Innovation
Automotive Cyber Security Innovations
VERZEUSE™ series
Comprehensive innovations that combine world-class technological capabilities to protect vehicles from cyber attacks
VERZEUSE™ series provides comprehensive innovative solutions to protect vehicles from cyber attacks throughout their lifecycle, from development to post-shipment. The modern automotive industry faces the threat of increasingly diverse cyber attacks, along with the rapid evolution of digital technologies. As a result, ensuring safety in this environment has become a pressing issue. The VERZEUSE™ series automates traditionally labor-intensive cyber security countermeasures with tools at every phase, from design and development to manufacturing and post-shipment, preventing potential risks before they occur. It provides strong support to ensure a safe and secure lifecycle for the vehicle.
Furthermore, these innovations combine to provide an adaptable and highly scalable platform designed to effectively address emerging threats and evolving regulatory requirements, playing an important role in improving security across the industry.
Strengths of the VERZEUSE™ series
Lifecycle-based solutions for automotive cyber security
The VERZEUSE™ series provides innovative solutions for every phase of the automotive lifecycle, from design to implementation, evaluation, manufacturing, and operation. By linking the input and output data of innovations at each phase, we implement cyber security measures that efficiently cover the entire lifecycle.
Automated cyber security response addresses security personnel shortage
Traditional cyber security responses are challenging to implement without security expertise and therefore tend to depend on key individuals. By automating these responses with tools, developers can comply with international standards, even if they are not cyber security experts. This approach significantly reduces person-hours and enables rapid development by eliminating rework.
Improved security for in-vehicle software to support evolving automotive architecture
New security threats are emerging as automotive system architectures move toward software-defined vehicles (SDVs).
We address new security threats with practical and effective cyber-attack countermeasures that leverage our knowledge of automotive and ECU architecture and in-vehicle software.
Innovations by lifecycle phases
We provide comprehensive innovations to ensure advanced cyber security throughout every phase of the product lifecycle.
While each of these tools can meet high cyber security standards independently, they can also be integrated to achieve even more advanced cyber security measures.
Development phase
Threat analysis Security design 
Development of ISO/SAE 21434 compliant threat analysis innovations:
VERZEUSE™ for TARA
Analyzes cyber security risks for vehicles and in-vehicle devices in the early stages of development and quickly generates ISO/SAE 21434 compliant threat analysis results. Even developers who are not security experts can simply answer a multiple-choice questionnaire to determine the security requirements based on the characteristics of the vehicles and in-vehicle devices.
Issues associated with threat analysis
- Increased workload for developers due to regulatory compliance requirements
- Reliance on key individuals for analysis can create gaps or inconsistencies in security coverage
With VERZEUSE™ for TARA:
Developers can quickly perform threat analysis—no security expertise needed
Integrates the know-how and tacit knowledge of our in-house security experts into three components: Questionnaire, Threat Intelligence, and Automation Tools. Answer a simple, multiple-choice questionnaire to obtain immediate threat analysis results and ISO/SAE 21434 work products.
Define specific countermeasure requirements and prevent introducing vulnerabilities
In addition to threats and mitigations described in regulations, standards, and industry guidelines, we also use Threat Intelligence, a collection of our specific security countermeasure examples.
Immediate access to specific security requirements during the requirements definition phase and vulnerability checklists during the design phase enables early determination of security requirements according to the characteristics of in-vehicle devices and prevents the introduction of vulnerabilities.
Keep risks and countermeasures current
Automating the analysis process eliminates reliance on key individuals and enables consistent analysis results and change management. Even with frequent changes in the specifications throughout an vehicle’s lifecycle, the results can be easily reanalyzed to keep risks and countermeasures current.
Security implementation
Virtualization security innovations
VERZEUSE™ for Virtualization Extensions
An in-vehicle software innovation that can protect next-generation cockpit systems from security threats and attacks to keep vehicles safe.
Uses virtualization technologies such as hypervisors and containers, which are essential for systems integration as automotive architectures evolve.
Issues associated with cyber attack detection and protection
- Ensuring safety against emerging security threats
- Ensuring robustness and scalability of security functions
With VERZEUSE™ for Virtualization Extensions:
Protect systems through communication monitoring
Monitors communication data on virtualization platforms such as hypervisors and container platforms, which are used in next-generation cockpit systems. This function detects and blocks unauthorized attack data, protecting next-generation cockpit systems from emerging threats and attacks.
Continuous monitoring from a secure area
Using virtualization technology, the system monitors communications between the software area connected to the external network and the software area containing the vehicle’s critical functions. The monitoring function is installed in an isolated software area, allowing it to monitor communications from a secure area and block abnormal communications.
Select optimal monitoring functions
It is also possible to import any monitoring function as a plug-in according to the characteristics of the system and communication. Another advantage is that installation costs remain low because no modifications are required on the application side.
Security implementation
Cyber security robustness innovations
VERZEUSE™ for Runtime Integrity Checker
If a security monitoring system is tampered with or shut down by attackers while it is running, it will no longer be able to monitor ongoing cyber attacks.
To mitigate this risk, integrity monitoring software can be employed to ensure that the security monitoring function itself is not under cyber attack.
Issues associated with security monitoring
- Increasingly sophisticated cyber attacks targeting the internal systems of vehicles
- Heightened risk of attackers disabling the monitoring function itself
With VERZEUSE™ for Runtime Integrity Checker:
Continuous and secure monitoring
Integrating integrity monitoring software allows for continuous verification of the operation of the security monitoring functions and strengthen protection against cyber attacks. This solves the problem that the existing secure boot only guarantees the integrity of the software at startup, but does not ensure its integrity during operation.
Building a Chain of Trust
Installing integrity monitoring software in a trusted area and creating a Chain of Trust protects the security monitoring functions and reduces risk. It has been highly evaluated by many car manufacturers as a unique innovation, and has been adopted as an in-vehicle product ahead of offerings from other companies.
Early attack detection and signed notifications
Integrity monitoring software regularly checks that the security monitoring functions are working properly. The results of these checks are notified outside the vehicle in the form of a signed monitoring log, ensuring prompt detection of attacks and reducing security risks.
Security verification Validation
In-vehicle security evaluation innovations
VERZEUSE™ for Threat Evaluation and Security Test Assistance toolkit
Automates in-vehicle security evaluation process. Allows for high-quality, efficient security evaluation even for users without security expertise.
Issues associated with security evaluation
- Evaluation requires a lot of manual work
- Difficult for developers without specialized security knowledge to perform evaluation
With VERZEUSE™ for Threat Evaluation and Security Test Assistance toolkit:
Two efficient services for tedious security evaluations
In addition to our Evaluation Assistance Kit, which enables customers to perform their own evaluations using our proprietary security evaluation specifications and tools, we also offer a service where our in-house evaluation team performs advanced security evaluations using specialized expertise and state-of-the-art tools.
Customized to your evaluation requirements
We define procedures and criteria for performing various security evaluations, including fuzzing tests, vulnerability tests, and penetration tests. These can be flexibly customized to meet the specific evaluation requirements of your in-vehicle ECU under development.
Manufacturing phase
Manufacturing
Manufacturing security for factories
Innovations that ensure the security of manufacturing processes and manufactured products
Today’s factories are becoming more labor-efficient and more expansive, with an increasing number of devices integrated into their networks.
The Panasonic Group views cyber attacks on factories as a management risk, and is working to quickly detect and recover from such attacks.
Issues associated with manufacturing security
- Increasing number of cyber attacks on factories
- Rising costs of operating and managing encryption keys
With innovations that ensure the security of manufacturing processes and manufactured products:
Experts analyze factory communications
In industrial control systems such as factories, it is important to detect signs of attacks as soon as possible and take prompt action.
At the Security Operation Center (SOC) operated by Panasonic Holdings Corporation, security analysts analyze communications at our customers’ factories to detect network anomalies and malware intrusions. When such events occur, they also determine the extent of the damage and take appropriate action to address them.
Handle entire key management process completely in-house
Connected cars require the use of encryption technology. The encryption keys are individually written to each ECU at the factory. This system provides a highly confidential key management innovation by retrieving only the necessary keys when they are needed and disposing of the keys immediately after they have been written to the ECU.
Operation phase
Operation (Post-shipment)
Security monitoring innovations for shipped vehicles
VERZEUSE™ for SIEM (Security Information and Event Management)
VERZEUSE™ for SIEM automatically detects and analyzes cyber attacks on shipped vehicles to accelerate and streamline security monitoring.
Issues associated with vehicle security monitoring
- Increasing cost of analysis due to growing scope of analysis
- Increasing complexity and sophistication of cyber attacks
With VERZEUSE™ for SIEM:
Quickly analyze cyber attacks on vehicles
If a shipped vehicle is subjected to a cyber attack, the attack determination engine automatically analyzes and visualizes the attack’s characteristics and associated risks. Analysts at the Vehicle Security Operation Center (SOC) can reduce analysis time by focusing on high-risk items.
Apply threat information from various industries to improve accuracy
Through our collaboration with Panasonic Holdings Corporation, we utilize not only publicly available threat information, but also apply Threat Intelligence – Threat Intelligence is based on Panasonic Group’s proprietary collection of threat information across a wide range of business areas – to vehicles. This enables us to respond quickly to increasingly sophisticated cyber attacks.
Operation (Post-shipment)
Vulnerability analysis innovations for shipped vehicles
VERZEUSE™ for SIRT(Security Incident Response Team)
VERZEUSE™ for SIRT analyzes the risks associated with in-vehicle software vulnerabilities identified after shipping and determines the priority of response. It significantly reduces the time required for vulnerability risk analysis and vulnerability response.
Issues associated with vulnerability analysis for shipped vehicles
- Increasing size and number of in-vehicle software products expands the scope of analysis
- Growing system complexity complicates risk analysis
With VERZEUSE™ for SIRT:
Analyze risks for the entire vehicle
Uses the results from the security threat analysis during vehicle design, a list of software installed in each ECU called the Software Bill of Materials (SBOM), the connection information between each ECU, and our proprietary analysis algorithm to calculate the possible cyber security attack routes and impacts. In addition to analyzing security risks for individual ECUs, it also analyzes security risks for the entire vehicle.
Apply threat information collected from various industries
Through our collaboration with Panasonic Holdings Corporation, the product is linked to Threat Intelligence, which stores threat information collected by the Panasonic Group from various industries such as factory automation, home appliances, and IoT devices. This improves the accuracy of security risk assessment.
ISO/SAE 21434-compliant vulnerability analysis support
Vulnerability analysis in VERZEUSE™ for SIRT is performed in accordance with the ISO/SAE 21434 process. The analysis results can be submitted as evidence for audits.
Personnel training
Increase corporate competitiveness through cyber security personnel training
The automotive industry is facing a significant shortage of security personnel. Training security personnel is crucial for enhancing our competitiveness as a company.
This is why we have developed and are driving a program to help in-vehicle device development engineers acquire the necessary security knowledge and skills.
Training program for automotive security personnel
The training program lasts for two years. It begins with classroom instruction, where participants learn the basics, followed by on-the-job training, where they work on developing actual security technologies.
By equipping participants with the ability to develop security technologies, the program allows them to grow and become personnel who can lead the development of secure in-vehicle devices, or to evaluate the security and vulnerabilities of completed in-vehicle devices and systems.
In-house university Panasonic Automotive Systems University (PAS University)
PAS University is an in-house university designed to enhance the abilities and skills of employees and support autonomous career development. With a curriculum that covers management philosophy, leadership, and specialized skills, we are committed to human resource development for all employees.
We also focus on human resource development in security and promote the development of human resources with advanced and specialized skills through interactive learning among participants.