Trillium is an American-Japanese software company which specialises in automotive cyber security.
Trillium got its start back in 2014, founded by a group of Japanese and American engineers from telecommunications, automotive and semiconductor industries. Together, they identified the dangers in a world becoming heavily reliant on embedded systems and technology without security built in.
Due to this, the company set out to build cyber security solutions and protect systems. However, despite rising threats, the market wasn’t there; companies were not willing to protect their resources.
Then, around 3 years ago, a company out in Detroit asked Trillium to implement its cyber security technology within vehicles. Ever since that day, the company has been solely focused on protecting the automotive industry.
I speak to Adrian Sossna, Member of the Executive Management Team and Chief of Staff, who explains that “what once seemed like science fiction is actually happening in front of our eyes,” and calls for protection of the connected car.
The Automotive Stone Age
Traditionally, the automotive industry moves rather slow and established companies like to perfect and prolong components for a range of their products. Fundamentally, this is the philosophy behind a long-term relationship between an OEM and its suppliers.
These companies have spent years trying to perfect components which, although a successful business structure in the past, limits automakers when they bring the same philosophy to technology.
“In comparison to other industries, the automotive sector is still in the stone age,” says Sossna.
He then brings up Bosch’s Controller Area Network (CAN bus), which was developed in the 1980s as a robust vehicle bus standard designed to allow microcontrollers and devices to communicate with each other in applications without a host computer.
“The first cars with CAN bus were rolled out in 1987. Today, 75% of communications in cars on the road are still using this technology,” he says. “Nowhere else do we still have this level of insecurity because everything is built around standards – and automakers love their standards.”
To overcome this, there needs to be an overarching agreement within the industry on what is an acceptable standard. This is where cyber security groups come into play, which will bring together new and old players in the mobility industry to solve any challenges and support innovations effectively.
We are seeing a lot of discussion about autonomous vehicles but, in reality, it is a slow moving conservative industry that likes to see things tested and proven before use.
Sossna says that each region around the world differs from one another, with America being a bit more aggressive with its rollout – which has birthed offshoots such as Tesla – while Japanese OEMs tend to wait for the technology to be proven before becoming “quick followers.”
“Auto manufacturers feel that they can’t ask for help from others and try to hide their problems,” says Sossna. “They are hiding these problems in isolated communities such as their own security teams. Due to this, they are not collaborating as much as they should be and not solving the major issues in front of them.”
OEMs are trying to solve their problems with teams of up to 100 people, which is significantly outweighed by the hacking community, which is full of thousands of people sharing exploits and knowledge.
Sossna believes that Europe will be the safest based on what he has seen. “The UK is further along than countries like Germany, as the government is taking cyber security more seriously,” he says. “But you are going to have a situation where different countries will have different cyber systems, which will cause another problem.”
A Balancing Act
Sossna believes that automotive cyber security is the “third wave” of automotive safety. The first wave appeared with seatbelts from Volvo, which became an industry-wide regulation and forced manufacturers to implement the innovation across their vehicle lineups. 20 or 30 years down the line, we saw the second wave, which introduced airbags and further improved safety within vehicles around the world.
“Automotive cyber security that protects the onboard systems is the third wave, but we haven’t seen a lethal hack yet. Cars get hacked all the time, but we haven’t had the large-scale hack with fatal consequences, which means that automakers are pushing these issues away as they believe the problem hasn’t matured yet. This is a serious issue.”
I have to agree with Sossna, as this has been a common problem in the industry – especially in the early stages of autonomous software. Due to this, there needs to be an active awareness from the public in order to force automakers to take action, before something serious happens to a consumer.
With this new era of mobility, automakers will no longer lead the regulations, as more agile and innovative technology companies enter the market. Sossna agrees with this.
“I don’t think it’s going to be possible for the large OEMs to build everything in-house. They will try to do a lot, but they will have to use third parties like Trillium for certain functionalities,” he says.
“I think smaller OEMs are going to use service providers to a much larger degree as they don’t have the bandwidth to build the security teams and ensure that the vehicle is protected for 10-15 years.”
There’s room for both OEMs and tier one-led initiatives, but also for specialist service providers that will help solve these problems. Trillium will continue its fight against hacks and glitches in the era of the connected car. Without a backend to protect these systems, the industry simply cannot move forward without putting customers at risk.