Securing OTA with Michal Geva from Harman International

The once distant vision of updating software remotely without needing to take it to a service center was originally designed for bug fixes and cybersecurity updates. Today, over-the-air (OTA) updates are used to enable new features and upgrade a vehicle, all from the owner’s smartphone app and the manufacturer’s remote service center.

Michal Geva, Managing Director, OTA and Cybersecurity at Harman International, has joined the Left to our own devices podcast to discuss the automotive industry’s adoption of over-the-air updates and the security risks that come with them. However, his experience began over a decade ago at Red Bend, a leader in OTA technology.

When a new competitor, Google, began offering its OTA services for free, Red Bend began looking for an alternative market. They set their sights on automotive, realizing that their first challenge would be to educate OEMs on why OTAs will be necessary in the future. “We would present slides to our clients and explain to them what OTA is, what cybersecurity is and why it is important to the industry,” Michal said. “We were able to move from the mobile world to the automotive market. » Today, Red Bend, acquired by Harman in 2015, is a leader working with 26 automotive industry OEMs.

While in the past various components were digitized, “there is a huge shift towards software-defined vehicles and these software-defined vehicles are a data center on wheels,” Michal said. “It requires a lot of cybersecurity, a lot of protection.”

Gaps between cyber and OTA

Having been on both sides, working in both OTA and cybersecurity, Michal has a unique perspective on how each can be improved.

She said: “Cybersecurity is a fascinating market in the sense that it’s only when a catastrophic event happens that people really understand why we need cybersecurity. » This isn’t news to product security officers (CPSOs) or other practitioners, but companies need to be on the same page if they want to prevent attacks from happening on their vehicles . This can be achieved by building a culture of cybersecurity, which is sometimes prioritized too late.

When it comes to cybersecurity incidents, “…once it happens once in an organization, it becomes clear what could happen,” Michal said. There is a sudden awareness and need to protect the organization. She recommends opting for the most advanced cybersecurity available instead of building an in-house solution. Recognizing that 100% security does not exist, external teams are more agile than OEMs in mitigating vulnerabilities.

The biggest trends of the near future

OEMs are widely adopting OTA as the go-to technology for remote bug fixing, updates, and enabling new revenue streams.

“We dreamed of being able to repair the vehicle in the event of a bug. So you don’t need to go to the dealership. You can just fix things while you sit, watch TV and update the vehicle,” Michal said. However, revenue streams and luxury upgrades were not considered. “But at that point we were talking about quality. So there was a bug, an intrusion, a security problem and we wanted to update the vehicle to secure it. This shift from necessary updates to requested updates has proven to be cost-effective, but every update carries the danger of a software supply chain attack or other malicious activity.

As vehicle owners, we worry less about these issues than we do about new features in our existing vehicles. As a business, the newly dynamic environment means that communication must be effective at all stages.

An analogy Michal gave to highlight the severity of the challenge is that of protecting the single processor of a phone versus the 80 ECUs of a modern vehicle. “The phone has a processor. So a single controlling power. But if you look at the vehicle we’re talking about today, you have 80 ECUs that communicate with each other. Therefore, the vehicle is prone to glitches, errors, and hacks. We have to be very, very careful and be able to identify these issues quickly and be able to fix them and modify them as soon as we find the vulnerability.

How to secure the automotive supply chain?

In the past, it was common for product development teams focused on a specific vehicle to develop their own technologies without consulting the IT department. However, as the OTA progresses, it creates common ground between these teams who have never interacted.

To keep vehicles up to date in the future, one component had to be installed in the vehicle, another with IT, and both shared data in the cloud. “So there is a closer connection between the vehicle and the data center, the vehicle and the cloud. This introduced many opportunities and also introduced different thought processes,” Michal continued.

Going further, the success of OTA technology allows companies to think about the next stage of this technology. Instead of looking at OTA as a way to update deployed vehicles or manage fleets, OEMs are moving closer to home, deploying over-the-air updates to manufacturing facilities, so that the latest absolute versions are integrated into the vehicle while still in service. Assembly line.

Career Key Points

Discussing what she believes will be key to the success of organizations, Michal touched on two key topics: diversity and professionalism.

Only recently she had a meeting with two other companies and all of the executives behind the call were women. This experience has shown that measurable successes have been recorded in recent years. She says the more women and minorities there are in leadership positions, the better representation within companies reflects their customers. It will enable teams to gain different perspectives on old and emerging challenges.

As for professionalism, it always involves learning. The world of cybersecurity is ever-changing and evolving, and it’s essential to stay on top of the latest technologies. It’s also about learning from experience and from others.

These will create the mindset needed to shape the future of the automotive, cybersecurity and OTA sectors.