Security is one of those topics that everyone agrees is needed, but no one really wants to own. It’s a scary topic that we all hope someone else is addressing. Everyone is aware of the clever hackers out there that are mischievous – possibly even malicious. We just hope that there are also smarter and more committed experts out there that are trying to thwart the efforts of such hackers.
When home PCs became commonplace, we all ran the same operating system and the internet was still fairly new. The idea of viruses and malware was there, but not as prevalent until the internet made its way into more households. As a result, security on PCs was very slow to become a common necessity. As internet usage went from dial-up to broadband, and connection went from temporary to persistent, the opportunity to access these PCs increased and the demand for security increased. Putting firewalls within the home network to restrict unauthorized access, and scanning for viruses became a constant need.
The cell phone industry showed a similar pattern. As people began buying cellphones, the cell phones were all running proprietary operating systems. Getting access to the user information and creating malware was not worth the effort when there were so many variants of operating systems and little connectivity.
As smartphones increased in popularity, and data connection became more prevalent, cell phone manufacturers saw the need to add security and pushed the semiconductor industry to enable embedded security. Embedded processor manufacturers, including TI, began designing devices with firewalls, hardware support for VPN, and authenticated booting to ensure that only intended and authorized software would be run on the devices. Interestingly, once the capability was introduced to the OEMs, the adoption rate was still quite slow. OEMs saw the desire, but were not yet prepared to fully embrace the need – as that also meant a significant investment in core competency and ecosystem.
Once the number of operating systems reduced and the use of open operating systems increased, we began to see a rapid increase in the pull from OEMs to use embedded security. Downloading apps from the web, storage of personal information, and the use of open operating systems made the opportunity lucrative for hackers.
The automotive industry is now where the cellular industry was about ten years ago. They realize that security is imminently needed but are not quite ready to make the level of commitment that is necessary. Now that open operating systems are rapidly being adopted by the auto industry, high speed connectivity of the vehicle to the internet will ramp much faster than smartphone adoption.
Software updates within a vehicle needs to be enabled to accommodate upgrades in technology and changing market demands. So, modification of the embedded software has to be enabled. Such changes to software must be strictly enforced to make sure that only OEM intended software can run.
We will continue to see an increase in software and compute capability within the vehicle. This will create an interesting dichotomy in how to keep the system open, but restricted. The system must be “open” to enable software updates and to allow downloading of authorized aftermarket applications. However, to ensure driver safety, the system must be limited in that “openness”.
There is an immediate need of the automotive industry to adopt comprehensive security within the vehicle. We cannot be as slow to act as the market was for PCs or cellphones. While the automotive industry is certainly well behind other industries in embracing security, the rate of adoption is certain to be much faster. What do you think?