By James Morra, Associate Content Producer
The security schemes built to protect connected cars from hackers will extend from the electronics architecture to the cloud, where programs will cut off attacks before they reach the vehicle. But it is still not clear which form of security could be better equipped to impede threats to the growing number of cars connected to each other and the internet.
It is also not clear which form of security could pay the largest dividends for investors in the emerging market for automotive cybersecurity, which generated less than $100 million in 2017 but will grow to $759 million by 2023, according to research firm IHS Markit.
Upstream, an automotive startup based in Israel that recently raised $9 million in venture funding for its security software, is focused on the cloud. It uses artificial intelligence to provide real-time analytics on connected cars, so that everything from a single vehicle to autonomous driving fleets owned by city governments can be updated remotely to close vulnerabilities.
Yoav Levy, Upstream’s chief executive and one of its founders, said in a statement that “security solutions for the car are undergoing rapid advances at an unprecedented rate. We’re using emerging technologies like A.I. and machine learning to carry out an evolutionary leap in cybersecurity for passenger and commercial vehicles.”
Upstream’s investors, which include the American venture capital firm Charles River Ventures, claim that it has the technological chops to secure the 60 million cars that already connect to data centers to provide services like emergency assistance. It could also exploit the additional 190 million connected cars that research firm Gartner predicts will be built by 2020.
Other companies target the insides of the vehicle. For instance, Check Point Software is working with Continental’s Argus Cyber Security division and Valens Semiconductor to draft security standards that can be planted into the electronic architecture of cars. It is focused on drafting the blueprints for the next generation of vehicles, not existing cars like Upstream.
Karamba, a security startup that raised $12 million in a funding round in May, built software that seals off electronic control units, which contain the millions of lines of code to enable everything from windshield wipers to collision avoidance. The technology verifies that only factory-authorized code is inside the hardware, allowing it to protect itself against threats.
Karamba blocks foreign code that could be trying to hijack the steering wheel, brakes, or other systems. The company also recently released a software library that encrypts messages that pass between electronic control units connected through the CAN bus. That blocks perpetrators that could sneak into other electronic control units after breaking into a single piece of hardware.
Trillium is another security startup targeting the CAN bus, which is extremely difficult to keep secure because of its limited bandwidth. There is little space to squeeze additional data that could act something like a concert wrist band to authenticate messages sent between electronic control units that handle everything from brake systems to the air conditioning.
For Upstream, which was founded in 2017, the argument against relying on security software installed in vehicles is that it cannot react as quickly to new threats as cloud protections. For Karamba, the argument against relying on the cloud is that artificial intelligence is too slow to react to threats that could cause brakes to fail because legitimate code is corrupted.
Upstream – which plans to more than double its 15-person staff over the next year and open a new location in Silicon Valley – provides security by analyzing vast amounts of data generated by vehicles. It could provide car manufacturers with data protection and anomaly detection so that malicious code can be waylaid before it reaches the vehicle.
For now, the company is more focused on monitoring fraud, but it could expand into malware and hacking. Upstream could start selling software to car rental companies, which could monitor if a person violated the rental agreement by using the car for ride-sharing. They could tell by how many times the driver made stops every few miles in a city.