in-law was a mechanical technician.
With so much family and community invested in the company, Felipe also dreamed of a career with the automotive giant that, today, operates as Stellantis, the owner of more than a dozen well-known nameplates like Chrysler, Dodge, Jeep, Alpha Romeo, Maserati, Citroen, and Ferrari.
Felipe was always interested in security. As a teenager in high school, he was attracted to software development. “It’s nice to see the code that you write come to fruition in the form of actual working physical devices.” Later, as a professional software geek, he developed embedded devices for electronic payments and quickly came face-to-face with numerous cybersecurity issues.
Soon thereafter, Felipe was head-hunted by Fiat and jumped at the chance to realize his dream of working in the cybersecurity of embedded systems at his hometown favourite, Fiat. Showing great initiative and immersion in the field, Felipe rose to become Head of Vehicle Cyber Security LATAM at the company (known as Fiat Chrysler at the time).
About two years ago, Felipe was recruited by luxury and sport-utility vehicle manufacturer, Jaguar Land Rover (JLR) where he serves as cybersecurity manager.
Shiny New Jag
Now that we know what drives Felipe (pun intended), it would be interesting to know what he likes to drive. Always the innovator, Felipe has adopted the Jaguar E-Pace hybrid car, described by Jaguar as, “Seamlessly blending a sports car-inspired design with the practicality of a compact SUV.”
As Felipe tells it, “The move to electric was a game-changer for Jaguar. A 100-year-old company moving from a hardware-oriented technology to electrification is a big challenge.” When he first arrived, the E-Pace was more of a prototype, but it soon became a fully electric vehicle, powerful, with very low latency between pressing the pedal and feeling the acceleration. Here, too, Felipe has been able to see how the product is developed, then use it on the road.
It’s All About Innovation
We zeroed in on Felipe’s views as an innovator. He was quick to inform us: “When you are talking about a very traditional company, you have lots of experienced people around, like mechanical and electrical experts. But software is much more complicated and cybersecurity on top of software has become a giant challenge.”
But the company is gaining maturity both in cybersecurity and autonomous functions. Jaguar is now innovating an embedded management system that will accommodate the many new autonomous driving use cases as well as international regulations for connected cars like UN 155 that deal with managing vehicle cyber risks, securing vehicles by design to mitigate risks along the value chain, detecting and responding to security incidents across the vehicle fleet, providing safe and secure over-the-air (OTA) software updates and ensuring vehicle safety is not compromised
Felipe also mentions Intrusion Detection and Prevention Systems (IDPS) as another challenge demanding innovation. He notes that it is difficult to separate driver behaviour from intrusion. The problem is: when you detect something unusual, it could be a false positive. How should you react? Should you tell the driver? Should you inform the manufacturer?
JLR is investing more resources in this issue, creating new methods to capture information from the vehicle, understand when something is happening, and determine how to react.
Not Just Speed on the Road — but Also in Product Development
Automotive manufacturers are under pressure to release products faster while adding software functionality. They are trying to move away from the traditional Waterfall and V models of software development and transition toward the agile environment of a tech company.
But, as Felipe cautions, even global products of a tech giant like Google – think “Android” – carry numerous vulnerabilities. While problems can be sizable and very widespread, they are not going to kill people. But the automotive industry develops products that are on the street travelling at speed, and a bug or a security breach can put customers’ lives at risk.
Felipe shares his opinion that an automobile manufacturer needs some sort of cybersecurity core – a team that is dedicated to understanding best practices and that can support the entire company. The team does not have to be directly involved in production, but must assist all product owners across the company to make sure that everybody understands that they are the principals in charge of security.
Extreme Product Security Challenges
When asked what he sees as the main challenges that product security teams are facing and how they can solve them, especially considering the area of over-the-air (OTA) service, Felipe is quick to respond with thoughtful, organized answers.
Software bill of materials
Automotive OEMs have been using BOMs for a very long time. They are used to dealing with a situation where a supplier suddenly cannot supply a component. They always consider that their product – an automobile – is going to be in the field for many years, so they always stay in touch with multiple parts suppliers. This attitude is now being applied to the management of software components. Felipe states that we need an agreement between suppliers and manufacturers regarding SBOMs that includes transparency and sharing information about what’s in the software. It’s a lot of data so we need to solve two issues:
- People availability: We must have dedicated people who constantly track the supply chain.
- Automation: It’s impossible to manage the process with Excel files. With automation tools, whenever you need to change a process, you can just change the behaviour of the tool.
Dealing with problems at high speed
When the manufacturer notices a problem with a car, it can’t just shut it down while it’s rolling through an expressway at high speed with a family onboard. There needs to be some sort of safe-mode – a certain minimum level of functionality that enables the driver to continue driving safely while the OEM tries to figure out what’s wrong. Perhaps features can be removed one-by-one or there can be a return to a safe and known checkpoint as the OEM decides what to do about the problem.
The sending of over-the-air (OTA) software updates further complicates matters. The OEM has to figure out if the update for any individual automobile has encountered a problem. There will have to be some kind of process that includes a buffer that will enable the car to return to its pre-update state.
Improvements are Coming
Newer tools can verify the vulnerabilities in open-source libraries and determine if all the software is updated with the latest patches. While these sorts of tools used to be rather unfriendly and too verbose about the data, now we can integrate them into our pipeline. We can go to sleep at night while the tools continuously check the code for vulnerabilities and provide a full report by the morning.
Practical Tips for 2022
When asked for his tips on automotive cybersecurity in 2022, Felipe is quick to aim at regulations. All OEMs will have to be compliant with international and national Cybersecurity Management Processes.
He also shares a lesson in managing change at large companies: Don’t try to implement a new process unless the people who run Product Development can believe in it and manage it. If the process does not fit into their reality, they are going to bypass it and you are going to lose important opportunities to mitigate problems. Product security has to be a balanced, collaborative effort.
With his eye on the future, Felipe also recommends to young people that they go into cybersecurity and get good training for a challenging, interesting, and life-saving career.
Written by David Leichner (CMO), Shlomi Ashkenazy (Head of Brand) and Rafi Spiewak (Director of Content) at Cybellum