Security by design: a discussion on automotive cybersecurity with Siraj Shaikh
The focus of the Security by Design podcast from Siemens EDA is to explore issues of safety and security within the integrated circuit (IC) industry, with an emphasis on the automotive sector. Our aim with this podcast series is to explore the world of safety and security requirements, and technology for IC design. I’ll be talking to experts from all over the globe, who are deeply involved from both a technology and a research perspective, giving you a truly unfiltered view of what we’re doing and what we need to do to make IC safe and secure for critical applications.
In this first episode, your host Lee Harrison, of Automotive talks with Siraj Shaikh, a professor of Systems Security at Swansea University in Wales, also Director of CyberOwl, a marine security technology provider, and Chair of the cybersecurity stream at the GAAC, the Global Automotive Advisory Council.
You can listen to the episode, or read this edited transcript.
Lee Harrison: Hello and welcome to the Siemens Security by Design podcast. I’m your host Lee Harrison, Product Marketing Director for the Tessent safety and security product line within Siemens EDA. Today, my guest is Siraj Shaikh, who I first met as part of the security design project managed and funded by Innovate UK—studying hardware-based cybersecurity for automotive and connected vehicles and building a proof-of-concept demonstrator. Hi Siraj!
Let me kick off with probably the biggest question on everybody’s mind when we talk about autonomous vehicles: Are we ever going to see Level 5 self-driving cars?
Siraj Shaikh: Hi, Lee, and thank you for having me here. That’s a great question, Lee. My motto is ‘never say never.’ But certainly, the realities of self-driving vehicles—that level of autonomy that we want to achieve, and that is glamorized in the media and fantasized about at so many different levels—that is proving to be remarkably difficult.
There are questions about the kinds of regulation and legislation around it, particularly around what happens if there is an accident. Accidents are a fact of life, so liability and ownership is something that needs to be negotiated and agreed upon, and that’s remarkably complex. I think the wider question is that there are competing priorities in terms of electrification, in terms of connectivity, economics and supply chain around automotive in general and mobility widely. Whether the industry, policy, or consumer space would choose to lean over to some of these other priorities over a completely self-driving vehicle, that’s something to be seen.
One final point: We talk about last-mile delivery, we talk about the first mile, we talk about various public transport use cases where an autonomous form of mobility could be realized for far more benefit, far easier, and in a far more controlled fashion, perhaps, and addressing those earlier challenges that I mentioned. That could be a way to pivot us into wider autonomy. I’m just saying that there are some immediate challenges, some competing priorities, and some long-standing commercial economic issues that make the whole value proposition of autonomy perhaps not as appealing.
Lee Harrison: We’ve done quite a lot of work together in terms of security, especially around connected vehicles. Where do you think the priority of security sits within this whole question of self-driving vehicles? Are we in a position where the security technology is good enough? Or do you think that security technology is going to be lagging functional technology?
Siraj Shaikh: Let’s start with security in general, it’s still a relatively new challenge in the automotive industry, relatively speaking. I think there are a couple of factors that will drive this; one is the awareness of security amongst consumers as there are more in-cabin technologies and off-platform services that allow users to get more value out of their mobility experience. There potentially could be threats and risks coming out of it that, as the users become more aware of, I think would push up security on the shopping list. And two, as the industry becomes more mature and recent standards and regulation take effect, the industry will push security up the value chain. I say that with the viewpoint that security isn’t necessarily a value proposition, yet, it’s still a risk that needs to be addressed. Security is still not so well understood, it is still something that a lot of companies aren’t confident in it and don’t know how to package it and market it. As the knowledge matures, I think security will become much more prominent and visible.
Unfortunately, we see more threats being realized in this space, as is the case with security more generally; it takes a few big incidents, big cyber-attacks before the consumers and the industry becomes responsive to it. So, I think attention to security will grow, and I think it’ll grow dramatically over the next three to five years.
Lee Harrison: That brings us nicely to the Global Automotive Advisory Council, or GAAC. You’re the Chair of the security stream within the GAAC. What is the overriding goal of the GAAC is in terms of bringing awareness of security to the wider supply chain and the wider industry?
Siraj Shaikh: The GAAC, part of SEMI Europe, is a body that brings together key automotive stakeholders who are focused on the semiconductor and the hardware enabling of the product, manufacturing, and wider infrastructure. Their interest is in the security and safety of both the semiconductor, including its design and development, and the manufacturing and the supply chain, both upstream and downstream. The use of semiconductors in enabling digitization elements that I mentioned earlier is critical. The challenge for the GAAC is to understand the different aspects of security: design, development, features when a vehicle is operational, and what that means in terms of the features semiconductor-based applications could offer. We also think about the post-life, decommissioning and management of any silicon.
We need to understand what our capabilities are, what needs to be developed in terms of security assurance, verification, testing, and design. Also, understanding the geopolitical and supply chain issues, what key constraints or issues of competition or national security need to be understood.
Finally, GAAC is also looking at other sectors and industries for best practices. For example, in the telecommunications space and in the consumer electronics space, there are certain vertices where this problem has been better understood and they are ahead of where we are in GAAC. Applying those insights to the semiconductor lifecycle in the automotive would be key. So, that’s the mission.
I should also add that we welcome stakeholders and entities across the ecosystem. There are a number of players in this space; people who understand the tier one and OEM level, who understand the overall system and what features and constraints that may drive at that level; people who are lower down the tier chain and how they want to resource and package, and integrate those technologies; people who are at an arm’s length from this, who are meant to be providing approval, enforcement and compliance checks of standards.
Lee Harrison: From my experience with the GAAC, I agree, if you look at the number of players that attend the various meetings and get involved, it really does represent a significant cross-section of the whole automotive industry—everybody from the OEMs, the cells, the tier ones, the IP providers, and the EDA providers. I think it has an extremely high value because you’re getting individuals from every part of the whole semiconductor sector, everybody that’s providing automotive semiconductors is represented at some level within those GAAC different work streams.
Siraj Shaikh: Absolutely, and I think end users should be in the room too. Whatever security-related changes or shifts may come about have to be viewed as how viable they are. A lot of organizations are for-profit and wonder, will I be competitive? What partnerships do I need? Where do I find talented workers? My role as Chair at GAAC is to do two things: one is to enable that community, grow that community and make sure that all the gaps are filled in terms of the representation of the different stakeholders. The second is to drive an agenda slow and steady because a lot of these issues are quite dense and are quite multidisciplinary. We cannot ignore the economics, we cannot ignore the technology, we cannot ignore the regulation and legislation, and we cannot ignore consumer behavior. And all of them are different and complex subjects that require individual attention, not to mention how they can come together. I want to make sure that we get to a point where, as a community and as a wider society, we benefit from that deeper understanding and then come to a pre-competitive resolution across the industry on a number of those elements, whether its new standards, new practices, or new research.
Lee Harrison: Let’s talk a little bit about projects. What’s your latest experience with security projects for connected vehicles? Where are things heading? What are the challenges? And how do you see things progressing?
Siraj Shaikh: We have a few active projects at the moment, which reminds me to acknowledge the team. I represent the system security group at Swansea University where we are a small but growing group of people who come together from mixed backgrounds in terms of computer science, electronics, embedded systems, communications, and automotive focused on aspects of cyber-physical systems. Three areas are representative of the wider work that we do. We’re looking at the security of 5G, particularly from an open perspective, trying to diversify the supply chain of design and development, and how to enable dynamic risk assessment around that. For that project, we are partnered with Toshiba and Talas funded by the UK Government.
We have a project funded under the Digital Security by Design initiative in the UK, which is enabling several trials using a technology called Cherry, which is enhanced processor architecture that is packaged and delivered as a prototype by Arm. This is an automotive use case, exploring how certain architectural enhancements to overcomes memory-based security problems, and the trade-offs of performance with safety in a live driving model.
We just started on a project with the consortium to look at system-level risk assessment around a self-driving shuttle up in Sunderland, in the north of England. We’re doing a trial to see how we could support a nearly commercial service that shuttles people from a couple of points across the city in an actual road trial and live in the city.
Across these projects, we get a view across the different stacks of technology, some very low-level component-based developments and assurance around that. Some of it is system-level risk modeling, which is a very different perspective. A lot of our focus is around assurance—how we guarantee, reason, and assure in a number of ways for security against the system using several modeling and tooling frameworks that we are particularly championing.
This shows the scale of the complexity of this task. Bringing something to the road takes a number of forces to come together and align in the right way, including economics and government policy. Advances will come in chunks, step by step, as it is with long-term challenges. I think there will be some successes, there’ll be some failures. So this is where we are, and it’s a great view from where we are because there is a lot to learn, as academic researchers, but also in enabling partnerships across industries.
Lee Harrison: It’s been an eye-opening experience for me, embarking on some of the security-based projects, because we at Siemens have had to work with different groups of people that we would not usually be involved with. It’s more far-reaching than our traditional customer base. You touched a little bit on hardware-based security technology. You talked about the Cherry architecture. Obviously, the big focus within our Tessent group at Siemens is IC test and hardware technology, and you’ve had quite a bit of exposure to our Embedded Analytics technology being used for chip security. How do you see that complementing the cybersecurity challenge for these type of projects?
Siraj Shaikh: One thought is that as we grow towards much more regulation in security, the need for safety-critical control and communication systems, or enabling systems and data-intensive systems, as the need for compliance and evidence towards that compliance grows, that technology providing a very low-level transparency and understanding of the system is important and that will play a role. I think how the test and analytics piece could map onto a number of compliance needs.
The other area is that we are getting better at deriving value out of data. I mean that very loosely, in terms of system-level characteristics, system-level properties, and how they could be articulated and expressed using those datasets that you were able to generate. It enables an operational view of IC designs. And deriving value out of very low-level configurations of these systems would open up a number of other applications. So, yes, Embedded Analytics offers value addition, in terms of security, and measures security and assurance envelope, both I think are key drivers. We’ve had firsthand experience of working on use cases with you and we’ve been able to demonstrate some remarkable insights into this area, and I only wish that we had more time.
Lee Harrison: Yeah, that’s always the challenge. The technology is there and it’s very good at detecting and mitigating security threats. But one we also need to identify the potential threats at the initial analysis part of the project. Because a lot of that initial analysis work is done by hand, you need dedicated experts to analyze where all the different security threats are for a given system and list those out before you can implement your security detection and mitigation solution. At Siemens EDA, we have a huge interest in developing EDA tools to try and automate as much of these problems as possible. Given what we’re hearing about the worldwide shortage of cybersecurity experts, do you think EDA really plays a big part in this kind of process of doing the analysis part of the upfront design?
Siraj Shaikh: Absolutely. Given the challenges of integration, EDA has to become part of a wider toolchain to enable more and more automation of security-related analysis. A key step is finding those toolchains and mapping them onto different verticals. The other thing is more regulation compliance needs. As these standards are emerging, some of them would have cyber security cases that need analysis and automation tools could provide assurance that the system behaves in a certain way.
The other challenge is the hardware threats, which don’t get as much attention or forensic explanation as they should. As that gains more attention, it should enable organizations like yours to articulate the value that you provide. On the SecureCAV project that we did, demonstrating that use case in the automotive area was exactly the objective. We need more activity like that and to mature, not just the use case in the demonstration of that capability, but also to offer a solution that integrates into the toolchain for OEMs and tier-ones in their integration cycle.
Given the challenges of integration, EDA has to become part of a wider toolchain to enable more and more automation of security-related analysis.
Siraj Shaikh
Lee Harrison: You talked about the fact that hardware threats are still very much in their infancy compared to some of the more advanced attacks seen in the software domain. If we look at how the overall cybersecurity market is predicted to grow from around $155 billion to $376 billion by 2029, we’re going to have our work cut out in terms of making sure that we’re properly covered, we have the right technologies in place, and we also have enough engineers and the right experts in place. You’re in a prime position, being in academia to try and help address that challenge. What are you seeing in the academic space? Lots of new graduates? What is the student interest level in cybersecurity?
Siraj Shaikh: Lee, in terms of both ends of the pipeline, there is growing interest. Students are increasingly taking notice of cybersecurity and are wanting to embark on a profession in that direction. Employers and recruiters are also very mindful and very active at the other end of the pipeline. And that’s great, that’s healthy, that I think is going to grow and sustain. I think the only consideration here is how competing areas like AI, photonics quantum, and blockchain may deflect or distract some of these pipelines. But regardless, I think security has a good level of interest and a pipeline and I think there’ll be more we’ll see as the demand grows.
But there’s one thing, which is very important: some engineering organizations do not understand the level of effort and cost security takes across design and development lifecycle. A lot of security analysis and design could be iterative, it could open up and expose aspects of design or implementation, which means that suddenly you embark on a project with a finite resource and timeline that requires a completely new set of tasks. It’s a big challenge to estimate, monitor and track the cost and effort needed to deliver a particular set of tasks as part of the lifecycle. This will improve with maturity around tooling and automation of all of those design tasks. Companies could rely on an established cycle of design, development, and testing to give them confidence. And that gives them a much more finite, hopefully, solid fixed picture of the cost and effort. In a sense, organizations like Siemens EDA could show how they could offset a lot of that human-intensive labor into a structured toolchain.
Lee Harrison: Agreed. From a development perspective, for the automotive market, we boil things down into four key investment areas: quality—making sure that the semiconductors that are manufactured for the automotive market have an extremely high-quality level, essentially zero defects. Then we’ve got in-system tests—being able to test silicon throughout its whole life within the vehicle and within the system. The two newer areas for us are security by design—coupling safety and security. The final part of where we see our investment is in reliability—where products are 100% good coming out of the factory, you test them throughout their whole life to ensure that they stay good, and being able to identify and react if something does happen. There’s lots of discussion around use models for reliability, making sure that as silicon ages, especially once you get into autonomous vehicles. How do we make sure that that we keep track of how the device is performing, its general overall health, and make sure that when it does come to a point where it does need replacing, we know about that upfront? These technologies are all tied together and the data that we can pull from them can help us build a complete picture of the device and the system. I don’t know if you have any thoughts on where you see this whole data requirement going. It’s still a little bit undefined today and we still hear customers saying they are not sure what data they need.
Siraj Shaikh: The value that the data can provide, and what kind of data, who owns it, and how do they have to provide it, and what that means, all of that will become more and more clear. Now we can look at other parts of the digital economy to see where the value derived from data is used very well. Some of the big tech companies are very good that this. As chips become part of the wider digital economy, more open to configuration, more accessible, more customized, and that ability to generate data out of them increases, the value addition will grow. But how do you demonstrate that? You mentioned quality, safety, security, and reliability. There is no point detangling those, so it’s important that the toolchain you offer to your customers and the ecosystem reflects that as well. It’s more and more integrated into the lifecycle.
There’s a sustainability aspect as well. In the future, it could be that an automotive platform as a vehicle as a piece of metal could be far more sustainable and made to last much longer. The electronics and services on it could be made more customizable. People would pay just for those features. The automotive industry is exploring the value of the digital element, the ability to change or refresh the same car with new features.
Lee Harrison: The software-defined car is a whole other topic. I think that’s at least another hour of discussion. So, at that point, many thanks for your time today. It’s been great, as always, talking to you. I look forward to the next time we get together. Thank you very much and I hope you’ve had a good time.
Siraj Shaikh: Thank you, Lee. It’s been very useful touching some of those things. And I look forward to more collaborations, not just with you, but also everyone who’s out there.