A major transition is taking place in automotive electrical and electronic engineering that will fundamentally change the approach to automotive electrical network architecture.
This change will impact vehicle performance, connectivity and cyber security, and is the key issue raised by Sachin Lawande, Chief Executive at Visteon in an interview with Automotive World to discuss the supplier’s role in developing connected car technology.
From many ECUs to mega ECU
The transition involves the consolidation of numerous function-specific electronic control units (ECUs) into an integrated domain-based architecture.
Cars today use somewhere between 20 and 100 ECUs on an essentially flat network, explains Lawande. “By a flat network, I mean that every node is connected to other nodes, and all messages are accessible to every node on the network. This is very insecure.” Legacy technology, he notes, makes it difficult to move the industry to something new and different.
ECU consolidation tackles the hardware issue, and prepares the way for another significant evolution, this time in software and silicon. “You can divide the car network into roughly three zones: powertrain, body electronics and driver information and safety,” says Lawande, underlining the focus here on driver information and safety.
You have to fundamentally layer security from the ground up. It’s a daunting proposition for all suppliers. The alternative is the ostrich approach, hoping the problem will go away.
“Each of these zones is quickly evolving and morphing into something new, driven by the availability of richer silicon and software. In the driver information and safety zone, we have leadership from a technology perspective in what is eventually going to be the new paradigm, namely the integration of multiple components and multiple ECUs into one larger domain, which we call the cockpit domain controller, or CDC.”
The CDC is a computation platform that does everything that the driver needs to make the ride safe and convenient, explains Lawande. “It integrates safety, convenience, navigation and connectivity features. Today they’re all separate, often provided by separate suppliers. We currently have an industry with as many suppliers as customers.
“If you don’t act fast, you will either fall by the wayside or be acquired. We are trying to be the one who does the consolidating. I believe consolidation will occur in this industry not through acquisition, not M&A, but through some companies just getting out of the game.”
To secure and maintain leadership, Lawande says Visteon is focusing on the six products that make the cockpit today, namely cluster, head-up display, infotainment, centre information display, connected radio and telematics. “Integrating those six into a single box will drive cost down, improve security and create a homogenous user experience. That’s our vision for the next five years.”
The six core cockpit products, explains Lawande, require six separate ECUs. At the heart of Visteon’s strategy is its SmartCore solution, which Lawande says puts the company in a leading position and will drive much of the company’s future strategy. The supplier describes SmartCore as, “A security-focused approach to cockpit module consolidation that addresses the increasing complexity of cockpit electronics to improve the driving experience… through a scalable and flexible framework.”
Cyber security
There are some who suggest that the move to one single mega ECU leaves the car more vulnerable to cyber attack than using several ECUs, on the basis that only one successful attack is required. Lawande suggests otherwise, that numerous ECUs increase vulnerability.
“One device has inputs and outputs that couple with other devices. A very legitimate output from one device could be a security gap on another. The more devices you have, the more it becomes an n factorial problem in terms the number of options that need testing,” he explains. “Who carries the burden of testing? The OEMs, and they are not ready. If you can pack as much as possible into one box, you can come up with a comprehensive security solution that addresses the entire box. In short, you have now solved the problem of multiple boxes.
Security will never be bullet-proof, but by localising the problem, you can turn the solution from an n factorial problem into a linear one in terms of complexity
“Security will never be bullet-proof, but by localising the problem, you can turn the solution from an n factorial problem into a linear one in terms of complexity. We have technologies that will significantly improve the cyber security portion of a solution.”
Despite a number of high profile hacks, automotive cyber security is still not openly discussed. Lawande believes this is because many of the suppliers are simply not prepared. “It’s a tough nut to crack. You cannot say we didn’t have security so we worked on it a little bit and now we have security. You have to fundamentally layer security from the ground up. It’s a daunting proposition for all suppliers. The alternative is the ostrich approach, hoping the problem will go away. But it won’t go away.”
Connecting cars to the Internet was the turning point for the industry, indicates Lawande. “The genie is out now, and we can’t get it back in the bottle. The cyber security issue will only get bigger, and we all need to address it. Whoever can realistically address it, in the right way, will determine the outcome of this new world that we’re building.”
The car in the Internet of Things
In addition to developing products like SmartCore, automotive OEMs and suppliers need to ensure security in the wider Internet of Things, when cars are exposed via the Internet to any number of non-automotive smart devices. Lawande provides a measured response.
“Let’s say there are 20 to 99 devices on the network. Some of them are deeply embedded and don’t expose an attack surface for a remote attacker. Only a few devices do, like any device which has wireless technology, like tyre pressure monitoring system, Bluetooth, Wi-Fi, and ultimately 3G, 4G and 5G. TPMS, Bluetooth and Wi-Fi offer a narrow attack surface for an attacker. Bluetooth range is limited, you need to pair your phone and the software stack only allows certain things to be done. There are some natural hurdles for an attack. TPMS is analogue, so all you can possibly do is cause a denial of service type of attack or create a false alert even when there is no tyre problem.
“The impact of those attacks is limited. Everything goes haywire when you connect it to the Internet, but this is nothing new for us as a technology industry. We know how to address this from the mainstream computing world. It won’t ever be perfect but we can significantly improve or increase resistance to cyber attacks and make it an acceptable level risk. Automotive has a well-defined structure for assessing and managing risk, namely ISO 26262, with defined ASIL standards.”
Two approaches are required for security, summarises Lawande: tighten up the remote end points that offer this attack surface for remote attackers, and implement real time monitoring, or intrusion protection and prevention systems.
Interestingly, Lawande sees automotive applications as ideal for intrusion detection systems, because automotive network traffic is highly predictable. “CAN traffic captured from your car in the first minute of a car journey has all the messages and the frequencies of messages for the rest of the ride,” he explains. “It’s a highly predictable message structure flow, which lends itself very well to machine learning, making it possible to detect a malicious injection of CAN messages that could cause harmful effects. That requires real-time intrusion detection and protection, coupled with network security, firewalling, secure boot, encryption of data, and authentication of any code.”
Dashboard control
Despite an apparent trend towards non-automotive technology companies moving into automotive infotainment, announcements at CES 2016 and since have suggested the automotive industry is taking back control of the infotainment system, and defending itself against threats from companies like Apple and Google. Lawande, however, believes there never was a genuine threat. “It may feel like taking back control, but the control was always with the automotive industry. Nobody today questions the fact that every infotainment system will support CarPlay and Android Auto. That’s a huge success for Apple and Google. But their aim was never to take over the infotainment system.
“We resisted CarPlay and Android Auto until the pull of consumers made it a moot point. But the automotive industry has to accept that we won’t be able to compete with them. The number of apps that will come into the car will still come largely through the phone.”
If the natural host for the app is not the phone, then it should go into the infotainment system. As an industry, we have confused the two. We wanted phone apps to run on our infotainment systems
The brought-in versus built-in question continues to divide stakeholders. Lawande’s view is simple: “If the natural host for that app is the phone, it should come through the phone into the car. If the natural host for the app is not the phone, then it should go into the infotainment system. As an industry, we have confused the two. We wanted phone apps to run on our infotainment systems. Why, if they run so well on the phone? Just connect the phone to the car and you’re done. Users don’t want yet another interface.”
Interestingly, the emergence of iOS and Android for automotive applications has simplified the development of the human-machine interface, says Lawande. “Since there won’t be any one prominent user experience, we have to support them all. The world before Android Auto and CarPlay was much more challenging, because we had to build it. We have more flexibility now.”
At CES, Toyota announced that it would support SmartDeviceLink (SDL), the open source version of Ford’s AppLink, a significant move in Lawande’s view. “CarPlay and Android Auto just used the infotainment system as a remote display. But how do you access all this data and use the phone as an application platform? That’s where SDL comes in. It’s an extension, enabling true integration of the phone.”
This article is part of an exclusive Automotive World report on connected cars. Follow this link to download a copy of ‘Special report: Connected cars‘
