07/10/2022

How CARIAD is working on the security of future mobility

The digitalization of the automotive sector can therefore only succeed with comprehensive cyber security – something that is championed at CARIAD by CISO Markus Brändle and his team.

Technology

CARIAD's goal is to transform the car into a digital experience and integrate it seamlessly into our everyday digital lives. But achieving this goal requires connectivity, data exchange, and the vehicle's ability to exchange information with other participants in a digital ecosystem at any time and from any location. That is also the requirement to use a wide range of digital services – from vehicle navigation to automatic payments for charging and complex Car-2-X communication. However, without security - more precisely, cyber, data, and IT security – such concepts cannot be successfully implemented.

Markus Brändle and his team take on the car thieves of the 21st century

For a company like CARIAD, security is always a holistic issue that affects our solutions and our whole organization. That is where Markus Brändle, Head of Information and Automotive Security, and the entire security community at CARIAD come into play. They ensure that solutions from CARIAD contribute to a pleasant, comfortable driving experience – and, as a result, enable safe mobility.

Brändle has over 15 years of experience in the security sector and was most recently Head of Airbus CyberSecurity before joining CARIAD. “If we want to be successful with our mission to transform the automotive industry through digitalization, we must address security from beginning to end,” says Brändle. Hackers have become akin to the car burglars of the 21st century. Nowadays, anyone who wants to steal cars looks for ways to get in through the vehicle's software. If they do not find what they are looking for, the attackers may try to get in via the software of systems that interact with vehicles in a multitude of ways. To stay one step ahead of potential attackers, Brändle and his team must think about all these possibilities.

The time factor: why the automotive industry must be faster than others

People may wonder how the automotive industry differs from other industries in this respect. The simple answer is the time factor. Companies today react much faster to hacker attacks, when in the past it would take an average of 200 days before companies became aware of intrusions into their systems. In the meantime, this value has dropped to 11 days. But for the automotive industry and its products, this is not quick enough. After all, in the worst case, we are talking about threats to the well-being of our customers.

Therefore, security in a digital automotive world means speed to a great extent. Like any other sector or industry, the mobility sector will increasingly have to deal with security breaches and hacker attacks. It would be illusory to believe that a perfect system is possible. But we need to be quicker with our responses and put technologies and strategies in place to not only withstand growing challenges, but also set a standard for the entire industry. To this end, Brändle's specialist department, together with CARIAD partners, is developing monitoring capabilities to examine its own IT landscape, including both the digital ecosystem of the car and the IT of the car itself. It is building a defensive backend within the company to detect, analyze and respond to incidents as quickly and effectively as possible - whether in the context of its vehicles or the company's internal IT infrastructure.

Ooops. Sorry, we can’t play this video

If you want to watch it on YouTube, please click here .

If you want to see the film here, please accept our marketing cookies:

What is also needed for security and protection is real teamwork that is company-wide and spread across departmental boundaries. For Brändle, security is ultimately not the job of a single department alone. “Security is only as strong as its weakest link, so security is a topic for us all, and everyone has to help,” says Brändle. “Secure products greatly reduce the risk of bad things happening to our infrastructure, the products themselves, and most importantly, to our customers. Security is not a binary decision but an ongoing process we are committed to,” says Jan Lange, an analyst in Security Operations and member of Brändle's technical department. Explaining his enthusiasm for the job, he says: “Understanding what has happened on a compromised system is an exciting puzzle of connecting the dots and artifacts”.

Our second Automotive Security Month provides insights into cybersecurity to our colleagues

Under the motto ‘Do Your Part - Be Security Smart,’ we want to raise awareness of the topic among our colleagues with our second internal Automotive Security Month. This year, we want to explore the various facets of security and make them tangible. Brändle, his team, and other security sector experts, will answer questions about why it can be a good idea to hack a car to improve security. What has mobile working got to do with security in the automotive sector? And how can the security of code already be enhanced when writing it?

Automotive Security Month will provide answers to these questions - and it strengthens our employees' understanding of this critical issue that directly affects our customers. For more information listen to Postcard - the security podcast - interviewing Markus Brändle: