In response to the shortage of security personnel, we developed and have been actively implementing a program for development engineers working on in-vehicle equipment to gain security knowledge and skills.

Cyber terrorism involves attacks on critical infrastructure systems by hacking to destroy or falsify data. The number of vulnerabilities publicly disclosed worldwide is expected to reach 30,000 in FY 2023 and 40,000 in FY 2024, with around 1 to 2% related to automotive systems. Though the number of cases is limited, the impact of attacks on IVI (In-Vehicle Infotainment), the brain of connected cars, is immeasurable as it is developed using many open-source software.

The Panasonic Group has developed security systems over many years in the field of home appliances, and that knowledge is now being applied to the automotive domain. With top-level patent competitiveness in Japan, the United States, and Europe, we play an important role in monitoring, protecting, and responding to cyber-attacks on vehicles. In addition to training specialized security engineers, the spread of connected cars makes it imperative that all engineers involved in the development of in-vehicle equipment understand the importance of vulnerability remediation and keep it in mind for their work.

To spread this knowledge, we gathered and organized experts in security. As part of CoE*, we are developing and promoting a program to help in-vehicle equipment development engineers gain security knowledge and skills. The training period is two years, and after acquiring basic knowledge and then taking on-the-job training at actual development sites, they are further trained to be reviewers that can develop security technologies, give instructions on the development of security-conscious equipment, and evaluate the security and vulnerabilities of completed in-vehicle equipment and systems.

As the automotive industry sees a rapid advance of technologies, including electrification, automation, and connected car and vehicle sharing technologies, engineers need to evolve their mindset and update their skills. We will establish Panasonic Automotive Systems University (“PAS University”) this autumn, an in-house university that aims to improve the abilities and skills of employees and support autonomous career development.
To maintain the top market share in the world’s most advanced development area, investing in human resources is essential. PAS University systematically trains engineers in concert with our overall efforts. This training is not only for engineers newly hired by the company, but also for the world-class engineers who are leading the shift to SDV*. We will also further promote the development of security personnel as part of CoE operations in line with our personnel development initiatives.

We interviewed members of the Security Development Department, Platform Development Center, R&D Division.

Machida: Due to the shortage of security technology specialists, our business unit had to ask other departments to review security technologies. Considering the urgent need for cyber security, we decided to participate in the training program to become security reviewers.

It’s been a year and a half since the start of the program, and I’m really glad that I got the chance to learn cutting-edge technologies. By working as a member of the Security Development Department, I not only study to be a reviewer but also gain the latest information on security development, which stimulates my intellectual curiosity as engineer. It really inspires me.

Aizawa: The engineers around me often tell me that they are jealous.
Since my specialty is hardware and I used to think that security technology is part of the software field, I was nervous, to be honest. However, there are hacks that take advantage of hardware vulnerabilities. All engineers need to take measures against vulnerabilities.

Wakao: You have to learn skills at a high level in a field that is completely new to you, and it takes time. Both of you have already started reviewing product security for your business units, but we still have a serious shortage of reviewers. Would you communicate the importance of security measures and find potential security engineers who will come after you when you return to your own workplace?

Aizawa: This training inspired me to try to obtain a national qualification in information processing. I had no knowledge of software and was a novice in the field of security technologies, but my colleagues encouraged me to participate in the program by saying, “That is precisely why you will gain new insight.”

Wakao: A team of experts often lacks new perspectives, so bringing fresh perspectives is highly appreciated. The importance of security is being recognized internally, but it still requires investment in personnel development. I will continue to work hard to enhance our company’s unique strengths.

Ito: I am learning how to manage and handle keys used in semiconductor chips that are installed in ECUs. Specifically, we establish a procedure for requesting the semiconductor manufacturer to safely and securely write the key entrusted to us by our customer, the car manufacturer.

Sakaki: It takes one to two months to fabricate semiconductor chips, so if you make a mistake in handling the key or following the procedure, it may affect the productization schedule. It requires intense attention.

Sakaki: Key and cryptography technologies are particularly important in the field of security. It is, indeed, a very advanced and difficult theme, but there aren’t many opportunities to experience it. I think Mr. Ito was fortunate and took advantage of this good opportunity.

Ito: I came here with no knowledge of security, so I got started by looking up and understanding the terminology. The current theme also requires knowledge of semiconductors, because I communicate with the vendors that manufacture chips for us.

Ito: I really think it would be best if I can put what I learned here into practice at my original workplace. Security technology is essential in any work, so I am sure that I can make use of the knowledge and experience I gained here wherever I go. Additionally, this training has given me the chance to acquire broad but relatively shallow knowledge of a variety of technical categories, which is required for the practice of security technologies. I feel that it will really help me grow as a professional.

Sakaki: Even in a different field, if you can develop features based on knowledge of security, it will bring great added value. Through this training program, we want to boost the number of engineers with knowledge of security to raise the overall level of our technological capabilities.

As in many other industries, a lack of personnel in the software area is an issue in the automotive industry. Among other issues, security personnel need to have specialist knowledge and skills for security as well as of software technologies. In addition, many vulnerabilities have been found in hardware in recent years. This means that hardware engineers are now also expected to have knowledge of security. The shortage of personnel in this area is very serious.

The security problems caused by exploiting vulnerabilities will not disappear as long as people somewhere have malicious intent. We hear that generative AI will diminish the number of white-collar jobs, but if both attackers and defenders use generative AI, control by humans will ultimately be the deciding factor. For example, our company offers innovative systems* that analyze the security risks of vulnerabilities and determine the priority to solve them, but it is the security engineers who determine how to solve the relevant vulnerabilities.

Development of Vulnerability Analysis Innovations VERZEUSE(TM) for SIRT | Automotive Equipment | Products & Solutions | Press Release | Panasonic Newsroom Global

The development of security personnel is an important theme that directly translates into our competitiveness as a company. The strength of our training program allows trainees to learn about development and countermeasures in practice based on the advice of senior employees with a wealth of experience. Thanks to the security technological capabilities we built up over many years, we can make full use of that experience.

press release released on Jul 21, 2022：Analysis of Automotive Security Technology from Patent Data: Panasonic Ranks No. 1 in Japan, U.S. and Europe

feature:Contributing to the Safety and Security of Connected Cars with Technology Accumulated over More than 30 Years