The automotive industry is witnessing ever-increasing digitisation across all technological arenas that bring to the table unique challenges. When it comes to connected cars, there is a transition taking place with every vehicle practically turning into a data unit and the quantum of data emerging as the deciding factor for valuation of the automaker. This brings to the fore the significance of data, which becomes the target of hacking and attacks.
Subex Inc offers solutions in the area of cybersecurity, and had recently forayed into the automotive vertical. Auto Tech Review caught up with Kiran Zachariah, Vice President – IoT Business Solutions, Subex Inc, to understand the company’s focus on providing security for connected vehicles, its working as an active threat research facility, and other instances of security for the automotive sector.
UNIQUE ATTRIBUTES, SOLUTIONS
A unique facet of the company is that it runs what can be defined as the largest IoT honeypot, where devices are purposely put out in the open to get hacked – this honeypot gets hacked about 3.5-4 mn times a day. Zachariah pointed out that Subex, by monitoring these hacks, is witnessing around 150-200 new types of malware being released in the connected car space on a daily basis. The ability to identify the new threats and their signatures is what the company brings to the table.
These types of malware are purpose-built attack vectors, which are focussed on attacking multiple critical infrastructure deployments. Zachariah observed that critical infrastructure deployments refer to anything that has a direct impact on human life. Cars fall into this category since the autonomous driving space includes vehicle-to-vehicle (V2V) and vehicle-to-infrastructure (V2I) connectivity, where sensors providing a large amount of information are exposed and prone to attacks. Therefore, Subex provides risk as well as threat assessment for various developing vulnerabilities that pose threats to the connected car and the autonomous vehicle space.
AREAS OF WORK
Under the automotive vertical, Subex focusses on two major segments. Firstly, automotive suppliers carry out work on projects dealing with smart city infrastructure. With the function of V2I being part of the overall smart city initiative, Subex offers to secure sensors pertaining to the infrastructure as well as the cars. Zachariah said efforts in this space are long-term in nature, where both Subex and the partner companies are closely working together. This project is driving towards how cybersecurity will be seen in the autonomous car space, added Zachariah.
The company’s other focussed segment is carrying out development for the connected car space, which is for the current projects. Subex is engaged in the development of specific artificial intelligence (AI)-based models to secure the three networks within the car – CAN, FLEX and MOST. The main focus is on monitoring the data moving in and out of these networks and keeping them secure from vulnerabilities.
Another area that Subex is undertaking development is in the app side, since this facet is experiencing major security issues, noted Zachariah. The apps and their web interfaces that are put into autonomous vehicles create conduits, making holistic security the need of the hour. The company predominantly works with clients for solutions to be implemented in advanced markets in North America, Asia Pacific, Middle East and Europe. However, the company is now focussing aggressively on the Indian market.
Over half of the company’s revenues of the IoT business division are invested back into research. In addition, Subex’s investments are in the form of increasing the level and standard of talent available in the country, which with regards to cybersecurity is low at this moment. Subex is looking at creating laboratories and curriculums in universities in India, in order to raise the talent level in the area of cybersecurity. The company’s focus is on middle-tier colleges that have a large number of students. Subex also connects with the student community through its cybersecurity consortium.
On the future automotive trends towards autonomous driving, Zachariah said India is not doing enough in this area. The industry is happy sitting back and following others, which is a good strategy in many cases, but there are a lot of automotive manufacturers in India, who could benefit from being a part of autonomous driving and creating incubation centres, he noted. There is enough development work to be carried out not just from a cybersecurity perspective, but also from an automotive perspective. The problems that could be solved because of the local engineering prowess are substantial, he pointed out. There also needs to be local development work aimed at the local deployment of technologies.
With the automotive industry focussing on connectivity and autonomy, there is ample necessity for security of information and data related to the vehicle and infrastructure. In addition, regulations are also coming into effect for certification of autonomous driving technologies. There are enough market regulations to make money out of cybersecurity for cars, Zachariah concluded.
TEXT: Naveen Arul