Electric vehicles (EVs) are at the center of the world's push toward a decarbonized future, and the importance of cybersecurity in the automotive domain is without question.
As global automakers seek to digitize their products, they need strategies to protect their vehicles against cyberattacks. To make the search for effective security solutions easier, Israel-based Cybellum has designed a product security platform that covers everything needed to ensure cybersecurity throughout a vehicle's lifecycle.
Defining "constant innovation" as one of the company's core values, Cybellum CEO and co-founder Slava Bronfman recently spoke to DIGITIMES Asia about the Cybellum platform and shared his insights on the future of the automotive cybersecurity market.
One-stop solution for automotive cybersecurity management
Cybellum was founded in 2016 by Bronfman and CTO Michael Engstler, and it is headquartered in Tel Aviv. Both co-founders and some employees of the company were cybersecurity veterans from the Israeli Defense Force (IDF), where they designed solutions to protect critical devices.
Noting that most cybersecurity works were done manually at the IDF, Bronfman said it is Cybellum's mission to automate the security process for IoT products and help manufacturers continuously detect and mitigate cybersecurity risks throughout the lifecycle of their products.
Bronfman stressed that the threat of malicious actors taking control of vehicles is real and that most vehicles today are vulnerable to cyberattacks because they were not developed with cybersecurity in mind.
He pointed out that many connected vehicles have adopted open-source software, which is mainly designed for computers and cell phones. This creates a big risk for cyberattacks and enables hackers to access data in the vehicle or the driver's private information, he said.
Compared to cybersecurity threats for computers and cell phones, Bronfman said automotive security is crucial because hackers could play with safety-critical systems to create crashes or take vehicles off the road.
Although there are already some cybersecurity solutions available in the market, they are not suitable for automotive applications, Bronfman explained.
"Since some systems in a vehicle are real-time systems, it is impractical to install any agents or antivirus software on a vehicle," Bronfman explained. "You also cannot control millions of vehicles from one central place, as you do with computers and servers in the IT environment."
Cybellum can solve these two issues by providing a full platform for automotive OEMs and suppliers to identify and mitigate the security risk of each vehicle's components from design to post-production. Instead of a single-point solution for a specific use case, the platform serves as a one-stop solution that covers both hardware and software security.
Powered by Cyber Digital Twins technology, the platform creates highly detailed digital representations of the components inside a vehicle, including SBOMs, licenses, hardware BOMs, OS configurations, control flow, and encryption mechanisms. Once the digital replicas are created, they are used for simulated cyberattacks to expose all cyber vulnerabilities of the components.
The Cyber Digital Twins are also matched with continuously updated vulnerability databases for ongoing monitoring and detection of emerging threats that could impact vehicles.
Bronfman said the main advantage of the platform is that it is non-intrusive and that nothing is installed on the vehicles. All vulnerability and compliance tests are conducted in a backend environment, he explained, adding that the platform can save its users a lot of time completing tasks that are usually done manually or with single-point solutions.
The Cybellum platform is powered by Cyber Digital Twins technology. Credit: Cybellum
Acquisition by LG & collaboration with Harman International
In September 2021, Cybellum announced that it was being acquired by South Korea-based LG Electronics, which would assume a 64% stake in Cybellum for US$140 million before acquiring the remaining shares at a later time.
Cybellum has remained a fully independent company after the acquisition, and the deal has allowed it to expand its market presence rapidly, according to Bronfman. Through the deal, Cybellum was also introduced to LG's massive customer network, and it was able to make a foray into the medical device and energy markets.
In terms of partnerships, Cybellum is working with Harman International, a subsidiary of Samsung Electronics, to offer OTA (over-the-air) update solutions to OEMs. It also announced a technology partnership with Siemens Digital Industries in February 2022 to integrate its cybersecurity platform with the Polarion application lifecycle management (ALM) solution.
Over the years, Cybellum has also picked up a few well-known customers using its technology, including Jaguar Land Rover and Nissan.
Seeking collaboration opportunities with Taiwan-based companies
Looking to the future of automotive cybersecurity, Bronfman said the industry's potential is enormous. He compared automotive cybersecurity to automotive functional safety, which emerged many years ago and has now evolved into a mature market.
"Basically, we can see automotive cybersecurity today as the IT cybersecurity 30 years ago," he said.
Bronfman also mentioned that the focus of the automotive cybersecurity market is now shifting towards cyber risk monitoring for vehicles after they hit the road. He said Cybellum is constantly adding new features to its platform and working closely with OEMs, as well as first- and second-tier suppliers to meet market demand.
Regarding the company's plan for the Asian market, Bronfman said Cybellum has been very active in the region with an office in Japan and connections in China. Thanks to LG's acquisition, Cybellum was able to expand its reach to South Korea as well, he added.
While Cybellum has established a small presence in Taiwan, which Bronfman described as a strategic location with cutting-edge semiconductor technologies, the company wants to explore more collaboration opportunities with local companies in the future.
In the fourth quarter of last year, LG invested an additional US$20 million in Cybellum upon the conclusion of the acquisition process. Bronfman said that Cybellum is very stable financially and that it currently has no plans to raise more money.