Skip to main content
Sister Publication Links
  • Automotive News
  • Automobilwoche
  • Automotive News Canada
  • Automotive News Mexico
  • Automotive News China
Subscribe
  • Subscribe
  • Newsletters
  • Login
  • HOME
    • Latest news
    • Automakers
    • Suppliers
    • Car Cutaways
    • Environment/Emissions
    • Sales By Market
    • Sales and Retail
    • Latest Launches
    • On The Move
    • After BMW driver death, Takata recalls 1.4 million more airbags
      UK cave explorer felt 'humiliated' by Musk's 'pedo guy' tweet
      FiatItaly-MAIN.jpg
      FCA disputes claims it undervalued Chrysler by $5.6B
      BMW badges 3 web.jpg
      BMW sues air conditioning suppliers over price fixing
    • 1STRIKERS-MAIN_i.jpg
      Automakers are cutting 80,000 jobs globally as EV shift upends industry
      U.S. has not ruled out tariffs on imported cars, commerce chief says
      Germany's auto industry jobs boom comes to a halt
      Germany's VDA auto lobby will pick former utility manager Mueller as president, report says
    • BMW badges 3 web.jpg
      BMW sues air conditioning suppliers over price fixing
      Bosch logo.jpg
      Bosch will develop fuel cell batteries in China
      Suppliers to the new Lamborghini Urus
      Yazaki expands from wire harnesses into EV products
    • Suppliers to the new Lamborghini Urus
      Suppliers to the new BMW X2
      Suppliers to the Dacia Duster
      Suppliers to the new Audi A8
    • Italy sales rise 2% in November on self registrations
      Russia will support car sales with $78M loan subsidies, reports say
      European sales rise 9% in October, driven by WLTP rebound
      Italy sales rise 7% in October in WLTP rebound
    • Italy sales rise 2% in November on self registrations
      McLaren looks to Asia, hybrids as it moves toward potential public offering
      China raises 2025 electrified-car sales target to 25%
      Spanish sales rise 2% in November on jump in self-registrations
    • Porsche promotes Taycan's Tesla-topping recharge speed
      Kia bullish on newest member of Ceed range
      Polestar 1 sets standard for 2-year-old brand
      Opel looks to fix rough EV past with Corsa-e
    • Sato
      Chief engineer appointed to lead Lexus
      German auto lobby picks utilities expert as new head
      Redesigned Land Rovoer Discovery Sport at Guangzhou aut show.jpg
      Jaguar Land Rover names new China sales chief
      Audi shakes up leadership ahead of new CEO's arrival
  • Auto Shows
    • Geneva Auto Show
    • Frankfurt Auto Show
    • Paris Auto Show
    • Beijing Auto Show
    • Shanghai Auto Show
    • Rimac readies 1,914-hp EV hypercar for Geneva debut
      Tesla Model S gets wagon makeover
      Lamborghini Aventador replacement will be a hybrid
      Bentley to move next Flying Spur further upmarket to fight high-end Mercedes models
    • Frankfurt show's visitor plunge could mean its end
      Frankfurt's no-shows, darkened halls signal an industry in flux
      German industry faces an image crisis amid falling sales
      Frankfurt hits and misses
    • Lamborghini concept hints at move to less extreme looks
      Vietnam's first automaker now has names for first sedan, SUV
      view gallery
      8 photos
      VinFast Lux SA2.0 SUV
      view gallery
      8 photos
      VinFast Lux A2.0 sedan
    • VW will launch SOL EV brand in China with subcompact crossover
      view gallery
      9 photos
      BMW Concept iX3
      view gallery
      9 photos
      BMW will export iX3 electric SUV to Europe, U.S. from China
      view gallery
      9 photos
      BMW's iX3 concept heralds electric expansion
    • Pininfarina to expand China team despite market downturn
      Return of the bench seat? Concept EVs show space big enough for sofas
      Lexus plans its first EV for Europe, China push
      Chinese automaker will shun dealers in Europe, U.S. markets
  • Opinion
    • Blogs
    • Commentary
    • Guest columnists
    • Alfa Romeo could be Tavares' toughest turnaround
      Formula E races to keep pace with EV technology
      Why Bosch bet big on breakeven chips
      GAC FCA's Changsha plant.jpg
      PSA, FCA must confront excess China capacity under merger
  • Photos
    • Photo Galleries
    • Geneva Photo Gallery
    • Beijing Photo Gallery
    • Frankfurt Photo Gallery
    • Paris Photo Gallery
    • Shanghai Photo Gallery
    • view gallery
      11 photos
      Renault Captur
      view gallery
      5 photos
      Mercedes-Benz AMG GLB 53
      view gallery
      10 photos
      Mercedes-AMG GLE 53 Coupe
      view gallery
      14 photos
      Mercedes-Benz GLE Coupe
    • view gallery
      8 photos
      VinFast Lux SA2.0 SUV
      view gallery
      8 photos
      VinFast Lux A2.0 sedan
      view gallery
      7 photos
      Toyota Corolla station wagon
      view gallery
      9 photos
      Seat Tarraco
    • view gallery
      4 photos
      Nio ET Preview
      view gallery
      7 photos
      Infiniti Qs Inspiration concept
      view gallery
      5 photos
      BMW 3-series LWB
      view gallery
      9 photos
      Mini Clubman
  • Maps
    • E-Car & Component Map of Europe
    • Powertrain Map of Europe
    • Assembly Plant Map of Europe
  • Supplements
    • Connected Car
    • Talk From The Top
    • BMW 100
    • Car Cutaways
  • EVENTS
    • Automotive News Europe Congress
    • Rising Stars
    • Eurostars
    • Leading Women
    • Meet the winners
  • E-MAGAZINE
    • Read the latest issue
    • Download the app
    • Digital Archives
    • Subscribe
  • More
    • Social Media
    • E-Magazine
    • Contact Us
    • 2019 Media Kit
    • About Us
    • Facebook
    • Instagram
    • LinkedIn
    • Twitter
MENU
Breadcrumb
  1. Home
  2. Suppliers
September 26, 2019 05:54 AM

How supplier Harman learned to fight cyberattacks

TINA BELLON
Reuters
  • Tweet
  • Share
  • Share
  • Email
  • More
    Print
    RTS2M81O.jpg
    REUTERS

    An attendee at the car hacking village during the 2019 DEF CON convention in Las Vegas earlier this year. 

    LAS VEGAS -- When researchers remotely hacked a Jeep Cherokee in 2015, slowing it to a crawl in the middle of a U.S. highway, the portal the hackers used was an infotainment system made by supplier Harman International.

    Harman, now part of Samsung Electronics, has since developed its own cybersecurity product, and bought Israel-based cybersecurity company TowerSec for $70 million to help it overhaul manufacturing processes and scrutinize third-party supplier software.

    The expensive efforts have prevented another public breach and helped it become a key player in automotive cybersecurity, but they show the strain suppliers and automakers face in dealing with this new dimension of automotive technology.

    "At the end of the day, automotive is a very competitive business with small margins. If a competitor wants to eat the cost to win the business, you have to do the same thing," said Geoffrey Wood, Harman's director of cybersecurity business development, who joined the company in late 2016.

    The automotive cybersecurity market has seen exponential growth. While global revenue was at around $16 million in 2017, it is expected to reach $2.3 billion in 2025, according to IHS Markit, driven by Harman, Garrett Motion, German suppliers Continental, Robert Bosch and a range of smaller U.S. and Israeli companies.

    Securing cars from hackers is a complex task for these companies. Modern vehicles run on 100 million lines of code, are equipped with hundreds of different technologies and can have up to 150 electronic control units using various operating systems.

    Unlike consumer electronics, cars can stay in use for decades, long after operating systems and component software cease being supported through updates that patch vulnerabilities -- a challenge the industry is still grappling with.

    Automotive cybersecurity requirements now number in the hundreds of pages from just a page five years ago, according to interviews with a dozen automotive cybersecurity professionals.

    For its 2024 vehicles under development at BMW Group, for example, suppliers are required to ensure that driving system control units have no direct connection to customers' internet-connected devices, said Michael Gruffke, head of security system functions at BMW, which sources parts from Harman.

    Small auto suppliers with thin profit margins are often the weakest link for hacks, said Rotem Bar, a cybersecurity professional until recently at Israeli company CyMotive which has partnered with German automaker Volkswagen Group.

    But automakers typically still hand off testing and ensuring the security of data systems to their subcontractors, industry experts said.

    "It's really shifting the burden onto the suppliers because the automaker is not able to test and verify everything along the supply chain," said Dennis Kengo Oka, senior solutions architect at Synopsys Inc., who conducts research on automotive cybersecurity.

    At BMW, more than 70 percent of the components in its vehicles are manufactured by suppliers. "We therefore must expect our partners to take responsibility for implementing cybersecurity in respective deliveries," the automaker said in a statement.

    General Motors said in a statement that it handles "a significant amount of work" related to security and testing without passing the expense to its supply chain partners.

    Ford Motor Co. and Fiat Chrysler Automobiles did not respond to requests for comment. Volkswagen and Daimler AG declined to comment.

    Building cybersecurity business

    Harman saw its Jeep hack experience as a viable business opportunity: the supplier today sells cybersecurity software that allows automakers to monitor their fleets and provide over-the-air software updates. Analysts at IHS Markit consider Harman one of the top players in that segment, with some 20 automakers using its over-the-air services.

    Harman does not break out revenue for that business. But the company does try to recover some costs by charging higher prices for advanced security.

    "We have to educate our sales people in conversations with carmakers' purchasing departments and say 'don't let this go without adding cybersecurity to your quote'," said Amy Chu, Harman's senior director of automotive product security.

    Asaf Atzmon, the Israel-based vice president and general manager for automotive cybersecurity, said Harman has come a long way since he joined in March 2016 as part of the TowerSec deal.

    At the time, Harman employed only some security architects, and the company later changed its organizational structure, appointing or hiring professionals such as Wood and Chu to oversee cybersecurity efforts, Atzmon said.

    The changes helped Harman consider cybersecurity issues at every stage of the production process, creating a checklist for engineers that includes scanning third-party software for bugs, increasing Harman's own cybersecurity defenses and creating a risk analysis of potential vulnerabilities for every component.

    Instead of simply adding comfort features such as Bluetooth, for example, designers now first have to show how they would secure such a connection.

    A particular challenge is securing vehicles over their entire lifecycle, said Chu. Cybersecurity professionals are used to simply issuing software patches, but automotive engineers caution that only a fraction of vehicles can receive over-the-air updates.

    During the Jeep hack, costly recalls had to be issued for 1.4 million vehicles to fix software flaws at dealerships. Tesla Inc, which offers over-the-air updates as a standard for even safety-critical functions, is so far the exception.

    "Things are just not that easy for us in the auto industry," said Chu.

    Conscious of the many challenges, the industry over the past years has come together in a rare show of collaboration. Automakers in 2015, soon after the Jeep hack, created a group to share threats and vulnerabilities and companies currently try to define industry-wide cybersecurity standards that in turn could lower costs to suppliers.

    Still, common standards are not expected to be published before next year. And some of the standards might be watered down to protect smaller suppliers and ensure they have the resources to comply, said Victor Murray, a group leader at the Southwest Research Institute, which tests cars and components for cybersecurity vulnerabilities.

    "You want to be careful and not box anybody in because if smaller suppliers get overwhelmed with mandates they're out of business," Murray said.

    Monthly E-Magazine
    View latest issue
    See our archive
    Sign up for free newsletters
    EMAIL ADDRESS

    Please enter a valid email address.

    Please enter your email address.

    Please select at least one newsletter to subscribe.

    You can unsubscribe at any time through links in these emails. For more information, see our Privacy Policy.

    Get Free Newsletters

    Sign up and get the best of Automotive News Europe delivered straight to your email inbox, free of charge. Choose your news – we will deliver.

    You can unsubscribe at any time through links in these emails. For more information, see our Privacy Policy.

    Automotive News Europe Monthly E-Magazine

    Sign up to receive your free link to each monthly issue of Automotive News Europe as soon as it's published.

    GET THE E-MAGAZINE
    Connect with Us
    • Twitter
    • Facebook
    • LinkedIn
    • Instagram

    Founded in 1996, Automotive News Europe is the preferred information source for decision-makers and opinion leaders operating in Europe.

    Contact Us

    1155 Gratiot Avenue
    Detroit MI  48207-2997
    Tel: +1 877-812-1584

    Email Us

    ISSN 2643-6590 (print)
    ISSN 2643-6604 (online)

     

    Resources
    • About us
    • Contact Us
    • 2019 Media Kit
    • Advertise with Us
    • Ad Choices Ad Choices
    • Sitemap
    Awards
    • Rising Stars
    • Eurostars
    • Leading Women
    Legal
    • Terms and Conditions
    • Privacy Policy
    Automotive News Europe
    Copyright © 1996-2019. Crain Communications, Inc. All Rights Reserved.
    • HOME
      • Latest news
      • Automakers
      • Suppliers
      • Car Cutaways
      • Environment/Emissions
      • Sales By Market
      • Sales and Retail
      • Latest Launches
      • On The Move
    • Auto Shows
      • Geneva Auto Show
      • Frankfurt Auto Show
      • Paris Auto Show
      • Beijing Auto Show
      • Shanghai Auto Show
    • Opinion
      • Blogs
      • Commentary
      • Guest columnists
    • Photos
      • Photo Galleries
      • Geneva Photo Gallery
      • Beijing Photo Gallery
      • Frankfurt Photo Gallery
      • Paris Photo Gallery
      • Shanghai Photo Gallery
    • Maps
      • E-Car & Component Map of Europe
      • Powertrain Map of Europe
      • Assembly Plant Map of Europe
    • Supplements
      • Connected Car
      • Talk From The Top
      • BMW 100
      • Car Cutaways
    • EVENTS
      • Automotive News Europe Congress
      • Rising Stars
        • Meet the winners
      • Eurostars
      • Leading Women
    • E-MAGAZINE
      • Read the latest issue
      • Download the app
      • Digital Archives
      • Subscribe
    • More
      • Social Media
        • Facebook
        • Instagram
        • LinkedIn
        • Twitter
      • E-Magazine
      • Contact Us
      • 2019 Media Kit
      • About Us