Like many Israelis who work in cybersecurity, Slava Bronfman started his professional career in the Israeli military, serving in the Intelligence Corps of the IDF.
During military service, he also met his friend and the Co-founder of Cybellum, Michael Engstler. Their goal was to automate one of the most interesting and challenging tasks in today’s defensive cyber world, vulnerability detection in connected devices.
On this week’s Mobility Moments, Bronfman, Cybellum’s CEO, tells us about the cyber security threat to OEMs and the company’s ‘Cyber Digital Twins’ technology.
Why is cybersecurity so important for OEMs?
“The modern, connected vehicle is rich with software and personal data, with more code lines than in a fighter jet. Recent high-profile cases of cyber attacks have exposed the vulnerabilities in systems, and analysts stress that attacks are becoming increasingly sophisticated and more frequent. With connectivity comes a growing risk that cyber vulnerabilities introduce through accidental errors, lack of secure-coding practices, or insecure open-source software, and these can get exploited by malicious entities.”
“In fact, for OEMs, cybersecurity is an even bigger concern, especially as manufacturing is declared as one of the top three most targeted industries for cyber attacks. It’s clear that cybersecurity is not just an IT issue – it’s much bigger than that.”
“The cybersecurity threat to the software that runs a modern vehicle and keeps both you and your personal data safe is not static; it’s critical that OEMs keep a finger on the pulse of the latest risks and have the practice and software in place to actively monitor and mitigate these risks as and when they occur.”
What solutions does Cybellum provide?
“Cybellum provides a risk assessment platform, called Cyber Digital Twins, for product security teams that produce connected devices – ones that run on software, are connected to the internet and involve a chain of suppliers in the manufacturing process. For these companies, we provide a platform that helps them to automatically detect, manage and mitigate software vulnerabilities and security gaps.”
“We do that by creating a digital copy of each component, that is an identical replica of the analyzed device with all the factors that are relevant for cyber analysis. We then use static and dynamic assessment through which we are able to detect, analyze and assess the risk to any component or vehicle. Once this is completed we can present a software ‘fix’, to maintain security throughout the vehicle lifecycle.”
“We work very closely with OEMs and Tier-1 suppliers in the automotive industry. We empower these companies to produce secured products by assessing and monitoring for cybersecurity issues and gaps against their security policies and industry regulations early in the product life cycle, from design through development, and all the way to a deployed product – a vehicle on the road. Even after the vehicle has left the assembly line, vehicle manufacturers can use Cybellum to monitor their security posture, identify potential risks and fix them before any harm is done.”
How does the Cyber Digital Twins service work?
“Cybellum has two products – one for the design and development phase of the product, and another for the on-going security operations, monitoring the digital twin of a deployed device or component through its lifespan.”
“The security suite allows the product security teams of the manufacturer to perform a detailed, continuous risk assessment of software vulnerabilities as well as checking for alignment with security standards and regulations. It also provides insights into the composition and context in which automotive software operates. The result is a detailed and on-going risk management for a more secure product.”
“Until now, automotive manufacturers have had very limited visibility into the software that operates within their vehicles. Now, our Cyber Digital Twins platform enables them to ‘look under the hood’, pin-point cyber vulnerabilities and security gaps, and mitigate the risk across every step of the supply chain. This is a revolution in automotive cybersecurity, that helps vehicle manufacturing companies remain compliant and secured, at scale.”
Describe your partnership with Renault-Nissan-Mitsubishi?
“Our work with Renault-Nissan-Mitsubishi alliance is just one example of our close relationship with the leading OEMs around the world, through which we identify their exact needs and align our product roadmap accordingly. With the Renault-Nissan-Mitsubishi innovation lab we are working closely on establishing a vehicle-level risk assessment practice based on the Cybellum platform, taking into account the architecture of the vehicle model and the automated assessment of a vehicle’s complex mesh of software and hardware.”
“To date, most of the risk assessment in the automotive industry is conducted manually on a single component level. This methodology can’t scale and only provides partial information. An entire vehicle is a very complex system composed of over a hundred connected components, with a complex interconnection.”
“In addition to our direct work with the members of the alliance, this innovative work will help the Alliance brands to manage the risk accurately, save time and be competitively prepared for upcoming regulations.”
What are your expansion plans?
“Global expansion is our biggest focus for the near future. We are big believers in thinking globally and acting locally, meaning we are building a global strategy and always thinking about the expansion to additional markets, and achieving this by having a local presence in each market, with the right people and partners.”
“We have recently opened an office in Japan to address the growing demand for cyber risk assessment solutions of the local industry.”
What will urban mobility look like by 2030?
“I believe that there will be a complete transformation in the vehicle ownership model – from ownership of the vehicle to ownership of the drive and all the way to ride-sharing. Demand-response transportation (DRT) where the consumer does not own the vehicle they travel in but decides where it goes and pays for that service, will put the experience and service functionality in the middle rather than the ownership.”
“We will also see a large portion of TNC’s (transportation network companies) becoming autonomous. Self driving robot taxis and driverless vehicles for ride sharing will become the norm as people reduce their dependence on independently owned vehicles. This will also result in more ride-hailing which will enable multiple passengers traveling in the same direction to share the same ride to their respective destination(s).”
“Vehicle electrification will continue to rise over the next decade. This trend has already had great influence on the automotive supply chain as manufacturers need to invest in technology and production facilities to be prepared.”
“Finally, Vehicle-to-everything (V2X) communication between a vehicle and any entity that may affect, or may be affected by, the vehicle such as traffic lights, pedestrians and other vehicles will grow rapidly as smart cities evolve.”