Skip to Main Content

      

ANSYS BLOG

April 3, 2023

As Automotive Cybersecurity Challenges Grow, Ansys Offers a Practical Solution

The 2022 Ansys Digital Safety Conference showcased many topics that are important to safety engineers. One of the more urgent challenges is the growing need to adopt and implement robust cybersecurity protocols, especially in mission-critical applications such as automobiles.

There’s a good reason why the global automotive industry is focused on achieving uncompromising cybersecurity, starting from the earliest stages of product development. After a landmark article published in Wired in 2015 demonstrated how hackers could seize control of a Jeep Cherokee traveling at 70 miles per hour, Chrysler was forced to recall 1.4 million cars — and the global automotive community took notice, increasing its investments in cybersecurity. In 2019, a hacker successfully took control of 27,000 cars via their GPS devices, allowing him to stop their engines while in operation.

Autonomous cars digital road

The steadily increasing amount of software in cars, and their greater levels of autonomy and connectivity, have made automobiles even more vulnerable to cyberattacks. Today’s typical car is supported by more than 30,000 hardware components, more than 100 ECUs, and more than 100 million lines of software code — making it difficult to identify and eliminate every source of vulnerability.3 With the recent addition of over-the-air (OTA) automatic software updates, there are more channels than ever through which to access a vehicle.

It’s easy to see why automakers and their suppliers are steadily increasing their investments in cybersecurity solutions and associated processes. According to a McKinsey study, the global automotive cybersecurity market will grow from $4.9 billion in 2020 to $9.7 billion in 2030, reflecting an annual growth rate of more than 7%.4

To help ensure the safety of the world’s cars, automotive regulators have introduced industry standards that automakers must comply with. Since 2011, ISO 26262 has governed the functional safety of vehicles’ electronics and underlying software code. This industry safety standard was joined in August 2021 by ISO 21434, which ensures that automotive software is also designed and executed with cybersecurity in mind.

Safety analysis lock

A Practical Answer to a Seemingly Overwhelming Challenge

Complying with the requirements of ISO 21434 means that automakers and their suppliers must establish clear roles, responsibilities, and a process for identifying and addressing cybersecurity concerns. They must also document all the process steps and submit that documentation to earn ISO 21434 certification — which is becoming a cost of doing business as the worldwide auto industry seeks to minimize cyber exposure.  

Already tasked with designing a huge volume of software modules and creating system-level architectures, product development teams are now tasked with modeling every interface, control, and connection; identifying and assessing risk levels; and ensuring that the vehicle and its systems are completely impervious to cyberattacks.

Most companies lack the time, money, specialized expertise, and other resources to create and manage such a process from the ground up. Manual processes and commercial-grade tools like spreadsheets simply aren’t up to the challenge. Fortunately, Ansys offers a solution that’s not just up to this challenge — it’s purpose built for it.

Ansys medini analyze for Cybersecurity is a specialized modeling solution that streamlines and accelerates the complex task of generating and verifying a cohesive, safe, secure, system-level architecture that’s impervious to outside attacks. It replaces outdated, labor-intensive, and error-prone manual processes with a customized solution that’s designed specifically to organize and facilitate the cybersecurity analysis of highly complex electrical systems. 

Automotive cybersecurity

Webasto Demonstrates the Value of Ansys medini analyze for Cybersecurity

At the 2022 Ansys Digital Safety Conference, Timo Bruderek, cybersecurity engineer for Webasto, described the real-world value of using medini analyze to manage the complex task of risk identification and mitigation. The German-based global systems supplier is among the top 100 suppliers to the automotive industry worldwide. The company’s product portfolio comprises in-house-developed roof systems and heating and cooling systems for various types of vehicles, batteries and charging solutions for hybrid and electric vehicles, and complementary services relating to thermo management and electromobility. With €3.7 billion in annual sales and 30 worldwide production sites, Webasto needs to ensure that its diverse products safely integrate into a range of different customer systems.

“What are the daily challenges in my daily life as a cybersecurity engineer? The biggest job is to develop secure products,” says Bruderek. “That means understanding and fulfilling all requirements, including ISO 21434, as well as individual customer needs. It means establishing a guided workflow that defines responsibilities, ensures a complete analysis of all security factors and risks, and maximizes speed and efficiency. For us, Ansys medini analyze for Cybersecurity represents the best way to accomplish all those tasks via a single tool.”

Timo outlined a six-step process his team at Webasto follows in its daily work, guided by medini analyze for Cybersecurity:

  1. Define the cybersecurity assets and “stakeholders.” First, medini analyze leads engineers to define the system or component under investigation (e.g., a battery for an electric vehicle). It also looks at how this asset connects to other systems in the overall electronics architecture.
  2. Identify the vulnerabilities and potential for harm. Next, medini analyze guides users through an analysis of how these assets could be attacked and what the possible damages could be. Interfaces and integration points are typical targets.
  3. Understand the consequences of an attack. Then medini analyze walks the engineering team through an analysis of likely outcomes if these vulnerabilities are exploited at both the system and component levels.
  4. Estimate the potential likelihood. What expertise, tools, and windows of opportunity are needed to capitalize on the vulnerability? How realistic is the attack scenario? Ansys medini analyze delivers concrete answers.
  5. Define a risk level. Ansys medini analyze “scores” the threat by calculating both the likelihood of an attack and its potential damages. Engineers can understand the severity of each risk.
  6. Plan and execute appropriate cybersecurity measures. What action is needed to eliminate the risk? Ansys medini analyze helps the team come to a rapid conclusion, no matter how complex the system is.

Following this six-steps process, medini analyze for Cybersecurity automatically generates the documentation required by both regulatory groups and automotive customers. Because this solution was developed by experts who understand the regulatory complexities of ISO 21434, compliance with that standard is ensured.

AI driving

Streamline Your Analysis — and Safeguard Your Assets

Automotive cybercrime is not going anywhere. In fact, it’s only increasing as cars become more digital, more connected, and more automated — creating more points of attack. But Ansys has created a robust, user-friendly modeling solution that allows product development teams to quickly identify vulnerabilities and design weaknesses, then address them.

According to Timo, medini analyze for Cybersecurity is a practical solution that truly adds value. “It integrates well with our other tools and systems. It manages both regulatory and customer requirements and makes sure those are considered. It walks our team through the process. It leverages automation, so we can work faster and more effectively. And it enables us to reuse previous cybersecurity analyses, so we’re not starting from scratch each time we add a new product feature or introduce a new model.”

In today’s challenging cybersecurity environment, early adopters of innovative product development solutions, coupled with best-practice workflows, can assume a meaningful competitive edge. Already in use by Webasto and other industry leaders, medini analyze for Cybersecurity is an obvious choice for electronics engineering teams looking to increase their focus on cybersecurity analysis.

View the full presentation on-demand: ISO 21434 and Ansys medini — A Practical Approach from the Digital Safety Conference.


See What Ansys Can Do For You

Contact us today

* = Required Field

Thank you for reaching out!

We’re here to answer your questions and look forward to speaking with you. A member of our Ansys sales team will contact you shortly.

Footer Image