33
June 2015
I
NTERNET
-O
F
-T
HINGS
– S
ECURITY
end up in? Clearly, the so ware development
processes of old, one-to-one testing systemat-
ically, are not feasible, whether you’re talking
about mobile phones or the connected car of
today. e amount of testing that would need
to take place, when taking every operating
system and hardware possibility into consid-
eration, would be virtually impossible.
Telecom managers in the beginning made the
choice to take a huge step forward: providing
their engineers with processes and tools that
addressed security throughout the so ware
development life cycle. is mitigated security
risks up front, well before code was deployed.
Bene ts were not limited to security improve-
ment though; they extended to speedier devel-
opment processes and simpli ed adherence to
industry and government-imposed standards.
is new development era changed everything
– for example, the process from xing security
bugs a er they already caused problems to
nding them before they caused problems in
the rst place. Automotive is at the right junc-
ture now to take a page from the telecom play-
book, to begin standardizing processes and
procedures to ensure more secure code devel-
opment, and hopefully avoiding the BMW
recall scenario – or worse.
In another parallel with telecom, automo-
tive manufacturers are learning now that
they can’t pass all of the responsibility for
security along to the companies that supply
the features and related code in their prod-
uct. In other words, their product is only
as strong as their weakest supplier code. In
both industries, companies are not only sup-
plying products (cars, phones, etc), they’re
now cyber-security managers as well. Seems
easy – just make sure everything on the ver-
sion today of the assembly line (virtual or
not) meets security criteria. But just as with
the evolution of so ware development, this
is also not your grandfather’s manufacturing.
Now, managers at car manufacturers must
adjust quickly to development challenges to
ensure security within everything that makes
up their cars.
ese same managers are also
tasked with quickly adding the latest and
greatest features and consumer-demanded
innovation in order to stay competitive.
All this technological innovation means com-
piling pieces and parts of hardware and so -
ware into functional end products; the more
sophisticated the product, the more lines of
code.
e more lines of code the more room
for security breaches. And with the average
high-end car sporting a whopping 100 mil-
lion lines of code (more, incidentally, than a
ghter jet) the fundamental change in prod-
ucts today vs. products of yesteryear creates
some chaos.
at brings us not only to the
evolution of the assembly line, but how so -
ware development in and of itself has changed.
Once a single developer created code to solve
a problem. Now, so ware developers are like
artists, assembling parts from various sources
and piecing code together to make a func-
tional end product. e parts that become the
product can come from development, from
open source code bases, or from commer-
cially available code. All of it has to be secure,
whether it was written in-house or not, and
how it interacts once it’s pieced together is a
consideration as well.
How can companies protect themselves –
their reputations, their nancial stability, and
their customers?
ey can do it by knowing,
understanding, and taking responsibility for
all of the code that makes up their product –
not just what their own developers have writ-
ten.
e bottom line is that companies need
to open the aperture of what they’re securing,
and they need to do it before they become
the subject of dramatic news headlines. And,
those who are part of the supply chain need to
tighten processes.
Companies like Rogue Wave continue to lead
the curve of so ware development, providing
market-proven solutions, processes and tools
for companies who might not know where to
start to ensure security in their code – and
ultimately the safety of their automotive prod-
ucts. Putting security rst means management
committing to three things: companies have
to educate their developers and provide pol-
icies, processes, and tools that take the guess-
work out of security.
e connected car emphasizes the importance
of getting security under control as soon as
possible. Nowhere is this more evident than
in what’s becoming the automotive industry
endgame: self-driving cars. Self-driving, or
autonomous, cars are the next evolution in
transportation and trials are already under-
way by groups wanting in on the action, from
traditional car manufacturers to organiza-
tions such as Google and Oxford University.
It should come as no surprise that a lot of
features in cars today are essentially test beds
for future self-driving technology, such as
radar-assisted cruise control, adaptive stabil-
ity control and automated parking.
We must get security right, right now, before
more complex systems such as these start
changing the lives of people.
e car of the
future is exciting, and it’s not innovation that
needs to slow down.
e process of getting
products to market simply needs to shi to
compensate for new dynamics. Putting in
place solid, repeatable processes, along with
the right tools and developer education will
surely become a priority for companies across
the automotive supply chain.
n
