Reading time: 5 minutes
What makes software so important in cars today?
Alongside electrification and autonomous driving, this is the third major wave of change to hit the automotive industry. The increasing importance of software is strongly driven by consumer needs. There are around 5.5 billion adults on the planet, and statistics show that 3.5 billion of them spend many hours online every day. And they increasingly expect to be able to take their digital world with them into the car. They want a digital experience while driving that is comparable to downloading a new game from Google’s Play Store or from Tencent in China. In China, a car's software features are already the number one reason people buy a car. This puts pressure on the industry to make cars data-secure.
How is the automotive industry adapting?
In order to fund some of the development and security costs, the companies are hoping that their software-defined vehicles will open up additional sources of business – in other words, that they will be able to earn money over the course of the vehicle being used with its corresponding digital functions. Until now, the revenue has been channelled through the service to the dealer. Now vehicle manufacturers have the opportunity to sell certain functions or additional features directly to the customer. Today, we are dealing with scalable software platforms that are really hardware agnostic. The publications on the future strategy of Stellantis, BMW, and Volkswagen show that the necessary sales potential is already available today.
Learn more about how OEMs are developing innovative business models for Software Defined Vehicles (SDV)
“There's a new update, darling, let's go!”However, the transformation of cars into ‘computers on wheels’ with their own operating systems will only be successful if it is also safe …
To make the electrical/electronic (E/E) architecture safe, it needs to be rethought, as we show in our study. We come from a world where software in cars always ran on specific control units. There were separate control units for the engine, the brake controller, the air conditioning, the power windows, etc. In a complex car of the previous generation, we had up to 100 control units. However, the ability to receive updates while driving or to exchange data online and in real time was not yet technically feasible. Also, it is just not possible to integrate a manageable safety architecture into this number of components. We are now confronted with the need to adapt the entire electrical architecture of the vehicle to the needs of the customer and the promise of a truly software-defined vehicle.
Is “centralising computing power” the magic word?
Tesla or newer generation manufacturers such as Rivian or Nio are the most advanced in terms of centralising computing power: they have only two to three main computers in the car, with a few smaller secondary computers. Our study shows that by the end of this decade, by 2030, most OEMs will be concentrating on three to five central control units in the vehicle.
And that creates what you call “trusted zones”.
Cars then have one control unit for the powertrain, i.e. the engine and chassis, one for body control, such as the window regulators mentioned above, and one for connecting the car to the outside world, one for entertainment, and one for autonomous driving. These domains have different requirements: Body and powertrain functions are still most rooted in the “old world”. They need little contact with the outside world and can also be fairly well isolated from a cybersecurity perspective.
The situation is completely different when we get into the area of connectivity.
With connectivity and autonomous driving, we need real-time data processing. We need contact with the environment, i.e. a picture of the following: Where is the vehicle? What is happening around the vehicle? You can't just do that with sensors, you need data that is made available to the vehicle from the cloud, from other vehicles or other environmental data. And that puts much higher demands on data processing and security.
Do car manufacturers have enough expertise in this area?
We have been following manufacturers' attempts to do this in-house for years. Volkswagen tried it with its own software unit, Cariad, but found it very difficult and is now using joint venture partners such as Rivian and XPeng to take over their solutions. The key question for everyone today is this: In which areas do they still develop in-house and where do they work with well-known Tier 1 suppliers? Or, where do they use open source? This is also a very pragmatic and good solution because it saves a lot of effort.
What are the specific risks of vulnerabilities?
A manufacturer’s cars could be deliberately made unsafe – to prevent them from putting them on the market. This would destroy trust in the brand. Driving functions could also be manipulated from the outside, leading to accidents and personal injury. Ultimately, vehicles could be hijacked. And I think in Europe we are particularly sensitive about data falling into the hands of third parties. VW recently had a data leak when the movement data of 800,000 e-cars was published online.
To define global security standards, the United Nations has issued regulations that are not easy to satisfy.
These are relatively drastic requirements that clearly define what the vehicle can and cannot do, and that its system must be able to detect, monitor and respond to external attacks. Manufacturers have to work with this.
