[FQAs] Cybersecurity Strategies for Tiers (Emerging-OEMs oriented)
FESCARO's [Security Counseling Center] offers three programs : 1. Regular Counseling : Published as a blog and newsletter dealing with actually received concerns 2. Real-time Q&A : Real-time talks based on Q&A with expert panels of FESCARO 3. Customized Consulting : Customized solution optimized for organizational situationToday, let's talk about the [Real-time Q&A].The very fisrt of [Real-time Q&A] Series, <Cybersecurity Strategies 'TALK' (Emerging-OEMs oriented)> was launched successfully on February 21st! The response was amazing! We had about 100 participants from approximately 30 different companies pre-register for the event. We have recived questions from Tier companies in advance from our Security Counsling Center, and also those submitted during pre-registration!By summarizing the overall questions, we covered a total of 7 important concerns! FESCARO's experts with an average of 20 years or more of experience provided clear and insightful advice.Let's dive in and discover the valuable insights from CEO Hong Seok-min, an expert in automotive cybersecurity,Director Ku Seong-seo, an automotive software development expert, and Choi Kwang-mook, our team leader specializing in automotive security certification.■ Video VER.■ Text VER.1. What types of cybersecurity-related requests do domestic and global OEMs ask to tier companies?The cybersecurity-related requests that both domestic and global OEMs ask to Tier companies include the following items. (Some items might vary based on each specific OEM's requirements) · Item (ECU) level TARA· Cyber security engineering (applied with a security solution, verified by security testing)· Organizations and processes related to cybersecurity· CIA (Cybersecurity Interface Agreement) In most cases, OEMs carry out TARA (Threat Analysis and Risk Assessment) at the actual vehicle level and determine cybersecurity goals and requirements for individual items beforehand. For OEMs that place a strong emphasis on cybersecurity, there are instances where they ask tiers to conduct TARA at the ECU level. To meet security requirements, Tiers need to create various security applications like Secure Boot and Secure Flash for the ECU. Additionally, security testing is crucial to ensure that the OEM's security requirements are effectively met through these applications. For successful engineering activities such as cybersecurity development, verification, and operation, Tiers must establish internal cybersecurity-related teams and processes that align with business objectives. The prerequisite for this is to engage in R&R discussions and finalize contracts for cybersecurity tasks between OEM and Tier, known as the Cybersecurity Interface Agreement (CIA). However, sometimes OEM requirements can be hard to understand or vague. In such situations, it's best to interpret them in a way that benefits the Tier the most while still meeting the basic criteria for OEMs to achieve UNR 155 certification. Therefore, initiating discussions with OEMs about cybersecurity tasks right at the project's start is crucial. The cybersecurity manager, often responsible for this, should negotiate to benefit the Tier while meeting the minimum requirements for OEM certification. This involves negotiating properly with the OEM representative to optimize the reuse of existing materials. To do a good job as a cybersecurity manager, complete understanding about the process of acquiring the UNR 155 certification for OEM is required. To summarize, both OEMs and tiers need to establish cybersecurity-related teams and processes. Moreover, cybersecurity goals and requirements are determined through TARA activities conducted on the vehicle level, system level, and the ECU level for the specific vehicle type undergoing certification. To ensure compliance with cyber security requirements, OEMs create and share precise design and validation specifications related to cybersecurity engineering with Tiers. Since these specifications are general and intended for multiple OEMs, it's often challenging to address all the unique aspects of ECUs, the specific features of new cars, and the individual characteristics of different tiers. To bridge this gap, OEMs engage in coordination and discussions with each tier. Using the outcomes of these discussions, they then move forward with the cybersecurity engineering process, ultimately leading to the Start of Production (SOP) phase. Following the SOP, the process undergoes operational stages, including cybersecurity threat monitoring and incident response, until its end of support or scrapping. In terms of the aspects discussed earlier, the CIA plays a crucial role in defining R&R and completing the contract between OEM and the tier. To put it simply, the main approach is to maximize the reuse of existing components while ensuring the core requirements needed for OEM certification. This involves suggesting modifications as needed, considering the specific context of each tier. 2. Isn't TARA performed by OEMs? Tiers also require TARA performance. Many people might think that TARA is done only once during the concept phase. However, TARA is utilized not only during the conceptual stage but also throughout the development and post-development phases. This is due to the fact that cybersecurity risks can emerge at any point during a vehicle's lifecycle. When facing a cybersecurity incident, it's crucial to thoroughly analyze the cybersecurity threat and evaluate the associated risk. TARA represents a cybersecurity risk management approach. It classifies whether an immediate response is necessary, whether the task should be addressed promptly, whether collaboration with others is needed for a delayed response, and the appropriate level of security measures required. As previously stated, TARA is a continuous process that must be carried out across the entirety of the project's lifecycle, extending beyond the initial conceptual stage. Hence, it becomes an essential aspect that should be ingrained within the tier's internal operations. 3. It is difficult to find out where to start the CSMS process.From the tier's point of view, there are two ways to approach CSMS response. The first involves setting up a cybersecurity management system in accordance with the ISO/SAE 21434 standard. The second pertains to establishing a dedicated system for effectively addressing the Cybersecurity Interface Agreement (CIA) between the OEM and Tier. The fulfillment of both aspects can be achieved through the establishment of a cybersecurity management system that aligns with the ISO/SAE 21434 standard. Setting up an appropriate cybersecurity management system encompasses the following measures: · Drafting guidelines for handling the CIA signing process between OEM and Tier, which encompasses the cybersecurity interface agreement process.· Establishing a comprehensive cybersecurity management system along with corresponding rules, including the cybersecurity organization.· Developing guidelines for conducting Cybersecurity Threat Analysis and Risk Assessment (TARA) activities.· Defining procedures for integrating and verifying OEM’s cybersecurity requirements.· Creating guidelines for the application of cybersecurity principles within production processes.· Creating a system that actively monitors cybersecurity-related information and events, while also conducting analysis and management of identified vulnerabilities.· Formulating guidelines for the appropriate response in the event of a cybersecurity incident. By implementing this cybersecurity management system, you will be well-equipped to address a multitude of requirements coming from OEMs in the field of cybersecurity. Building a cybersecurity management system in accordance with ISO/SAE 21434 can be challenging, as knowing where to begin and how to proceed might not be straightforward. In practice, achieving this without expert guidance, such as professional consulting, can be daunting. Therefore, both OEMs and many tiers often seek assistance from specialized companies like us to navigate this complex process effectively. Ultimately, however, it is necessary to internalize this cybersecurity management system.From a professional consulting perspective, the process of establishing a cybersecurity management system can be categorized into three distinct stages. First, the consulting service conducts a gap analysis aimed at designing and constructing a cybersecurity management system tailored to the organization's existing circumstances. Second, a cybersecurity internalization project is chosen, and the consulting service guides the organization through the process of project implementation in accordance with the established procedures. We assist in planning and setting up teams for projects related to cybersecurity response, help with the CIA contract signing process, and provide support for the TARA process. TARA experts are dispatched when necessary. We also support designing, applying, and validating security solutions during product development. The red team will be put in if necessary. Also, we provide help for ensuring security during production, and assist in monitoring events, and managing vulnerabilities throughout the entire lifecycle of the vehicle. Thirdly, ISO/SAE 21434 mandates cybersecurity audits and project assessments, and we back up this process. Addressing process audits for each project places a significant burden on development and quality teams. To counter this challenge, obtaining a dependable CSMS certification can enhance productivity significantly. 4. How can I use the existing outcomes when creating cybersecurity materials?The extent of work for cybersecurity deliverables is established via the Cybersecurity Interface Agreement (CIA) established between the OEM and Tier. Every output mentioned in the CIA can be categorized into either reusing an existing output or generating a new one. The decision to reuse these artifacts should be made after thoroughly examining the item definition and cybersecurity specifications, at the very least. When conducting an item definition review, it's important to pinpoint any alterations in item functionality, security assets, or modifications to the operating environment. Similarly, during a cybersecurity specification review, the focus should be on recognizing any shifts in security requirements or security controls.To facilitate the process of artifact reuse, CIA artifacts can be conveniently organized and categorized as follows. The majority of cybersecurity "process" artifacts are mostly suitable for reuse, whereas "management" artifacts demand guided adjustments. "TARA and Verification" artifacts can be reused, but it's important to factor in any modifications in cybersecurity specifications, the operating environment, and related threat scenarios or vulnerabilities. "Cybersecurity development" artifacts are generally reusable, although changes to the cybersecurity specifications need consideration. In essence, with the exception of chapters 9, 10, and 11, a substantial portion of the artifacts can be readily reused. It's essential to conduct a reuse analysis specifically for the deliverables of chapters 9, 10, and 11. For example, if it’s decided to add new cybersecurity features, that means changes to the security functions in the product is necessary. And not only that, verification testcase also needs to be modified. Here's another example, even if the product specifications do not change, if the environment it's used in changes, additional TARA process is needed. Also, when we bring in an external connection, we have to include more security measures. And the vehicle protection model changes, it affects how we assess security risks. In simple terms, based on the reuse analysis results, we can decide whether to change specifications or design. 5. Managing security vulnerabilities When it comes to cybersecurity vulnerability management, there are two important aspects to consider. First, it's important to handle security vulnerabilities from the development phase to SOP, and throughout the entire lifecycle after SOP. Second, we need to take care of vulnerabilities found in different sources.When it comes to cybersecurity, it's crucial to know that security breaches can happen even after the SOP (Start Of Production), when the product development is completed. This is because the development of hacking technology from hackers are faster than the development of security solutions. So, whenever there's a security breach or a cybersecurity incident, we have to develop, verify and distribute the security measures, and this has to be repeated throughout the whole lifecycle of the vehicle. Normally, when SOP duration is 5 years and the warranty covers 10 years, it will be a total of around 15 years, and in reality, it might even be closer to 20 years. But the current security technology cannot withstand throughout the whole period. That is why it's important to conduct ISO/SAE 21434 Chapter 8 ‘Ongoing cybersecurity activities. Let's see with specific examples. This screen is an example of a vulnerability management ledger. The sources where vulnerabilities emerge are as varied as in the pictures. There can be vulnerabilities from cybersecurity information and event monitoring, risk list from TARA, vulnerabilities emerged from project development/verification, security breaches from the field after SOP. Just like in this example, it's important to keep a record of vulnerabilities for each project. This is because as mentioned earlier, the vulnerabilities have to be handled according to the specific project's traits. And the cybersecurity tasks need to follow the rules in Chapter 8 of ISO/SAE 21434, which is the 'Guidelines for Ongoing cybersecurity Activities’.[ ISO/SAE 21434 Chapter 8 'Guidelines for Ongoing Cybersecurity Activities' ]· Implement/record of cybersecurity information and event monitoring· Evaluate whether an identified event is a security weakness· Check through TARA if the weakness could be a vulnerability in the project· Vulnerability management throughout the product lifecycle To internalize the management of cybersecurity vulnerabilities, it is a best practice build and operate SIEMS (Security Information and Event Management System) system. With this system, it is possible to manage the entire cybersecurity issues and the current situation comprehensively.6. Every time when having a meeting with OEM, follow-up work increases due to lack of cybersecurity background knowledge.We often come across this question when we communicate with ECU manufacturers, and it's a challenge we've faced a lot. We've covered similar kind of response strategy earlier, and to handle the different requests from OEMs effectively, it's crucial to have standardized and strategic response processes.· Tailoring security requirements according to product characteristics· Minimizing modifications due to changes in OEM needs by creating outputs following international standards In general, OEMs have certain standard requirements for cybersecurity features. However, these requirements are usually a superset. Since the features of each ECUs are different, it is hard to apply in entirely. It's important to really understand what OEMs are requesting and identify what we're capable of what is not. If there are things we can't do, we need to show different options, or explain why it's not possible. And if it's needed, we also have to suggest plans for what to do next. OEMs will take the information provided by these ECU manufacturers to get the type certification. When we look at it from the perspective of the CIA (Cybersecurity Interface Agreement), it's tough for the ECU manufacturers to respond since each OEM's product requirements are different. To work around these challenges, following the ISO/SAE 21434 standard has to be conducted in the process and explain how it meets the international standard. But the real challenge is that a lot of ECU manufacturers don't have a dedicated cybersecurity team, which makes it tough to handle the tasks. The more you discuss with OEMs, the more confusion tends to arise, making the workload even heavier. To tackle these issues, having experts with specialized security skills would be a great help. Companies like FESCARO could be an alternative. FESCARO offers CSMS consulting, security solutions, and security testing services for local OEMs. We are well-versed in what ECU manufacturers have to do in order for OEMs to achieve the UNR155 certification, and have a track record of assisting multiple ECU manufacturers with CSMS consulting, cybersecurity manager responses, security solutions, and providing engineering services. We are here to provide a clear guide for you to navigate these tasks effectively. 7. Do tiers also have to acquire cybersecurity certification?In simple terms, no. To clarify, the certification is only required for car manufacturers. UNR 155 states that CSMS certification must be obtained by car manufacturers. However, it's also required for the CSMS to be able to handle the cybersecurity tasks of ECU manufacturers. The detailed process for this is explained in Chapter 7, 'Distributed Cybersecurity Activities,' of ISO/SAE 21434. The OEM verifies if the ECU manufacturer has established CSMS by using the CIA (Cybersecurity Interface Agreement). Even though the ECU manufacturers don't directly have to get certified, it's required to create CSMS as per the OEM's requirements. Certain ECU manufacturers might even earn CSMS certification through a certification body like TS (Technical Service) and get the ISO/SAE 21434 certification. This certification offers the reassurance that the company is well-prepared for cybersecurity, giving you an advantage when pursuing different projects or new projects with OEMs. Certification bodies currently lack formal certification qualifications or auditor qualifications. Because of this, organizations like TS are taking on the role of UNR 155 certifications and carrying out ISO/SAE 21434 certifications for tiers. FESCARO is working in collaboration with several TS companies, and there have been instances where ECU manufacturers that we have consulted achieved ISO/SAE 21434 certification. Drawing from this collaborative partnership and the experience gained, FESCARO is dedicated to providing comprehensive support to ECU manufacturers, ensuring them to successfully attain certification. FESCARO has secured CSMS certification from OEMs and ISO/SAE 21434 certification from Tiers. Our expertise encompasses cybersecurity consulting and engineering services for a wide range of ECU used in both internal combustion engine vehicles and electric vehicles.23.09.10
[Insight column] Lee Hae-seung, "If SDV is the Next to Electrification..."
Peter Thiel, the founder of PayPal, and an early investor in Facebook, SpaceX, and LinkedIn, describes the process of creating something entirely new as going from 0 to 1, and then turning that creation into a massive business as going from 1 to 100. If one succeeds in the 0 to 1 phase but doesn't consider the 1 to 100 phase, one may achieve the glory of creating something new but miss out on the profits of scaling it into a large business. The probability of success in the 0 to 1 phase is low. Investing in such ventures is risky. The competition in the 1 to 100 phase is fierce. How can one minimize risks, win in the competition, and achieve 0 to 100 in SDV? Author | Lee Hae-seung, Managing Director, FESCAROLee Hae-seung, managing directorIn 2021, celebrating 30 years of successful corporate life, he departed from the company he had been working for. Over 26 years, he has held various roles, including testing at an automobile manufacturer (formerly SsangYong Motor, now KG Mobility), system application at an automotive supplier (formerly Delphi, now Aptiv and Continental), and technical sales at an automotive software tool company (ETAS). He had the opportunity to be part of the development of the first integration of EBS (Electronic Brake System), EPB (Electric Parking Brake), and ACC (Adaptive Cruise Control) in domestic automobiles. Throughout his career, he has been involved in model-based software development, interactive calibration manual creation, AUTOSAR, and tools and consulting related to cybersecurity. Currently, he works as a part-time consultant for PICODE, a control system test equipment company, and FESCARO, a company specializing in automotive cybersecurity and ECU fabless.How far has the auto industry come?Cars have played a significant role in providing humans with the value of "freedom of movement." As more people have embraced this freedom, automotive technology and industry have evolved and will continue to do so, enabling even more individuals to enjoy greater mobility.However, most of the vehicles that have contributed to this freedom so far have been internal combustion engine cars, which have left a considerable carbon footprint in the atmosphere despite their positive contributions to humanity. (The road transport sector contributed to 13.9% of Korea's total greenhouse gas emissions in 2019 and  16% globally.  This sector includes not only automobiles but also aircraft and ships.) The 6th report of the Intergovernmental Panel on Climate Change (IPCC) confirms that greenhouse gases emitted by humans are the clear cause of the current global warming.  This reality has resulted in global warming progressing from "climate change" to "climate catastrophe," posing a severe threat to human survival. Consequently, while automobiles have greatly enhanced the value of freedom of movement, they have also posed a significant threat to human survival, on par with their contributions.In response to these environmental concerns, the automobile industry has introduced electrification technology to promote eco-friendliness while maintaining the value of mobility. As a result, the widespread adoption of electric vehicles is now being active while still providing the essential value of mobility to people.Where is the auto industry heading?Electrification serves as a fresh foundation for the advancement of automotive technology and industry. This transformation allows for the convergence of semiconductor, communication, software, and automobile technologies on a larger and more diverse scale, known as CASE (Connected, Autonomous, Shared, and Electrified). While cars have long contributed to the value of freedom of movement, they now offer additional benefits through developments like vehicle-sharing systems. By optimizing car operation efficiency through increased car-sharing services, fewer cars are needed for the same amount of travel, leading to reduced resource consumption and environmental damage. CASE vehicles contribute to eco-friendliness both through electrification and sharing initiatives.Concerns arise about potential negative industrial growth due to reduced automobile production. While these concerns are acknowledged, it is essential to consider that an industry's size aligns with the value it generates, with people willing to pay a reasonable price for this value. Before CASE technologies, automobiles primarily contributed to freedom of movement, which relied on quantitative growth through increased car sales. However, CASE technologies provide a broader spectrum of values compared to conventional vehicles. A smart auto industry can focus on maximizing value contribution to outweigh the decrease in sales volume, transitioning from quantity-driven growth to a combination of quantity and quality through CASE technology.Beyond eco-friendliness, other values come into play. Road accidents claim 1.35 million lives annually, leading to an estimated economic loss of 2,390 trillion won/year (1.8 trillion USD), accounting for 63% of the automobile market.(The size of the global automotive market was estimated to be USD 2.86 trillion in 2021. ) CASE technologies, particularly the "autonomous driving traffic system," have the potential to eliminate traffic accident deaths entirely, reflecting a real value far surpassing its economic implications.Furthermore, CASE can further enhance the value of freedom of movement. Autonomous driving systems allow individuals unable to drive due to age or disabilities to regain their freedom of movement. By establishing a flexible "public transportation supply system" that adapts to real-time demand during commute times, passengers enjoy safer, more comfortable transfers, freeing up valuable time for various activities while on the move, including entertainment, gaming, shopping, healthcare, education, and finance.The automobile industry actively develops various systems based on CASE, with industry leaders envisioning these systems expanding into a new field centered around "movement." More and more people are embracing the narrative. To embrace the words of Chinese novelist Lu Xun: "Originally, there were no roads on the ground. If there are more people walking, it becomes a road." The automotive industry is moving towards a service-oriented approach, referred to as Mobility as a Service (MaaS). However, this service domain is not confined solely to mobility. Automakers aim to create services that assist passengers in various activities while they are on the move, ultimately transforming these services into novel revenue streams.Software-Defined VehicleAccording to the 2020 statistics released by the Korea Auto Dismantlement Recycling Association, the average lifespan of a car in Korea is 15.6 years, nearly doubling from 8.3 years in 2000 when statistics began.  In 2020, there were 25.5 million registered vehicles.  Let's conduct a thought experiment: What if the Korean automobile market was saturated in 2020? In other words, if one new car is sold only when one is scrapped? For ease of calculation, let's assume that the number of cars accumulated over 15.6 years is 25.5 million. Then 1.44 million cars are scrapped every year, and that number is sold as new. In fact, domestic sales of automobiles in 2020 were 1.91 million units, 1.73 million units in 2021, and 1.68 million units in 2022.  An increase in the average lifespan of a car, a reduction in accidents due to autonomous driving, and shared cars are factors contributing to the decline in car demand. How can the saturated auto industry grow further?Looking at sales statistics, the smartphone market reached market saturation first.  The automotive industry can learn from this situation. Manufacturers work to increase revenue per smartphone. In terms of hardware, smartphones will be equipped with better displays, faster processors, larger memory, and more cameras to strengthen existing functions. To introduce new functions, new sensors and foldable form factors are applied. This strategy compensates for the drop in profit due to reduced sales volume with a high unit price.Figure 1 | Worldwide smartphone sales and revenue trendsThere is also a response on the software side. The situation in the app market differs from that of hardware. Software sales are not as affected by new sales as hardware because already-sold smartphones form the foundation of the business. Cumulative smartphone sales have not reached saturation yet. Unlike hardware, software generates revenue every year, depending on the business model. Due to these reasons and others, the app market, valued at 273 trillion won/year (206.85 billion USD) in 2022, is expected to grow at an average annual rate of 13.8% from 2023 to 2030.  The key is to develop valuable services that customers are willing to pay for.The automobile industry can take a similar approach to the smartphone industry. On the hardware side, they have already started implementing approaches like adding ADAS sensors, installing multiple internal displays with larger and higher resolutions, and applying massage chairs. Additionally, automakers want to create a car software market that can generate steady revenue based on cars already sold, despite market saturation, just like the smartphone software market.I intentionally used the word "system" when explaining CASE and mobility services above. This is because there is an intention to mention two aspects of mobility service, asserting that "the system has several components, there is linkage between elements, and the linkage is implemented through software." The first aspect is that, just as services using smartphones are implemented in software, mobility services using cars are also implemented in software. (This is an inevitable parallel.) Instead of calling these cars smart cars, the auto industry emphasizes software and calls them Software-Defined Vehicles (SDVs). (It may have been because smart cars have an image of self-driving cars.)Difficulties in developing SDVs The second aspect is that, unlike a smartphone as a single object, certain cars are composed of a network of function-specific controllers. Automotive engineers are new to software. Unfamiliarity comes with complexity. Adding complexity is the fact that they have to deal with not a single controller, but a network of controllers. The network consists of smaller networks and controllers. Various communication protocols such as CAN, LIN, and Ethernet that are applied here add more complexities. The complexity of network structures and protocols complicates technology development as well as collaboration between development entities.SDVs must be able to distribute the new software to the entire fleet, to be precise, to all the controllers in the vehicle involved in the service. Distribution is a so-called Over-The-Air (OTA) software update. It is the same as how a smartphone updates software through wireless communication. SDVs should be able to update OTA software. Implementing OTA software update of not one controller but several controllers connected to the network is more complicated than software update of a single object, a smartphone. In addition to this, most automakers are in a position to allow others' non-standard methods for controller software updates. Complexity increases with various software update methods. Due to this complexity, it is more difficult to develop SDVs.Software development for SDVs cycles "planning, developing, verifying, distributing, operating, monitoring" repeatedly as shown in the left figure in Figure 2. It is a CD (Continuous Development) method, which is also called CI (Continuous Integration), CT (Continuous Testing), CX (Continuous Something), and the like. The traditional V-model in the automotive industry, involving top-down and bottom-up approaches, generally concludes the development process with the start of mass production, whereas the new trend in the automotive industry requires continuous (and possibly intensified) development to accommodate new services, even after mass production begins, representing a fundamental distinction. Figure 2 | DevOps (ⓒ FESCARO) and V-model https://commons.wikimedia.org/wiki/File:V-model.svgMobility services are implemented with software that maximizes the potential of the hardware in the car (it may be built-in, passengers may carry it on board, or it may be added externally by wired/wireless connection). Hardware is difficult to change once mass production begins. (Some hardware of SDVs may need to be developed in consideration of improvement changes after mass production. Tesla upgraded the FSD hardware. ) So hardware development is likely to follow the traditional V-model.So, is the software easy to change? The appropriate answer to this question is not "yes" or "no," but rather "automobiles should be developed to facilitate easy software changes." If the hardware development cycle according to the V-model takes several years, the software development cycle for a CD could follow a similar timeline, but it could also vary significantly, ranging from several months to a few days. These differences add complexities to project management in otherwise complex technology development. The development of SDV starts at a higher level of complexity than the development of existing cars. The automotive industry knows it well through experience. Complexity increases development time, raises development costs, and lowers quality. One of the objectives that SDV development should pursue is "simplification", reducing the complexity not only of the vehicles themselves but also of the development environment.How is service development carried out in the field?In the industry, there are various attempts, but besides Tesla's achievement in autonomous driving, there seems to be no definitive service that has reached a significant revenue position through software updates yet. CNBC estimates that the revenue of the iPhone App Store in 2021 is between 706 billion USD and 857 billion USD, based on Apple's announcement.  On average, it is 103 trillion won. It is an amount that can be divided among 1.03 million people, each receiving 100 million won. Considering the costs involved in the business and Apple's profits, it is unlikely that there would be 1.03 million job opportunities for developers with an actual annual income of 100 million won each. Indeed, it is estimated that there would have been tens of thousands of job opportunities with decent income created as a result. It will be larger if we include the Android side. I don't know how big the automotive software market will be. Its size depends on how many service ideas consumers value. Imagine how service ideas and software development will work in the field.○ Ideation:• Good service ideas often come to automotive researchers (which may include anyone, even those not directly involved in the automotive industry.). Some of the ideas will be centered around artificial intelligence technology. Ideas like this are more likely to visit AI engineers than automotive engineers. Automakers need to make it easy for these people to find them.• Several of them propose their ideas to the team leader. • The team leader selects ideas that are worth verifying among ideas and organizes TFT (Task Force Teams) for feasibility verification.○ idea verification:■ TFT downloads data necessary for service development from the data cloud. • The data in the cloud is collected from cars in real operation. - There may be a business that collects and sells data , or provides the result of processing data upon request. • The required data may not be available. - Software for controllers that can serve as sources and for controllers involved in data transmission is being developed. → It is advantageous if the electrical/electronic/software architecture of the SDV is developed in advance so that the scale of software change for data collection is small. - Data collection software is distributed to automotives of a sample group. - The data uploaded by the sample group to the data cloud is obtained.■ Process the data to analyze the technical feasibility of implementing the service. • Simulation is done to save analysis cost and time. - For accurate analysis, it is simulated using data collected from running cars. - Simulation can be done on a PC, but considering speed, collaboration, and security, it would be more efficient to do it in the cloud. • It is confirmed whether or not the software of the output controller needs to be changed to provide the service. - If necessary, develop prototype software for the service output controller. → Prototype software can also be implemented with a virtual controller or rapid prototyping to reduce development time and cost. → It is advantageous if a predetermined electrical/electronic/software architecture for SDV is developed in advance, so that the scale of software change for service provision is small.■ Evaluate the utility of the service. • Simulation is done to save evaluation costs and time. • The simulation confirms the effectiveness of the service and its potential side effects in various situations. • Based on the simulation results, it is evaluated whether the service is as effective as expected.○ Escalation & Ok-to-develop: • If the service utility evaluation is positive, request development approval from management. • The management level makes a comprehensive judgment and approves the development. - There are many other things to consider besides the expected customer response. For example, ideas of other TFTs, expected return on investment, development capacity, etc.○ Development: • Controller developers shall; - modify the software of controllers related to providing services - and related to data collection. • Back-end developers develop server software for services. • When necessary, service app developers develop smartphone software. • Development, analysis, and evaluation are repeated until it is judged that the utility of the service is sufficient through simulation and real-vehicle evaluation. • Also ensure that new features do not affect existing features. • The process simply mentioned above consists of various micro-tasks. Without simulation and automation (DevOps), the above development-evaluation cycle would not be practical.○ Production: • Promote and sell the services. • The software via OTA is distributed to the customer's car. • For various reasons, the usage environment considered during development and the actual usage environment of the customer may differ. • The continuous improvement (CI) through the "operate, monitor, plan, develop, verify, evaluate, and deploy" cycle is sustained. • Some of these developed and marketed services will be commercially successful. Some of these successful services will have great success. • Successful services are further improved, which brings additional profits.The above imagination supersimplifies the process of developing a service idea into the software. Many important subjects are missing. Among the missing topics, one fundamental aspect crucial for SDV is cybersecurity. However, there is no feeling that the number of topics listed above is insufficient. Rather, there are so many that makes it feel the burden of where and how to find the necessary development manpower in all these fields. Each topic, including missing topics, adds to the complexity of development. It makes the already scarce development manpower scarcer. SDVs are a significant burden for automakers. McKinsey predicted in 2019 that automakers would need to invest 92 trillion won (70 billion USD) over the next 10 years to be in a strong position.  Not all automakers will be able to make this level of investment. Even for companies capable of making such significant investments, selecting the wrong investment target can lead to severe consequences and heavy losses.In all subjects, complexity should be eliminated as much as possible, and simplicity should be pursued.Limited resources necessitate the selection of a focused topic to concentrate on. They need to make partners who will focus on the remaining topics.How to reduce complexity?Indeed, given the limitations of space, it seems appropriate to transition to a discussion on how to reduce complexity, and we can conclude the conversation at this point. On the other hand, it is not possible to cover various topics with limited space.I pay attention to the role of data in the process of developing service ideas into software. Data is needed to objectively analyze the feasibility of a service idea. Data is also needed to rationally evaluate service effectiveness through simulation. Service implementation requires data communication between the vehicle and back-end, and between controllers. (Software update is also the communication of data called software between them.) Vehicles should be developed to facilitate data collection, transmission, processing, and utilization. Cars need an architecture that takes data into account, both electrical and electronic architecture and software architecture.I propose electrical and software architecture design as a way to reduce complexity, with data (ease of collection, transmission, processing, and utilization) being one of the criteria for making design decisions.Complexity begets complexity. If the architecture on which the service software is to be built is complex, the software itself will inevitably become complex. Software updates also become complicated. Complexity costs resources, time, money, and quality. So, the software architecture needs to be simplified. The automotive industry has developed an open software architecture called AUTOSAR early on. As SDV developed, AUTOSAR also developed. AUTOSAR is divided into classic AUTOSAR for dedicated controllers specialized in real-time control and adaptive AUTOSAR for upper-level controllers that manage flexible function changes and controllers through software updates.Classic AUTOSAR provided standards in three areas: architecture, methodology (software development methods), and APIs (Application Programming Interfaces). Architecture and methodology are inherent in AUTOSAR software development tools. That is why it is evaluated that it has taken its place. The API, on the other hand, is not. The automotive industry lacks a unified standard API and it is uncertain whether the differences in commercial relationships between car manufacturers and their collaborators, or lack of technical knowledge in each other's domains, or other factors were the sole causes. An industry-wide standard API is a far-reaching goal at this stage. Among the automakers that collaborate with multiple partners, how many automakers would there be that have a standard API which spans the partners? In reality, many cars are equipped with controllers to which AUTOSAR is not applied. Simplification is required by applying standard software architecture along with the application of standard API. If complexity is not reduced at this stage, subsequent development stages will have to deal with exponentially increasing complexity.In addition, the application of a standard software architecture reduces the complexity of software portability between controllers or controller integration, which will inevitably be pursued in the future. It simplifies not only the subsequent stages of current development, but also future ones. The automotive industry has learned a lesson from the classic AUTOSAR API failure. Adaptive AUTOSAR serves as middleware providing standard APIs to service software. Adaptive AUTOSAR has to be made to go down a different path than classic AUTOSAR's API.In addition, the application of a standard software architecture is a prerequisite for collaboration between automakers and partners, and between partners and partners. Collaboration allows everyone to focus limited resources on their own needs. Automakers should focus on enhancing their competitiveness in the core field of automobiles. Suppliers should focus on competitiveness in the core field of the system. The rest of the fields are secondary. Sub-fields are those that target the core business. They should “create” partners who focus on those ancillary fields as their core business targets in order to build competitiveness through them.Automakers that cannot make sufficient investments in the development of CASE technology for SDV should collaborate and join forces. Indeed, potential partners for collaboration can be found not only within the automotive industry but also outside of it. By joining forces, there is an opportunity To secure a broad territory in the emerging realm of SDV (Self-Driving Vehicles).CollaborationPeter Thiel, the founder of PayPal and an early investor in Facebook, SpaceX, and LinkedIn, explains the concept of going "from 0 to 1" by creating something entirely new and "from 1 to 100" by scaling it into a large business. If one succeeds in the 0 to 1 phase but doesn't consider the 1 to 100 phase, one may achieve the glory of creating something new but miss out on the profits of scaling it into a large business. The probability of success in the 0 to 1 phase is low, making investing in such ventures risky. Additionally, the competition in the 1 to 100 phase is fierce. So, how can one minimize risks, win in the competition, and achieve 0 to 100 in the SDV industry? It seems that there is not only one way, and I believe that collaboration will be involved in some form in any approach. Indeed, SDV is not simple enough to handle everything on its own. What collaborations would be possible? In the fields I have covered, there are the following collaborations.Cybersecurity for automotive control units relies on encryption management and cryptographic operations. Increased connectivity has increased the demand for cybersecurity. Chips are increasingly incorporating cryptographic accelerators (referred to as HSM - Hardware Security Module or HSE - Hardware Security Extension) to support encryption management and operations. Hardware without software is useless. It is very inefficient for someone who develops the software for a service to have to deal with the software that runs the cryptographic accelerator as well. The similarities and differences between the two fields can be compared to Korean and English. Therefore, companies specializing in cybersecurity software have been created for automakers, suppliers, and chip makers to collaborate with them.The concept mentioned above is not entirely new and not solely due to cybersecurity. It can be extended to other fields. Long before the emergence of cybersecurity, AUTOSAR was designed with a multi-layered architecture consisting of the ASW (Application Software) layer, where functionalities are implemented, and the BSW (Basic Software) layer, which supports the ASW. Indeed, specialized companies have emerged, focusing on developing BSW as a product and making it their business target. As AUTOSAR expands, automotive software companies that are targeting BSW as a service product are emerging. Automotive companies and their partners cooperate with companies specializing in automotive software.This collaboration spreads the 0 to 1 investment risk, as each one's contribution enhances the technical completeness, raising the likelihood of success. However, this can only happen when everyone is doing their best. There will be many ways to ensure that everyone is performing at their best. One common and effective approach among them is setting a shared goal of dividing the benefits of achieving the 1 to 100 milestone. Achieving the 1 phase provides a solid foundation to secure the necessary investments for expanding to 100. This business approach is completely unfamiliar to the automotive industry. SDV is already challenging with just a change in technology. Will the automotive industry be able to embrace business-side changes and make SDV a success? I hope so. And I hope that success will happen around me. If you are looking for a software solution partner for customer-centric engineering in the automotive industry, FESCARO could be a viable and promising option. Korea Institute of Energy Research-Technology Policy Platform Energy & Data-KIER TPP (https://www.kier.re.kr/tpp/energy/B/view/184?contentsName=sub2_4&menuId=MENU00962) Bill Gates. How to avoid a climate disaster. Chapter 7 How to get around. ipcc 6th report. Climate Change 2023 Synthesis Report. Summary for Policymakers https://www.ipcc.ch/report/ar6/syr/downloads/report/IPCC_AR6_SYR_SPM.pdf US Agency for Disease Control, website https://www.cdc.gov/injury/features/global-road-safety/index.html Global automotive manufacturing market size 2022 | Statista (https://www.statista.com/statistics/574151/global-automotive-industry-revenue) 2020 vehicle scrap statistics, Korea Automobile Dismantling and Recycling Association (kadra.or.kr) (http://kadra.or.kr/kadra/contents/sub02/02_01.html?idx_num=2536&pidx_num=&skin=4&mode=view&GotoPage =1&column=&keyword= ֱ &BbsId_01=&BbsId_02=&BbsId_03=&MenuNum=&BbsId=2010316112316&Tbn=&srhData1=) Vehicle Registration Indicator Service | e-Country Index (in-dex.go.kr)( https://www.index.go.kr/unity/potal/main/EachDtlPageDetail.do;jsessionid=T-Oeb3-jdaLfPaKWUMeotl7cNreep-2ONoGkUPwq.node11?idx_cd= 1257) Vehicle production, Korea Automobile Mobility Industry Association (KAMA) ( https://www.kama.or.kr/NewsController?cmd=V&boardmaster_id=industry&board_id=12274&menunum=0004&searchGubun=&searchValue=&pagenum=1) Global smartphone sales and revenue Smartphone sales worldwide 2007-2021 | Statista Global smartphone revenue 2011-2022 | Statista(https://www.statista.com/statistics/263437/global-smartphone-sales-to-end-users-since-2007/) Mobile Application Market Size, Share & Trends Report, 2030 (grandviewresearch.com) (https://www.grandviewresearch.com/industry-analysis/mobile-application-market) Full self-driving computer installation | Tesla, South Korea (https://www.tesla.com/en_kr/support/full-self-driving-computer) Apple implies it generated record revenue from App Store during 2021 (cnbc.com) (https://www.cnbc.com/2022/01/10/apple-implies-it-generated-record-revenue-from-app-store-during-2021-.html) Monetizing connectivity services and car data. Value creation and performance in the auto industry | McKinsey (https://www.mckinsey.com/industries/automotive-and-assembly/our-insights/down-but-not-out-how-automakers-can-create-value-in-an-uncertain-future) Annual CASE investment by automakers-How automakers can master new mobility | McKinsey (https://www.mckinsey.com/industries/automotive-and-assembly/our-insights/down-but-not-out-how-automakers-can-create-value-in-an-uncertain-future) Peter Thiel/ Zero to One: Notes on Startups, or How to Build the Futuresource: AEM (https://www.autoelectronics.co.kr)23.08.21
What kind of a company is FESCARO? (Ver.2023)
We have prepared the updated direction and references of Fescaro for this year, [What does Fescaro do? Ver.2023]. Let's quickly review Fescaro's key achievements from last year. FESCARO promoted the Cyber Security Management System (CSMS) certification for Ssangyong Motor, was selected as BIG 3 future car sector by the Ministry of SMEs and Startups, signed an official reseller contract with 'Electrobit' for AUTOSAR, signed MOU with AhnLab for automotive cyber security, and won new contracts to strengthen partnerships. We were able to share such good news because Fescaro's business capabilities and expertise in its field have been highly recognized and evaluated. We will be glad to show you why Fescaro is special one by one. First, let's start by examining why automotive cybersecurity is necessary. ■ The reason why automotive cyber security was legislated In a hyper-connected society where everything is seamlessly linked through various devices, the value of automobiles as 'mobility' goes beyond being mere transportation and offers enhanced convenience in daily life. To achieve autonomous driving in the near future, cars must communicate in real-time with other vehicles, pedestrians, as well as diverse mobile devices and surrounding infrastructure. The convenience provided by the hyper-connected world cannot be free from issues related to security. It is because of being exposed to numerous hacking vulnerabilities. According to AltasVPN's 'Main Damages from Car Hacking Between 2010 and 2021', cyber crimes against cars are increasing day by day, and the damage is expected to reach about KRW 608 trillion by 2024. So what will happen as a result of car hacking? Battery discharge or manipulation, tampering with the battery level, manipulating audio/visual/navigation data to disrupt driving, and steering control manipulation leading to unintended detours are some of the accidents that can occur due to car hacking. Car hacking threatens drivers, passengers, and pedestrians, making automotive cybersecurity essential, especially for autonomous driving. The United Nations Economic Commission for Europe (UNECE) has enacted two regulations concerning this matter. The first is UN Regulation 155, which is the Cyber Security Management System (CSMS), and the second is UN Regulation 156, which is the Software Update Management System (SUMS). CSMS is an organizational process and management system designed to manage cyber threats and risks and protect against cyber attacks. SUMS refers to the methods, processes, and management systems for software updates in automobiles and control units. Automotive OEMs seeking to sell their vehicles in the European market must obtain both CSMS (UNR 155) and SUMS (UNR 156) certifications. As automotive cybersecurity becomes a crucial requirement for global expansion, FESCARO's growth is anticipated to be significant. MarketsAndMarket, a global market research firm, predicts that the automotive cybersecurity market will grow at an average annual rate of 21.6% from 2021 to reach approximately KRW 6,385.4 billion by 2026. With these promising projections for the global automotive cybersecurity market, FESCARO is poised for notable growth. Let's take a look at why. ■ What does Fescaro do? FESCARO is a specialized automotive cybersecurity company consisting of automotive electronic control system developers and white-hackers. They offer a comprehensive all-in-one solution that effectively caters to the automotive cybersecurity regulations mentioned earlier. This includes CSMS certification consulting, TARA (Threat Analysis and Risk Assessment), security solutions, engineering, and security testing. Let's briefly explore each of these services. 1. CSMS certification consulting FESCARO runs a 'consulting organization specializing in cybersecurity'. FESCARO provides fast and systematic analysis of the latest trends in relevant regulations (UNR 155, UNR 156) and international standards (ISO/SAE 21434, ISO 24089) related to automotive cybersecurity. FESCARO also offers tailored consulting services to provide optimized support for various requirements and situations of automotive OEMs/Tiers. The company also provides practical guidelines cased on validated references, outputs, and templates from its own success cases, enabling more efficient responses. These guidelines can be applied throughout the entire process, from design to verification, production, and operation. 2. TARA (Threat Analysis and Risk Assessment) Automotive OEMs want to identify cybersecurity threats that may affect their vehicles and control units through TARA analysis and accurately assess the risks associated with these threats. FESCARO has been proven capable of identifying threats that can occur according to the characteristics of each controller and identifying vulnerabilities according to the risk level of each controller. Based on experience conducting TARA on over 50 controllers, we can clearly identify potential security vulnerabilities, and the outcomes serve as a basis for security testing requirements. 3. Security solution (FAST™ HSM) FESCARO provides security solutions specialized for automobile controllers. We possess security features such as Secure Access, Secure Boot, Secure Flash, Run-time Tuning Protection, Secure Storage, Secure Unlock, and Memory Protection, which comply with international regulations and meet the security requirements of automotive OEMs. We have ensured reliability through the high compatibility of global automotive semiconductor solutions (supporting approximately 70 models from the top 8 global companies and continuous support for new chips) and the implementation of NIST FIPS 140-2 compliant cryptographic library (FAST™ CLIB), which has been designed, implemented, and verified. 4. Engineering For Vehicle Type Approval (VTA), automotive OEMs require the implementation of security features in all control units. In order to apply the cybersecurity function without affecting the basic function and performance of each controller, an accurate understanding of the security requirements must be preceded. FESCARO is led by a CEO with a Tier1 background, which was the first to apply cybersecurity technology to mass production in Korea. The development team consists of experienced professionals with an average of over 20 years of expertise in the automotive domain. We have a high understanding of the complex security requirements of automotive OEMs and can provide optimized engineering for various controller characteristics. 5. Security test The international regulation UNR 155 (CSMS) mandates that security performance applied to automotives and controllers must be verified through security tests. Furthermore, the international standard (ISO/SAE 21434) recommends that security experts, independent of the development organization, conduct security testing. FESCARO possesses a dedicated red team of expert white-hackers and state-of-the-art security testing equipment. With over 100 test categories and approximately 200 cases per category, FESCARO has the capability for systematic verification, covering a wide range of control units from low to high specifications. ■ Why is FESCARO special? 1. Experience in conducting 'company-wide' consulting for global OEMs FESCARO provides effective consulting and solutions to address various international regulations and standards such as CSMS, SUMS, ISO/SAE 21434, and VTA, and is consistently generating successful case studies. Currently, we are conducting a company-wide consulting project to respond to cyber security (UNR155, CSMS) and SW update management (UNR156, SUMS) regulations for KG Mobility (formerly Ssangyong Motors), which sells cars in more than 100 countries. Last December, FESCARO obtained CSMS certification, and is currently in the process of obtaining SUMS and VTA certifications. In addition, in February of this year, Carnauto Automotive (formerly Humax Automotive) obtained ISO/SAE 21434 certification based on FESCARO's consulting services. FESCARO has a convergence view across the automotive value chain and lifecycle, as well as accumulated experience and know-how in electrification. Thanks to this, we are closely collaborating with various stakeholders not only in parts but across the entire spectrum in cybersecurity projects for OEMs and tiers. 2. Rich references validated from multiple perspectives. FESCARO continues to deliver meaningful outcomes and achievements in various domains of automotive cybersecurity. As of the end of 2022, FESCARO has established a strong portfolio with more than 70 types of secure solution (FAST™ HSM) compatible chips, over 40 types of control units equipped with security solutions, TARA analysis performed on more than 50 control units, and more than 100 security testing assets with 200 test cases for each security testing item. This is one of the reasons why it is recognized as a leading cyber security company in Korea across industry, academia, and government. 3. International recognition for its security quality FESCARO has established the quality and reliability of its automotive cybersecurity through a prestigious global certification that closely adheres to international standards. In 2019, FESCARO obtained Level 2 certification in A-SPICE (Automotive-Software Process Improvement and Capability Evaluation), a development process assessment model for enhancing automotive software (SW) quality. A-SPICE, which stands for Automotive-Software Process Improvement and Capability Evaluation, is the application of the 'SPICE' standard for software development process improvement and assessment to the automotive domain. FESCARO's solutions are developed based on A-SPICE LEVEL 2, ensuring the quality and reliability of security software for vehicles. Furthermore, in 2021, the company obtained the rigorous FIPS 140-2 certification from the US government agency (NIST) for cryptographic algorithms and cryptographic modules, which form the core of FAST™ HSM. This recognition signifies that FESCARO's cryptographic library (FAST™ CLIB) is deemed suitable for use by the defense and government agencies of the United States and Canada. ■ Fescaro also makes controllers? UNR 155 (CSMS) mandates that any cybersecurity attack occurring in a vehicle must be promptly detected and effectively responded to. On the other hand, UNR 156 (SUMS) outlines that automotive OEMs are required to implement comprehensive management tools and processes for software updates of automotives and controllers. To meet these regulatory requirements, it is necessary to protect the communication between all control units connected to the vehicle network and systematically manage the changed software configuration of the control units. FESCARO has completed the development of the essential security gateway controller(FAST™ SGW) required for future vehicles. Fescaro's FAST™ SGW protects the in-vehicle network (IVN) and can respond to Software Update Management System (SUMS). Furthermore, our cybersecurity monitoring and incident response system infrastructure allows us to address cyber threats and attacks swiftly. By utilizing cutting-edge technology and high-performance main chipsets, we have ensured functional scalability. The FAST™ SGW is set to be incorporated into mass production for global OEMs in 2023 and will subsequently expand its reach worldwide. FESCARO is extending its business scope beyond control units to encompass the emerging Software Defined Vehicle (SDV) technology. This strategic move aims to position Fescaro as a leading future car software solution specialist, driving a paradigm shift in the automotive industry. With aspirations to become a key player in the future mobility sector based on SDV, we invite you to anticipate and watch our endeavors closely this year!23.08.10