Sandeep Chennakeshu, president of BlackBerry Technology Solutions, speaking Tuesday at the Automotive News World Congress, urged auto companies to adopt what he called seven “pillars” to success in cybersecurity, among them securing the supply chain and being able to patch infected software securely over the air.
Automakers and suppliers must make enhancing cybersecurity a key focus of their cultures if the connected, autonomous vehicles of the future are to be safe.
“Security is one of those things that’s a cat-and-mouse game,” he said. “If you build a robust system and somebody learns how to break into it, you build a more robust system, and so on.”
Chennakeshu’s remarks came as BlackBerry rolls out its Jarvis cybersecurity software, which it unveiled Monday at the Detroit auto show. Jarvis, which can pinpoint vulnerabilities in software programs used in vehicles by scanning thousands of lines of code in several minutes, has been tested by Jaguar Land Rover.
BlackBerry is offering the technology to automakers on a pay-as-you-go basis. By using Jarvis, automakers can check their software against known vulnerabilities criminal hackers can exploit, as well as standards set by various regulators.
“The whole thing is like a health check,” Chennakeshu said. “It’s like if the doctor takes blood from you and sends it to a lab, they can tell you if your cholesterol is high or you have high triglycerides.”
Chennakeshu said the complexity of connected and autonomous vehicle software potentially leaves them vulnerable to criminal and terrorist activity. One flaw in a vehicle’s code can cause an attack to go viral as the infected software communicates to other systems within the vehicle and to other vehicles and infrastructure.
Among other suggestions, he recommended automakers and suppliers make the development of a “rapid incident response network” a priority. Such a network would allow for a swift correction of an infected file and make sure information is shared quickly throughout the industry.
“Security is not one of these things that can be applied as a Band-Aid,” Chennakeshu said. “It has to be dealt with at the root, and one has to think holistically about this and really work in every element to make it increasingly robust.”