Why software-defined cars need 'better cybersecurity than a bank'

WirelessCar CEO Martin Rosell sees a bright future for software-defined vehicles, but he says they will need “better cybersecurity than a bank.” The digital service developer, which works with automakers such as Volkswagen Group, Volvo Cars, Jaguar Land Rover and Subaru, aims to help provide that kind of peace of mind. Rosell also outlines how automakers can monetize services in connected cars by making them more personalized in an interview with Automotive News Europe Correspondent Nathan Eddy.

Why does security need to be a focal point for the connected car, and how will we see the approach to connected car security change over the next few years?

We have seen it change dramatically over the last four or five years. If you can hack connected car systems, you basically get access to the car, and with more automated functions and software driven functions like braking and steering, that is something we need to protect. It needs to have better cybersecurity than a bank. If you can manipulate a fleet of cars, that’s bad. That’s one side. The other side is the personal data that is available: Where you are driving? Why are you going there? That is information that shouldn’t fall into the wrong hands. We are working hard on this from all angles. From ISO standards to NIST controls on top of that, A-SPICE (Software Process Improvement and Capability Determination), providing documentation. If you put together all these requirements, which you must fulfill, this is more security than a bank. Having said that, nothing is unbreakable. We know there are forces on the other side trying to unlock our work. It’s a constant challenge with no end in sight. Therefore, we need to be extremely proactive addressing the cybersecurity issues going forward.

How do you guarantee data privacy and how do you get consumers to “opt-in” to sharing that data?

Everyone is trying to solve that. If you look at what you give away on your phone by consent, you basically give up your life. If you really want that data, you give that consent, but it’s not really building confidence. Automakers are in a much better position to build that relationship, but they need to prove it, and turn that data into good services that customers really want. To do that, customers will need to give up a little bit of privacy, but most of the data needed is not so personalized. However, to build more individualized services, then you will need more private data, and the key is to manage that process by providing the customer with very specific information about what they get if they give up that data. This needs to be worked out much better, and that constant management needs to be a top priority for automakers going into this next phase.

How can automakers monetize the data they accrue from connected vehicles, and why is it important?

We talk about data being the gold, and if you pick the right data, it’s gold. If you want a true connected insurance service, for example, you need accurate data extremely frequently, and things like that need to be designed from the beginning. The car itself is becoming more software defined. It’s in the early stage, but electric vehicles are driving this change, as they require a lot more software from the start. With electrification, the hardware specs become much less complicated and are replaced with software  -- that’s a huge opportunity. The value behind the connected car is to harness the data and provide services customers and partners can benefit from. When you go to the software-defined car, you have a more flexible setup, which means you can change the car in a completely different way. This lets you easily shift to a higher frequency for sending a certain set of data, or getting a new service running in the car. We’ve seen Tesla do this repeatedly. That’s key. The car being more software driven means the car’s life cycle is much more manageable. That provides a fantastic opportunity to further develop concepts like shared mobility solutions, which are uniquely different from the owner or driver experience.

How will changing trends in car ownership and the rise of mobility as a service and ride-sharing impact the ways vehicles need to be connected and what services they offer?

We as consumers expect things to be simple, to add value and to be useful. If we live in a dense city, we will have different requirements than someone out in the countryside. The basis for the services we talked about, like shared mobility, is there is a fleet behind it, and someone will have to manage that fleet. The question is whether it will it be the automakers themselves. The physical assets themselves -- the vehicles -- are not used to a large extent. Can we change that? How should we change that? Building up the car-sharing industry could be one way forward. But we need to see it, because it’s a big change for the industry if you turn it into a service model. We will also be managing the life cycle of the fleet in a different way. You are selling a service to several users, which has a lot of life cycle management requirements. From the perspective of the automaker, you don’t just sell them the car, you’re selling them the services. Automakers are starting to do this quite well.  Volvo is a good example. You get a login as soon as you buy the car. They tell you when it’s being painted, how many weeks left to delivery, and so on. They use that connectivity before it’s even built and continue that experience and build that relationship -- that’s how you use connectivity. Then we get into all the data of this ecosystem in the future. The automakers don’t have that customer experience built up and it will take some time.

How do you see relationships between automakers and companies like WirelessCar evolving?

This is the balancing act. Six or seven years ago, we walked into the automakers and we sold them the whole back end, because they didn’t know how to build it. We did this for 20 customers, and we gained a lot of knowledge how to do it. They must take a bigger stake in the software-defined vehicle now, because this is the core of the whole digital transformation. On the one hand, I am welcoming the automakers to take more ownership, but on the other hand, it’s hard to watch them doing it the wrong way. We need to compliment them and shore them up in the places where the things are hard to do, and the people with that knowledge are a scarce resource on the market today. Our strategy is to embrace new methodologies and technologies and implement them in an agile way of working. That’s the winning strategy, but no one can do it all by themselves.

What do you think will be among the next wave of digital services for connected cars? Where are automakers innovating, and where are consumer preferences headed?

When it comes to services, automakers need to make it easy. It’s a mess to set up connected car services today. We need to simplify the provisioning process so when you hand over the car to the customer it is sorted and you’re ready to go. There’s also the risk of adding too many services. You must understand consumers and give them what they want, which is a more personalized experience. That’s the next step. But consumers don’t know everything they may have, so you have to educate them, and then make a very attractive interface. You need to deliver quality and uptime and privacy and be very open about what you’re doing and not doing. These are all basics, but nobody is 100 percent there yet.

Is there anything you would like to see in the future?

We really should start educating the masses on merits of car sharing. One way to do this is to offer a standard functionality that allows you to share your car with friends and family. Pick five people to share the car with and give away the e-key. That will take us to the next step of shared services by putting this on a broader scale. And this it is not dependent on setting up a massive car-sharing company in all cities. The key to the digital services game is: Make it simple and get going.

Is the cloud the key to the connected car of the future?

I don’t think the cloud is the key to the future of the connected car, but it is a damn good technology. The use of modern Internet of Things technology based in the cloud is an extreme advantage for us because we can scale in a completely different manner than before. We can control and monitor the services in a completely new way and manage non-functional requirements such as cybersecurity. Those are just a few of the reasons why the cloud is so important. Then you factor in globalization. We are delivering services in more than 100 countries around the world, and our customers want their cars to be connected wherever they are sold.