A Vision for Safety 2.0: Automotive Cybersecurity

Autonomous vehicles are here today, and unbeknownst to many, they are already on public roads, test driving next to unsuspecting traffic – this is done before proper legislation to protect innocent bystanders is put into place.

This reality is one that causes great concern among the few who are aware of it. There is almost no regulation at a local level, and the technology is still very much in the development phase. Even worse, much of the development is conducted on public roads, right alongside human drivers. What will prevent an experiment from turning into an accident, potentially taking lives in the process?

Luckily, you will not have to fear for the safety of public roads much longer. On Tuesday, September 12th, the US National Highway Traffic Safety Administration (NHTSA) administered their updated guidelines on development of Autonomous Drive Systems (ADS). This document helps local governments develop their own regulations, as well as providing businesses developing ADS a clear message of what will and will not be tolerated.

It is no surprise that vehicle cybersecurity is listed as one of the 12 essential safety design elements. Without cybersecurity, a vehicle becomes a hacker’s plaything – allowing them to take complete control of the car, including steering, braking, and acceleration. The possibilities for malicious abuse of autonomous cars are endless, ranging from extortion to remote cyber terrorism. The NHTSA stresses the importance of cybersecurity, stating that entities developing ADS “should insist that their suppliers build into their equipment robust cybersecurity features. Entities should also address cybersecurity, but they should not wait to receive equipment from a supplier before doing so.” The message is clear and urgent; implement cybersecurity at every level, and do it quickly.

Trillium agrees, and we are ready to help suppliers, developers, and OEMs implement these guidelines today. Trillium has partnered with the world’s largest automotive IC vendor, NXP, to provide support for Trillium’s SecureCAR platform on NXP’s next-generation S32K automotive microcontrollers (MCU). Our modular, multilayered approach also allows for developers of ADS technology to add cybersecurity directly onto their existing hardware today – without requiring costly changes to their underlying systems.

It is essential that the industry adopts these guidelines quickly and immediately, especially as autonomous vehicles are deployed on an increasingly larger scale. As connectivity and reliance on machine learning increase, so will the damage hackers can cause. Autonomous cars are set to shift the entire transportation landscape, with companies rolling out entire fleets within the next ten years. One rogue autonomous car is a hazard, an army of hacker-controlled vehicles is an avoidable, unnatural disaster.

Trillium in the Media: Response.jp interview with Yukihiro Yamamoto

Click the link below to read an interview with Yukihiro Yamamoto, Senior Director of Business Development & Operations at Trillium Japan about our take on Automotive Cyber Security! (Japanese language only)

https://response.jp/article/2017/08/17/298656.html

Ahead of the Curve: UK Government to Pioneer Automotive Cybersecurity Legislation

Throughout history, governments have played a huge part in the development of technologies and their uses, often stepping in to ensure quality of use, safety, and standardization of industry best practices.

Whenever technology impacts society on a large scale, the potential negative consequences need to be considered alongside the benefits, and when it comes to connected cars, the biggest of these threats is undoubtedly cyber terrorism. With the age of self-driving cars and smart cities just over the horizon, government legislation is transforming our connected future from mere theory into reality.

Earlier in August, the United Kingdom published their “Principles of cyber security for connected and automated vehicles,” a set of guidelines detailing the necessities of connected and automated vehicles in the future. Such direct legislation is clear indication of the seriousness of the matter of automotive cyber security. What has long been simply the work of fiction and research is quickly become a potential threat to the connected car landscape, and having governments recognize it as such is the first step in creating a safer IoT driven world. Without such official recognition, the gravity of this threat is likely to be lost on the public until it is too late – that is, when an automotive cyber-terrorist attack has already taken place.

Of the many detailed guidelines laid out in the list of principles, two key points must be given special attention:

  1. Principle 3.1
    1. Organizations plan for how to maintain security over the lifetime of their systems, including any necessary after-sales support services.
  2. Principle 5.1
    1. The security of the system does not rely on single points of failure, security by obscuration or anything which cannot be readily changed, should it be compromised.

The first of these principles presents a clear message – for any system to be fully secure, it must be maintainable for the duration of its lifetime. Patching of exposed exploits and/or other threats is a necessity, as cyber security is an ever-evolving field in which a static defense system has no place. This same sentiment is echoed in Trillium’s philosophy, as part of our multi-layered SecureIOT platform is our SecureOTA and SecureSKYE systems, that enable an over-the-air update system designed from the ground up expressly for use in an automotive environment.

The second principle quoted is just as, if not more important than the first. The emphasis in this message is that no system is safe if its defense is concentrated on a single point of failure – multiple layers of security are necessary. In accepting the reality that no single security system alone is impregnable, the only solution therefore is to provide multiple systems under a single ecosystem. This message is the core of Trillium’s philosophy, the conviction that security done right has not one layer of protection, but multiple layers.

The United Kingdom’s foresight to develop such legislation pre-emptively is an example to be followed, and we hope to see more countries follow suit as this issue reaches more of the public.

Trillium Inc named to Gartner’s Cool Vendors in Security for Technology and Service Providers, 2017

TOKYO, June 23, 2017 – (ACN Newswire) – Trillium Inc, a leading provider of IoT automotive cyber security solutions, has announced it was named as one of Gartner’s “Cool Vendors in Security for Technology and Service Providers, 2017”, a report by Ruggero Contu, Lawrence Pingree, Deborah Kish and Dale Gardner of Gartner Inc (Published: 4 May, 2017).

“It is a unique honour to be named a Gartner Cool Vendor 2017,” said David Uze, President and CEO of Trillium Inc. “As a designer and provider of multilayer, adaptive and custom Cyber-security systems, we are on a mission to solve the biggest threat facing society due to the roll out of autonomous driving vehicles: car hacking.”

Gartner’s Cool Vendor Reports aim to identify companies with the potential to bring about paradigm shifts that stand out because they offer some disruptive capability or opportunity. Trillium Inc was named a Cool Vendor 2017 because, as the report says, it is “pioneering new directions and potential opportunities in the security market.”

The information provided in the report is of value to all technology and service providers looking to partner with providers of innovative security solutions.

Gartner does not endorse any vendor, product or service depicted in its research publications, and does not advise technology users to select only those vendors with the highest ratings or other designation. Gartner research publications consist of the opinions of Gartner’s research organization and should not be construed as statements of fact. Gartner disclaims all warranties, expressed or implied, with respect to this research, including any warranties of merchantability or fitness for a particular purpose.

Trillium Inc is a designer and provider of custom, multilayer adaptive Cyber-systems, specialising in vehicular and transportation applications for the vehicles of today and tomorrow. Founded in 2014, Trillium is led by a team of executives and engineers from Japan, Europe and the U.S. with extensive experience in automotive, cyber security, embedded systems and IoT.

Trillium’s products and services deploy a software-based suite of cybersecurity tools to protect automobiles and IoT connected devices from cyber-attack, around the globe. Trillium is backed by lead investor Global Brain, a Tokyo-based venture capitalist. To learn more, please visit www.trillium.co.jp.

For questions and to arrange executive interviews, contact pr@trillium.co.jp

Least Priority = Most Damage, The Flaw of Underestimating IoT Cyber Security

“While traditional cybersecurity has grabbed the nation’s attention, IoT security has been somewhat under the radar, even for some companies that have a lot to lose through a breach”

These are the words of Stefan Bewley, the Director of strategy consulting firm Altman Vilandrie and Company. The unfortunate truth behind the IoT solutions boom is that not enough companies are taking securing it seriously enough.

The International Business Times published an article Sunday addressing this perilous lack of focus when it comes to the security of the increasingly convenient Internet of Things in the industry sector. Despite the fact that industrial IoT integration is only expected to increase in the coming years, companies are still failing to take precautions against the damage that a cyber breach can cause. What many companies are failing to realize, is that as they continue to develop internet-enabled technologies to further the efficiency of their businesses, the amount of destruction a malicious cyber breach can cause increases in tandem.

Roughly 68 percent of companies recognize that IoT security is a distinct category of security.  However they fall short when it comes to actually allocating resources to properly deal with it, because only 43 percent have independent budgets for it. This negligence has proven disastrous for some businesses, with damages caused by cyber breaches ranging from almost $5 million in smaller firms to nearly $2 billion in larger ones. On a global scale, the stakes of the IoT game are not being taken seriously enough, a thought pattern that is wholly unwise and surely unsustainable in the long term.

Without a holistic approach to security, no IoT can ever truly be secure. Every smart watch, wireless heart monitor and WiFi camera connected to a network becomes a potential entry point for an attacker. The intellectual awakening that the businesses of today need to undergo is, unfortunately, still far-off. Without companies like Trillium are dedicated to spreading awareness ofthe need for security in any IoT setting, be it business or personal, IoT development is just a figurative time bomb that grows larger every year. Until the world moves on from traditional IT security and embraces the coming IoT revolution, we may as well be trying to lock a gate with a safety pin.

Threats Lurking Beneath the Surface: The Rise of Cryptocurrency Snakes

With the world’s focus on the recent aggressive cyber-attack endemic, a subtler, yet equally terrifying threat has begun to emerge. WannaCry represented the brutal, blow-like impact a cyber-attack can have, directly assaulting the lives and livelihoods of people across the globe. This attack is drawing mass media attention, as it affects thousands of people worldwide, and prioritizes making itself known, forcing the afflicted user to either pay a ransom or settle for having their devices locked. What has failed to receive its due attention, however, is the snake known as Adylkuzz.

In contrast to WannaCry’s brash, up-front demand of a ransom in exchange for unlocking a system, Adylkuzz is a background cryptocurrency miner. It infects a device and uses it to mine Monero, a cryptocurrency similar to Bitcoin. This process is very computationally intensive, and as such results in loss of performance for both the devices and the servers they are connected to. These symptoms can often be attributed to simple problems, such as high internet traffic. The problem therein lies in that this kind of attack can continue indefinitely, without the user being explicitly aware that an issue exists. The average user could be a host for Adylkuzz for weeks and not even notice the drop in performance.

WannaCry is to a tornado as Adylkuzz is to a poisoned water supply. While the former openly draws the attention of those that it devastates, the latter allows the victims to proceed with their everyday routines with little to no idea that a problem exists in the first place. In fact, an article by proofpoint claims that Adylkuzz has been in play even longer than WannaCry, having begun shortly after the EternalBlue exploit was leaked.

“…it should be noted that the Adylkuzz campaign significantly predates the WannaCry attack, beginning at least on May 2 and possibly as early as April 24.” (proofpoint, May 15th 2017)

This threat, while on the same scale as WannaCry has received little media attention despite being present since early May. While the fear of open attacks keeps the public occupied, this kind of subtle attack has the chance to make its way into our systems.

The cybersecurity community needs to work hard to ensure that our networks and devices are secured, as when it relates to cyber-attacks, the absence of evidence is not the evidence of absence. Strong, flexible, and easily updateable security solutions like those developed at Trillium are a necessity not only to protect users from the threats they can see, but also the ones they can’t. The importance of swift preemptive action cannot be denied, as indeed an ounce of prevention is worth a pound of cure.

Autonomous-Drive Enabled Cities On The Rise – Cyber Security the enabling factor

With technology already at the point capable of enabling autonomous drive, the age of self-driving cars are now awaiting for the infrastructure to make it a reality. Some cities around the globe have already started to allow open-road testing of self-driving vehicles.

A recent piece from Motherboard explains the significant changes coming to the industry, that will evolve the current system.

The age of self-driving cars is indeed around the corner and with it, traditional businesses based off of human error, which will no longer be, will be faced with a significant model shift. “Self-driving vehicles have the potential to significantly disrupt the traditional auto insurance industry.” (PricewaterhouseCoopers, 2013).

The single biggest hurdle to overcome, to make this human error free, safer transportation landscape real  is undoubtably the deployment and development of cyber security to protect the systems that make it all possible.

This is the contribution that Trillium will play – to protect the infrastructure through an adaptive automotive cybersecurity subscription solution that will enable the security needed for autonomous drive solutions.  Paving the way for the the next generation of insurance policies.

Read the full story here

 

 

 

Trillium presenting our solutions and technology at the 16th NEDO pitch event!

The event was held at the New Energy and Industrial Technology Development Organization (NEDO) Kawasaki headquarters on April 25th. Thank you to all those that came to listen, we are currently working to follow up on all the opportunities and connections made.

Picture1Picture2

Trillium at The SAE World Congress, in Detroit, April 4th-6th

Trillium CEO and President, David M. Uze Presented Trillium’s Latest Solutions and Technology at The Learning Lab During The SAE WC 2017. As a Finalist of The GAMIC 2017 Competition We Want to Thank Both The MI Innovation Alliance and The SAE For Hosting Us as Well as All Customers We Met During The Days of The Congress

SAEWC17pitch

SAEWC17

Trillium at IQPC Automotive Cybersecurity Conference in Frankfurt Germany

From the 27-30th March. Trillium participated in the second annual IQPC Cybersecurity conference in Frankfurt Germany.

Across the conference days new approaches and methodologies to automotive cyber security were presented. Trillium president and CEO David M. Uze was one of the keynote speakers, discussing our layered approach to cyber security.

Between lectures and work shops Trillium demonstrated the SecureCAR platform and BrainBOX to attendees with great success.

Thank you to all that came to see us – We are currently working to follow up with new customers and partners.Picture1