Decoding cybersecurity for electric and software-defined vehicles
Vehicles are growing increasingly complex with connected systems and sophisticated technology, including internet connectivity, wireless communication, and advanced computer systems. While these advancements have improved the driving experience, they have also made the industry vulnerable to cyber threats. Here’s where the need to focus on cybersecurity for electric and software-defined vehicles arises.
The global automotive cybersecurity market size was valued at USD 1.44 billion in 2018 and is expected to grow at a compound annual growth rate (CAGR) of 21.4% from 2019 to 2025. The increasing emphasis on autonomous driving and connected car systems by OEMs has increased the risk of data breaches, driving up demand for cybersecurity solutions in the automotive market.
In this light, here’s an interesting tete-a-tete between Roy Fridman, CEO at C2A Security, and Siddharth Jaiswal, Automotive Practice Head at Netscribes, as they take a deep dive into the cybersecurity landscape across the automotive industry.
Siddharth: So, for our readers, if you could quickly introduce yourself and C2A and your journey with it.
Roy: Sure! I have a pretty extensive background in technology. I’ve been all around, let’s call it different technology fields in terms of multidisciplinary systems, telecommunication, mobile, and many others. I’m an engineer. I started my career doing a lot of R&D – from being an engineer up to, you know, leading engineering teams. And then at a certain point, I moved to the more business side – doing both marketing, sales, business development, and other, let’s call it more business-related job strategy, corporate development. And just recently, joined the C2A security as the CEO for the last one year – something like that.
And right now, you know, I’m here and we are basically trying to redefine or bring to the software-defined vehicle era, the right tools that need to support cybersecurity, you know, for actually having connected electric and autonomous vehicles out there.
Siddharth: Interesting! So, as an extension to this question – so where we are all, in the auto industry, figuring out electric mobility, how it is going to scale, and also keeping an eye on the future of mobility, like you mentioned – it is autonomous vehicles. And in this context, if you could elaborate a bit on what C2A security is doing and how it is enabling this transition in terms of, from a cybersecurity perspective?
Roy: Of course. So, let’s start with a bit of a background. So, our vehicles are becoming computers. You know, this is what is happening right now. The vehicle is becoming software defined… hundreds of millions of lines of code, and this is only going to grow. Now when you are dealing with this amount of software, you need to learn how to manage software at scale basically. Now, well, you know, I’ve been in this automotive industry for 10 years and, you know, for the last a hundred years, the focus of automakers – and this whole ecosystem was not exactly about software. It was more about hardware. How to build the car? How to make it, you know, perform better? The torque, the steering. This was the focus. And there is a big transition now.
And our goal as a C2A security is to basically enable the correct product lifecycle management at scale. What we do is – we are the first automotive cybersecurity DevOps platform. An automation platform that helps basically manage the cybersecurity of the software – from the development to the operations and back.
And what we’re trying to do is not take the… let’s call it the angle of scaring our customers about cyber-attacks that will come and everything will be bad. And you know hackers will hijack cars. This is not the goal of what we’re trying to do. We are trying to help our customers, which means the entire mobility ecosystem basically – from OEMs, tier-1s, chip providers – automate the process of handling cybersecurity, reducing the cost of handling cybersecurity, turning cybersecurity from something that is a limitation. Okay? Something that can be a limitation into something that can actually be an enabler. What does it mean?
If someone wants to work with the C2A or someone wants to be competitive in this software defined vehicle world? They must use automation in order to reduce the time to deployment. For example, how fast are they going to produce the new electric vehicle? They will need to put more apps in the smart cockpit. And if they don’t use an automated, smart, streamlined cybersecurity, they will be limited. So, what we do at C2A – we provide a cybersecurity DevOps platform to help them reduce time, reduce cost, and enable more business.
Siddharth: Very interesting. And I couldn’t agree more, when the industry is moving from a horsepower era to a computation power. And especially when the transition of the powertrain has happened to electric mobility. Now the phase of figuring out electric mobility is done. Now the phase is to accelerate and scale electric mobility is in. Now, in this scenario, I’m sure C2A security is kind of enabling, like you mentioned, because every OEM out there is behind scale and rapid, rapid scale. So, if you can give us a thumbnail on what C2A security is doing for electric mobility? How is EVs different from the conventional ICE platforms?
Roy: So just as a disclaimer, you know, we support both legacy or ICE vehicles and in addition to that, the electric vehicle platforms, meaning… so basically, we do both. But as you said electric vehicles are actually different and they are more challenging. I believe like 10 times more challenging actually because of a couple of reasons.
When someone builds a new electric vehicle, they’re already looking at the more modern architecture, the more software-defined architecture. So, the code is you know, you have more code, you have more computers, you have more connectivity. It’s already inherent or built in, into these electric vehicles that are coming.
They’re not trying to take legacy solutions and adapt them. They’re trying to build something new that is more advanced. Just look at Tesla and, you know, the Tesla vehicles and the fact that they’re structured differently, architected differently. Okay. They are much more closer to, much closer to computers, if you look at it. Now, this is the first, let’s call it a challenge. The second challenge is an obvious challenge and it kind of tells us in the face every time we look at an electric vehicle. And that is the fact that an electric vehicle connects to this new creature that is not the gas station, but the electric charger.
And it connects, you know, indirectly also to the grid. And it connects also to the payment system. Now these electric charging stations or swapping – the battery swapping stations, these are stationary. These are everywhere. They share communication and energy with the vehicle. So, if talking about the tax officers and new tax officers, the electric vehicle has more – and this is something that we put a lot of emphasis at C2A – not only to resolve the challenges of the vehicle and its internal mechanisms, but also the peripherals of the vehicle, and our first focus is the electric charging station and the grid.
So that’s what… that’s another challenge. And the last challenge that I will mention is the fact that the vehicle itself, any vehicle, it comprises of a multi-vendor ecosystem. Many different players are involved in the making of a vehicle. ECUs, many of them, the car itself, the OEMs, the software integrators, and many more. Now we can add to the mix, the charging station operators, the charging station vendors, the energy management providers, the payment providers. So, this is one of the most, if not the most advanced and complicated vendor ecosystem in the world.
Now, if you have a cybersecurity issue, you must be able to identify, prioritize, and mitigate very, very quickly… issues. And this is a challenge when you are talking about a multi-vendor ecosystem. So, these are the three main challenges I would put as the first ones that I look at when I see the electric vehicle itself versus ICE.
Siddharth: That’s quite interesting. So, I might go back to your phrase where you mentioned, cybersecurity shouldn’t be seen from a lens of a threat rather like an enabler. Right? So, given your proximity to OEMs, your proximity to the wider demand side of the auto industry – so, how do OEMs perceive cybersecurity? Given, like you mentioned, they’re already looking at born EV platforms, which are way advanced. That kind of gives them a clean slate approach while designing. So how about they taking cybersecurity as a key concept in design? Would you foresee cybersecurity as a differentiator for an OEM? Like we already know, cars are smartphones on wheels. So can an OEM be taking a position like Blackberry did back in the day, that we are the best secure network?
Roy: A hundred percent. And this is one of the, let’s call it main differentiators of C2A. You know, let’s take the smart cockpit example again. And it’s a simple example, but it can be relevant to many other areas that are more business related.
You know if you want to put apps, applications in your vehicle, you need to be able to manage the permissions. The more complex the apps, the more number of apps you have. You need to be able to manage permissions between them. Do it automatically like you do in phones – you know, in smartphones. Now, if you do it manually, you will be able to be very limited in the amount of apps you give your customers.
If you do it in an automated way, using a smart and an automation system that can automate your permission handling scheme. And then translate it into the vehicle, then you will be able to put, I don’t know, Google Play? And it doesn’t matter which apps and maybe third-party apps and so on and so forth. You understand that someone, I… You know what? I would not say to someone, I will say myself. Okay – when I buy a car, I want all the apps in the world. I want to have more features in my car, not less. And I just gave you an example of how cybersecurity can be the difference between something that is very limited in terms of software, that to something that is very you know, very advanced in software.
And this is, you know, this is a business enabler. This is how you transform cybersecurity from a limitation to a business enabler. And this we are not strange to that. You know, you have the whole IT industry that is, you know, much more advanced right now than automotive. But the funny thing, or not the funny thing – the thing is that the revolution that IT went through is what automotive is going through now.
So, you must understand that… everyone must understand that the tooling and the approach to cybersecurity and to the – let’s call it, to DevOps and DevSecOps needs to be much more advanced also in automotive.
Siddharth: Understood. A very interesting perspective. Now if I may step back a bit and look at the supply side of the entire cybersecurity ecosystem. So, we have seen a lot many startups coming in the space of automotive cybersecurity. So how do you see this ecosystem evolving? Do you think they will be going forward, a kind of consolidation? And there will be huge companies like how we have the big OEMs. So, will there something be like – huge cybersecurity giants or do you think pockets of growth will happen across the board?
Roy: So, I think both will happen. That to tell you when there is – I don’t know how to explain it, but there is a time – let’s call it a transition point that didn’t happen yet and will happen in which cybersecurity, let’s call it on, on the scaring side, on the attack side, will evolve in the automotive industry and will grow and grow. And that is one of the, let’s call it facilitators for cybersecurity companies to grow in an industry. That’s one direction. Okay? But that’s not the direction of C2A security.
This is why we’re different. So, on one side, you have a lot of companies in this – let’s call it in this space, that are focused on in-vehicle protection, on providing security operation centers, you know, for vehicles. And that’s fine. And I think that once there will be growth in terms of, let’s call it cyber-attacks and so on, there will be also growth in, you know, in these companies.
I also think that because the timeline is not known, the timeline of when it’s going to happen, there will be consolidation and smaller companies will be absorbed into the bigger ones and maybe OEMs and so on. And that’s going to happen.
I don’t know exactly when, but this is a timeline that’s going to happen. You know for sure because vehicle is becoming a computer. We already saw what happens on the internet revolution. You know, it’s… you cannot imagine not protecting your computer and personal data. So how can you imagine not providing proper protection, for a vehicle that is, you know, 10 times or a hundred times more dangerous?
So that’s one track, and I want to take the other track. And that’s the track of handling cybersecurity in an efficient cost and time-effective way. And that is the special area that we at C2A are kind of promoting this DevSecOps direction. Now, there, in this track, you have OEMs, you have tier-1s that need to handle compliance and automate the compliance process today.
Not in two years when they have, I don’t know attacks on the vehicles or one year. Today, they need to handle compliance because it’s an important and critical thing in automotive. In addition, they have teams of cybersecurity experts that have shortage. Okay? You have shortage in all cybersecurity experts in the world and also in automotive.
And they need small teams to be able to service – I don’t know tens of thousands of people. So they need something that, you know, makes it possible for this to happen. So a small team can support a very, very large R&D team or operations team. They want to reduce the time to deployment today because they want to be more competitive.
They want to, today, to bring more apps into the vehicle. Because they want to be more competitive. So that is the DevSecOps side. This is the efficiency, productivity, and automation side. And that is happening today. And, this is the track of C2A which is a bit different than the other companies out there.
And on that track, I believe that something very interesting is going to happen. What is going to happen is that the companies in this track, there will be more companies. C2A will not be the only one and probably is not the only one in general in this direction. But then these companies will experience very soon significant growth because they’re solving problems of today.
Automated compliance, best-in-class cybersecurity for cost and time reductions. More business value. This is today. So these companies will experience growth significantly. And what can happen is also that the big players in IT will understand the value and the potential of the automotive industry in that area, and will come over and then they will see the challenges here. And, you know, we, this is going to become a very thriving industry like in IT. That’s my perspective. You know, I, I might be right, I may be wrong, but this is how I see it.
Siddharth: I’m really curious how vibrant the cybersecurity space will become once the IT giants start coming in and it’s going to be super vibrant for sure. My last question. So, what is your prediction – since we are starting of 2023 – what is your prediction for this year for wider mobility and cybersecurity in general?
Roy: For this year, I think, we will see in general; I think this is not, you know, this is an interesting year on the financial market side in general.
That will be challenging for all automakers, for all tier-1s, for everyone. It’ll be probably not an easy year in general, but in terms of cybersecurity or maybe I will say the software-defined vehicle in general, I think there will be a lot of action taken by the big players to further adapt their capabilities to this world – to the software-defined vehicle world.
I think that we will see companies, more and more deals around the software-defined vehicle, which includes cybersecurity by the way. I think that the electric evolution is going to continue on. And we will see also, companies addressing the areas of electric vehicle charging in a more serious way.
I think this year will be good for companies that are around the software-defined vehicle and how to manage software at scale. And this includes cybersecurity, but not only.
Roy Fridman is the CEO and CRO of C2A Security, the only DevSecOps Platform vendor focused on car manufacturers and mobility companies. Roy holds an MBA in Finance and Marketing from Tel Aviv University and graduated Summa Cum Laude (President’s List) with his BSc in Electrical, Electronics, and Communications Engineering from The Technion in Haifa, Israel. extensive experience in multidisciplinary product development, marketing, sales, and business development. He has been involved in the digital transformation of mobility for more than ten years. Roy was VP of Global Sales and Business Development at Foretellix prior to joining C2A Security. Roy created the sales and business development organization from the ground up, including strategic corporate investments, partnerships, and acquisitions.