Contributing to the Safety and Security of Connected Cars with Technology Accumulated over More than 30 Years
The risk of cyber-attacks targeting automobiles is increasing every year alongside the innovative development of autonomous driving technology, the progress of digitization, and the increase in the number of vehicles connected to networks which are referred to as connected cars. Panasonic Automotive Systems Co., Ltd. is applying security technology that Panasonic has cultivated over many years in home appliances to the automotive domain. We protect, monitor, and respond to vehicles from cyber-attacks with our top-level technological capabilities in Japan, the Americas, and Europe. We are making a difference for our global customers.
It All Started with DVDs, B-CAS, Cell phones, and Smartphones...
The roots of Panasonic’s automotive cyber-security technology development can be traced back to a DVD player released in 1996. Content protection technology, which prohibits unauthorized copying of DVD discs, is a security technology essential for the secure distribution of quality content. Panasonic has been an industry leader in the development of security technologies that are essential for digital home appliances and ICT, including for DVDs, B-CAS for digital broadcasting, cell phones, and smartphones.
Research and development of automotive cyber-security technology began in 2014. With the proliferation of connected cars in mind, Panasonic decided to invest the human and technological resources it has accumulated over the years to contribute to the safety and security of cars. Now, security technologies for a wide range of Panasonic products have come together at Panasonic Automotive Systems Co., Ltd.
Panasonic Automotive’s automotive cyber-security technology has three strengths.
1．Human Resources, Organizations, and Technologies Accumulated through More than 30 Years of Commercial Experience Deployed in Automotive Cyber-security
Panasonic has more than 30 years of commercial experience in security for embedded devices, including AV equipment, mobile devices, and IoT devices, and is applying the human resources, organizations, and technologies it has accumulated over the years to automotive cyber-security. This allows our engineers, who are well versed in the vital details of security, to be a driving force for superior technological development and patent applications in the completely new area of automotive cyber-security.
２．Operating Vehicle Hacking Team and Countermeasure Team Engage in Friendly Competition
Panasonic not only simulates anticipative attacks, but also purchases commercially available vehicles and conducts attack experiments. We have hacked more than 10 actual vehicle models from a black box status. This means that we can devise countermeasure technologies that match the actual situation from the attacker's point of view and position. We have both attack and countermeasure teams that operate in unison, and each team works hard to improve both sides of the issue on a daily basis through friendly competition.
３．Patent-Focused Corporate Culture
Panasonic's corporate culture encourages active application for patents based on our experience of patent competition with competitors in the commercialization of DVDs and Blu-ray discs. There are many cases in which ideas are generated in the course of technological development, but it is up to management to decide whether to devote more time to technological development or to patent applications. Panasonic has passed down the importance of patent applications from the past, and each and every one of our engineers values this culture.
To evaluate both patent quality and quantity of companies in the automotive cyber-security field, Panasonic commissioned Patent Result Co., Ltd., a leading patent search firm, to conduct a survey. In this role as a third-party research organization, Patent Result created a search formula and extracted 1,528 Japanese patents, 3,511 U.S. patents, and 1,141 European patents, and evaluated their patent scores using the Biz Cruncher patent analysis tool. They found that Panasonic is far ahead of its competitors in both quality and quantity of patents. For more information, seehere.
Young Employees Working on the World’s Most Advanced Security Technology
＜Automotive Systems and Component Security＞
Panasonic is a global supplier of automotive systems and components centered around IVI*. Mr. Tanabe works with the development engineer of each product to develop technology to prevent product software being tampered and exploited. *IVI...In-Vehicle Infotainment. A word coined to mean information + entertainment.
“At the end of the 2000s, a car was hijacked by hackers, and the general attention being paid to automotive cyber-security rose dramatically. At our company as well, it was necessary to change the mindset of engineers involved in product development,” Mr. Tanabe recalls. Product security cannot be achieved unless every employee involved in product development recognizes the importance of security measures and puts them into practice. Security also represents a major advantage for products.
“Even after a single development project is completed, we continue to follow up on vulnerabilities frequently reported in, for example, OSS (Open-Source Software) used in products that have already shipped. While participating in development projects for an ever-increasing number of new vehicles, it is difficult to take countermeasures if we don’t know the history of the development, and it is not easy to hand over the responsibility for completed development projects to others,” Mr. Tanabe says. This is a unique problem due to the high levels of technology that cannot be imitated.
＜Home Appliance Security＞
Mr. Iwano is applying the know-how he cultivated in a wide range of product lines to the automotive field, while improving the overall level of technology through a synergistic effect of feeding back knowledge gained in the automotive field to home appliances.
“It is very rewarding when a product I was involved launches,” Mr. Iwano says. “Just as we do for car manufacturers, it is important for the engineers who are responsible for product development to understand that security measures are indispensable.” The risk of hacking is also an issue in home appliances. “It is natural that people do not really consider security threats unless an accident occurs. That’s why visualization is so important, and security measures for home appliances and cars, like the antivirus software for PCs, need to become the norm as part of a society where people can live with peace of mind,” Mr. Iwano points out.
＜Improving Efficiency in the Development of Security-compliant Products＞
Development efficiency has also been improved by identifying the risk of cyber- attacks and automatically deriving countermeasures. By programming the tacit knowledge of experts, product developers can now analyze threats simply by answering a questionnaire. The time required has been drastically reduced to more than one-fifth of the previous method, saving hundreds of millions of yen.
“Sometimes, understanding the meaning behind each line of a program we have produced allows us to solve issues that require urgent modification. When this happens, I feel an indescribable sense of accomplishment, because I realize that there is an invisible meta-text, like the background of the program, inside me,” Mr. Aoshima explains. “In the near future, I would like to move the threat analysis system that I developed myself to the cloud and deploy it throughout the company to further improve efficiency,” he says of his future goals.
Ms. Tomiie is a new employee who was assigned to the workplace this past October. She majored in security technology at university and volunteered to take on this job. “My impression was that younger employee’s senior to me were free and open-minded in the workplace. At meetings, each person is asked for their own opinion, regardless of position. I will not give excuses based on being a newcomer to the company, and I will form my own opinions about our work,” she said.
＜Next-generation Monitoring and Detection Systems＞
The monitoring and detection system, SIEM (Security Information and Event Management), developed in anticipation of the age of autonomous driving, is built into the Security Operation Center operated by Panasonic and is responsible for identifying cyber-attacks based on large amounts of detection log data received from vehicles.
The results of the analysis of identified cyber-attacks are reported to car manufacturers, which then update the software to restore vehicles to a safe state.
“The development of vehicle SIEM is still an emerging field worldwide. I am in charge of the entire process from requirement definition to development and testing. It is difficult work, but it is extremely rewarding,” Mr. Ito explains. In order to combat cyber-attacks, which are evolving on a daily basis, it is essential to stay up-to-date on the latest trends. We accumulate data on attacks and countermeasures from around the world, and study and implement specific countermeasures.
Mr. Ito, who majored in AI at university, shares his aspirations, “I would like to apply AI technology to security for automating tasks, so that operator can direct their resources to activities that requires thinking.”
＜Security of Integrated ECUs＞
To respond to new threats, such as the abuse of virtual communication, we aim to build a flexible and robust environment while keeping development costs low by integrating security monitoring functions into the virtualization platform.
While integrated ECUs with multiple functions in a single ECU (automotive computer, Electronic Control Unit) offer a variety of advantages, they also increase security risks. For example, the integration of communication functions that are in constant contact with external networks and ADAS, which performs functions such as autonomous driving, into a single ECU increases security risks due to external access.
Mr. Hirano is working on this topic in collaboration with OpenSynergy, a group company based in Germany. “We need to have a deep understanding of the configuration of the system, look at it from a bird’s eye view, and determine which countermeasures and approaches are best suited to the specific circumstances. It is a job that requires a breadth of knowledge that must be constantly updated,” he says.
Although Mr. Hirano is active globally, presenting papers at international conferences in the U.S. and Germany, he says that when he was posted to Germany on his first overseas assignment, he faced a series of difficulties. He recalls, “I had to explain to local engineers in English about technologies that were difficult to explain even in Japanese, and when they didn’t understand, I had to repeatedly explain them with different words.” After three years of service, he is now utilizing the technology and knowledge he gained in the field to lead security measures for the integrated ECUs at the Yokohama office.
From Veterans to Novices. The Industry’s Leading Group of Engineers Protects the Future of Automobiles.
In January 2021, Japan enacted automotive cybersecurity regulations, and in July 2022, regulations for vehicles came into effect. Similar trends are spreading globally, including in North America, Europe, and China, and car manufacturers and suppliers around the world must adapt quickly.
To respond to these global changes, Panasonic Automotive is working to raise the level of automotive cyber‐security and contribute to the further development of the automotive industry by leveraging our technological and patent strengths to develop security tools and systems. The technology and know-how we have accumulated over the past 30 years has been passed on from veteran engineers to younger engineers, and we have grown into one of the industry’s leading security technology groups. We will continue to contribute to the safety and security of drivers.