Title: The art of cyber security orchestration
Automakers today have the skills to manage the highly complex development, production, and service processes for their vehicle platforms almost perfectly. However, the new disruptive technologies – autonomous and connected driving, e-mobility and shared mobility – are making these processes significantly more dynamic and complex. IT security requirements in particular will increase dramatically as a result of the digital transformation.
What security challenges this poses for OEMs depends on just which vehicle functions they want to implement. They need a specific security approach that matches their individual background and intended use cases. It will not be possible to simply perpetuate security measures from individual automated vehicle functions up to fully autonomous, connected driving. Their security approach must be strategically planned and implemented right from the start, and it must be comprehensive. It will not be sufficient to provide individual technical solutions; OEMs will have to secure the entire system and its infrastructure, and do so across the entire vehicle life cycle. And they will have to firmly establish the requisite security processes and authorities in their organization.
Thus, just as OEMs orchestrate their vehicle platforms today, soon they will also have to orchestrate the IT security of those platforms in lockstep. Going forward, they will need central security management – a conductor, as it were – that continuously sets the pace for the implementation and operation of the requisite IT security measures at every level. Cyber security orchestration serves to guide internal and external security stakeholders, harmonize their cooperation, and develop the composition of the ensemble in line with the OEMs’ “security score.” Today, a smaller “chamber orchestra” may still be sufficient for only partially connected vehicle functions, but ultimately a complete “symphony orchestra” will be needed to master the security challenges of the automotive future.
Dr. Thomas Wollinger has been the managing director of ESCRYPT GmbH since 2007. As a pioneer in automotive cyber security, he has brought the company from its beginnings in 2004 to a position as one of the world’s leading providers of system solutions for vehicle data security. He also played a key role in guiding the company’s international expansion into the core U.S. and Asian markets.
Dr. Wollinger has been working in IT security for embedded systems since 1997. During that time, he has led many projects for designing and implementing security solutions for various industries. One of these projects, which ran from 1998 to 1999, was identifying data security solutions for telecommunications company secunet AG.
Dr. Wollinger graduated from the University of Applied Sciences Dieburg with a BSc in electrical engineering. He then went on to the Worcester Polytechnical Institute (USA) for his MS degree. During his time in the U.S., he analyzed the usability of the advanced encryption standard (AES) and the curve cryptography for embedded applications. In June 2003, he obtained his PhD with honors from the chair for embedded security at Ruhr-Universität Bochum. Dr. Wollinger‘s dissertation on hyperelliptic curve cryptography examined how this modern encryption system can be used for embedded security solutions.
Dr. Wollinger publishes numerous articles and papers in scientific journals and is frequently invited to speak at international conferences. He was also heavily involved in coordinating one of the most prominent of these conferences, escar Embedded Security in Cars, which ESCRYPT organized worldwide as an event partner.