By Chris Clark, Senior Manager – Automotive Software & Security, Synopsys Automotive Group, and Dennis Kengo Oka, Principal Automotive Security Strategist, Software Integrity Group
As with so many aspects of life, the COVID-19 pandemic has had a disruptive impact on the automotive industry. However, unexpected changes often bring opportunities for reinvention and for driving continued innovation in areas that are ripe for enhancement. In the past year, we’ve seen progress on self-driving cars, more ubiquitous vehicle connectivity, and an even better in-vehicle experience as the transition between the smartphone and the car has grown more seamless.
Now, what does the year ahead look like for automotive applications? Here are four key predictions for 2021 on what we could see in the automotive industry.
In November 2020, Walmart became one of the latest retailers to announce a plan to test deliveries via self-driving cars. Its pilot program will use General Motors’ Cruise electric self-driving cars. As advancements continue in autonomous driving, safety requirements will become more pressing and prevalent. ISO 26262 Road vehicles – Functional safety provides an international standard that mandates a functional safety development process from specification through production release for automotive OEMs and suppliers to follow and document. In the near future, there may be more discussion or even an amendment to ISO 26262 to address the interaction of safety and security.
Speaking of security, ISO/SAE 21434 will provide the automotive industry with the first standard to address cybersecurity in vehicles. Building upon SAE J3061, ISO/SAE 21434 provides a cyber security framework for the entire lifecycle of road vehicles, addressing:
With ISO/SAE 21434 comes a more consistent way for automotive suppliers and OEMs to manage security requirements from different vendors, freeing up time and resources to focus on what their customers want versus normalizing risk and data from multiple vendors.
Building upon ISO/SAE 21434 is the UNECE WP.29 Cybersecurity Regulation (UNR 155), the United Nations’ regulation on automotive cybersecurity. By 2023, 775 million consumer vehicles are expected to be connected by telematics or in-vehicle apps, according to Juniper Research. By 2030, cars are expected to have around 300 million lines of software code. Both the growing vehicle connectivity as well as increased software content in cars opens the door for increased risk of cyber attacks. UNR 155 explains what needs to be done in terms of processes to address security threats. It provides examples of threats and mitigations, as well as perspectives from process and governance, IT, and product and operating technology standpoints. There is also a new UN regulation (UNR 156) around software updates that provides guidance for safe and secure software updates and introduces a legal basis for over-the-air (OTA) updates to on-board vehicle software. Both of these regulations enter into force this month in EU markets.
It is also worth mentioning that due to the increased usage of open-source software components in automotive systems, there is a need for automotive organizations to be aware of and manage the included open-source licenses. The recently released ISO/IEC 5230:2020, which provides requirements for establishing an open-source license compliance program, would serve to build trust between organizations exchanging software. ISO 5230 will play an important role for the automotive industry to help manage the supply chain risks from an open-source license compliance point of view.
This, coupled with increasing deployment of 5G networks, will make vehicle-to-everything (V2X) technology more viable in major metropolitan areas. V2X technology offers the promise of safer, more efficient roadways, as vehicles share basic safety information (location, speed, directions, etc.) with each other and with traffic infrastructure. This clearly has benefits for self-driving cars.
General Motors has debuted a production vehicle equipped with V2X technology, the Buick GL8, in China. It’s the first brand to do so in the country. The automaker has also announced that 5G technology will be available on new Cadillac and most Chevrolet and Buick vehicles starting in 2022. In the U.S., as the auto industry works through regulatory challenges over the 5.9 GHz wireless communications spectrum, 2021 may be the year where we see more deployment of V2X technology in test centers. Through testing, automotive OEMs will gain a better idea of what kinds of V2X functionalities are possible and realistic over the next several years.
Additionally, AI and ML will continue to prove beneficial in the vehicle back-end, in terms of data analysis. As volumes of data are collected and processed from potentially millions of vehicles, the information gleaned could provide insights on, say, new cybersecurity threats and attacks. For example, could malware be the cause of a vehicle braking when it shouldn’t?
Today, software is tested and validated before it is released. Looking ahead, we should be able to check software security requirements while the vehicle is already in the field. Thanks to the increased sophistication of AI and ML, the infamous remote Jeep hack should no longer be possible, with vehicles able to perform self-diagnoses as part of an automotive intrusion detection prevention system while they are being driven. This real-time capability should thwart hackers from being able to remotely take control of the car, as white-hat hackers Charlie Miller and Chris Valasek did with the Jeep Cherokee back in 2015. Self-diagnosis capabilities will enable more secure vehicles, as well as a safer ride.
Over the coming year, we should also see increased deployment of predictive diagnoses for detection of early faults and faulty components. Connected vehicles collect data continuously, which enables them to read out patterns and detect issues early, such as low tire pressure, overheating of certain components, or if abnormal commands are being sent out (for example, an infotainment system that directs the car to brake).
While automakers traditionally utilized smaller microcontrollers, they are now consolidating these smaller devices into larger systems, running multiple operating systems and much more software content. As the industry shifts from an electrical/mechanical focus to a more software-oriented focus, OEMs are staffing up on software engineers. In the coming year, we could see even more OEMs and suppliers establishing their own software development centers or acquiring or partnering with other software companies. In addition, carmakers are tapping into methodologies from the IT world, such as agile development and other best practices. Besides the once-common embedded software, they are also increasingly developing new services and solutions based on web apps, mobile apps, and cloud platforms that interact with vehicles.
Based on what might happen in the automotive industry as this year unfolds, we could see a path toward not only increased innovation, but more secure innovation. With the standards that are coming into place, along with smart technologies thanks to AI and ML, automotive engineers will be better positioned to mitigate risks while designing smarter, safer vehicles.
Catch up on our other automotive-related blog posts: