William Dalton of VicOne | S3 Ep10 | The Garage by Sonatus
Today in The Garage,
we're recording live at
AutoTech Detroit with VicOne.
VicOne is the automotive
subsidiary of cybersecurity
leader Trend Micro.
In today's master class
in vehicle cybersecurity,
we talk about the nature
of cybersecurity threats to
vehicles, how SDVs can improve
the landscape of cyber threats.
We talk about incredibly unique
programs that VicOne and Trend
Micro use to help companies
find zero day threats to,
their products and
their vehicles,
and even how AI is a double-edged
sword in cybersecurity.
Let's go.
Welcome to The Garage.
I'm John Heinlein, chief
marketing officer with Sonatus.
We're recording live
at AutoTech in Detroit,
and our guest today is
William Dalton from VicOne.
Willy, welcome to the garage.
Great to be here.
We're so excited to
to meet you and to,
have you on the podcast.
Start by introducing yourself.
Tell us about you
and your background.
Yeah. My name is William Dalton.
Delighted to be here in,
AutoTech this week and,
speaking with you guys.
My background is is, varied.
I started out in,
as an engineer,
a software programmer.
I did that for seven years
in the contract electronic
manufacturing space.
And, over that time, we built up
manufacturing control systems.
And then I joined Trend Micro,
in 2004 as a database
administrator.
Well, now almost more
than twenty years ago.
Yeah. More than
twenty years ago.
And, almost every
year or every two
years, I've changed roles
some some some shape or form.
And, started out in
engineering side,
got into technical management,
started working on some global
projects who with our CEO now,
Max Cheng, in VicOne.
And, every two years,
changed roles from technical to
operational to business roles,
over that twenty-year span.
And, two and a half years ago,
I had the opportunity to go
work with Max on, VicOne,
which is a subsidiary company,
from Trend Micro to focus on
solving problems within the
automotive sector.
That's great.
We'll talk more about
VicOne in a second,
but you have to start us off
with a fun fact about you.
Sure. I'm not it's really fun.
I think a lot of people
do it these days,
but I do brew my own beer,
which is not probably,
strange for a
person from Ireland.
But I have my own pub,
and I actually upcycle.
So every time there's
something to be thrown out,
I try to find a way to use that.
And I've, over the years,
I've accumulated different,
elements to the pub.
Some being a bed, some being
a piece of scrap furniture.
And it's it's a collection
of...it's a misfit in some ways.
And, I have my friends
over regularly.
And, as a consequence,
I needed to find a way
to produce beer cheaper,
a good conversation piece,
and actually learn
something along the way.
So, yeah, a little bit
of fun fact about me.
You you were showing
us pictures of that,
and and so it sounds when
you talk about upcycling,
people can't quite visualize.
But if you if you
share us a picture,
we'll put it in the episode
so people can see it.
It's a it's a
brilliant woodworking,
beautiful space that
anyone would be jealous of.
I've shared this,
the derivative of this fun
fact earlier in the year,
but I have to use it again,
is that I when I had a job in
Oregon in the US many years
ago, I learned to brew beer.
And so I did some home
brewing for quite a few years,
and it's good fun because
there's a bit of science.
Right? There's a
lot of mistakes.
Yeah. A lot of mistakes.
The good part about about
brewing versus distilling,
which is illegal in most places,
but is you can't kill yourself.
It will just taste bad.
It will taste bad. Yeah.
Distilling, you can
kill yourself if you...
my friends are still alive.
Exactly. But they had a
couple of rough sessions.
Very good. Very good. Great.
So tell us about VicOne,
the company's origins,
and what you focus on.
So VicOne is,
is been incorporated
since May 2022,
but on the back of
many years of research,
which Trend Micro has been doing
within the automotive sector.
And one of the
findings, you know,
back in 2017 when they
started to do this research,
they realized that
the cybersecurity
challenges, especially with the
advent of SDV, electrification,
change in regulation,
that the the way to solve
cybersecurity issues in the
automotive sector is very different
than the enterprise domain.
Right.
And they made a conscious
decision to invest in that
sector to create a separate
company that had that operates
at a different speed,
has a different level of
engagement with customers,
and actually delivers a
different product set.
So we created a whole
series of, you know,
true market analysis,
working with different,
proof of concepts,
proof of values,
with different customer
profiles to actually build out
a set of solutions ready
for the automotive sector.
And then we we launched
that in May 2022.
And over that period, we've had
phenomenal growth in regards
to product changes, adaptions
in line with customer.
Because there's an element of
co-design always with this.
Sure.
Whether that's embedded in the
vehicle or whether that's off-board,
or whether that's integrated
with the process or our
operation practice or with
your regulatory regulatory,
demands or requirements.
So there's there's a very
bespoke approach in general.
And, on the back
of bringing those
products to market, we've had
a huge number of partnerships.
Everything, you know,
from the SDV space to,
onboard to offboard
systems, but also solution,
solution providers in regards
to providing a wide array of
capabilities depending on
the needs of customers.
So it's been a fun fun ride
and, high velocity. Right.
And, very interesting journey so
far understanding customer problems
and solving them.
That's great.
So, you know, people we talk about SDV and
vehicle software in this podcast a lot.
And when I talk to customers,
when I talk to industry folks,
there's sometimes a hesitancy
in some sense to shift to SDV,
feeling like that increased
software is going to cause a
greater attack surface.
I think that's true.
What's your perspective on,
on that on the shift to
SDV and cybersecurity?
It's something that's
gonna happen regardless.
We've seen it in the
enterprise space.
We've seen software-defined
networking, software-defined
WAN, software-defined data
center, software-defined storage.
Everything is becoming
software defined.
Software is eating
everything up.
And the reason that
is is, obviously,
that brings a huge amount of
efficiencies in regards to
software delivery cycles, software
delivery mechanisms, the frequency,
and the iterations that you can
update your products and keep
them safe, or or add
more functionality,
add add a cost profile
that make that makes sense.
So it's very ephemeral
in use case. Right?
So depending on what
you need at the time,
you use the resources that
you require to sustain or
to satisfy those requirements.
So it's a lot more cost
effective in a lot of ways.
So it's going to happen.
It's and and what you see now,
the demands in the
electrical vehicle,
is it requires regular
software updates, you know,
for a change in.
And and actually this
change in architecture,
allows the ability to actually,
once the car is post production,
to actually bring new
changes into the vehicle.
And that requires a fundamental
shift from the traditional way
of delivering software or
where there's a lot of software
hardware coupling.
In this case, you're abstracting a
lot of software where actually it's
working independently and
then and then you have an
abstraction layer
to the hardware.
So the the advantages that
provides not only to automakers
but consumers is is huge, and
this is what they'll demand.
So it's going be
consumer driven.
That's a really interesting
point you make about,
the ability to update because
a number of the most famous
vehicle hacks, you know,
the Jeep Cherokee hack,
and people many know
about many of these.
Those are not
software-defined vehicles.
Those are conventional vehicles.
So you say, oh god.
If I do a software defined
vehicle, it'll be hackable.
Well, conventional
vehicles are hackable,
but it's a hell of a lot harder to
fix a non-software-defined vehicle.
With a software defined vehicle,
you can make improvements.
You can make patches.
You can respond to those
threats much more quickly.
So I think that's a misperception
from some people that SDVs,
while there is potentially
an increased attack surface,
there's also an increased ability
to respond to attacks more quickly.
That's one of the things
your company does.
Correct. Yeah.
I mean, we've we've successfully
demonstrated with a a partner
of ours at CES
where they actually,
were able to remotely update
the...flash the car...and
actually, up and
mitigate a risk.
So, you know, this
is, this is real.
It's,
and I guess back to
your point, you know,
the traditional vehicles,
the the attacks that we see,
they're they're the same type
of attacks that we see in in
the enterprise space.
It's the same type
of vulnerabilities.
It's the same type of
issues that we see.
So they they're they're
still, at a chip level.
They're at at software level.
They're, not patched systems,
access management not
managed correctly.
So it's the same type of
issues that we're seeing in the
enterprise space, actually,
in the vehicle space as well.
And that's no different to
whether they're software
defined or traditional.
Okay.
Okay.
So now when you
deploy your solutions,
are these deployed in the cloud,
in the vehicle, a combination?
Tell us about that.
So they're across the board. So
we we do onboard and off-board.
And we think this is really,
necessary because if
you're just doing offboard,
it means the point where the car
is disconnected from the cloud,
which will happen in attack
because that will be one of the
steps that they will take,
you're you've lost control.
And, by having the solutions
embedded in the vehicle,
you can actually maintain some
level of control to mitigate
against those attacks.
So we would
have, our IDS solution.
We call it xCarbon.
IDS is intrusion
detection system.
Intrusion detection.
IDPS, actually. Great.
Intrusion detection and
prevention mechanisms. Great.
So we've we've technology,
which we've brought from Trend.
And one of the points I
mentioned earlier when we when
we came from Trend is three
distinct elements which we
brought, IP, talent, and,
strategic financial independence.
And some of that IP
is IDPS technology,
which has been running in the
enterprise data centers for many years.
And this is really
this is wireframe,
inline protection,
deep packet inspection of every
packet inspecting every packet
in order to data center
for the largest multinationals and even
automakers in the industry.
I think we've topped eight of
the top ten automakers using
our IDPS technology
in the data center.
And this technology has
been running for many years,
and we've adapted some of
that into the vehicles.
So if we want to, you know,
act network layer or the CAN layer,
or you want to look
at the host level,
you can actually look at all the
different types of attacks in the vehicle.
So if you look at
anomalous behavior,
if you're looking at different
signals that are happening in
the vehicle to identify the different
TTPs or the tools, techniques,
or or practices that have been
applied by the threat actors,
you can actually mitigate and
shut them down in the vehicle.
So sometimes decisions in
the vehicle make sense,
but sometimes decisions
off-board make sense.
So if you wanna look at a
macro situation around attacks
against multi vehicles, you can't
do that with a side vehicle.
Right.
So you need a combination of
these two.
And and, we have, as I said,
we have our intrusion detection
mechanism that it's it's in the
vehicle to report on those,
to to send them off-board.
And we have our IDPS,
we actually can make those
decisions in the vehicle as well.
And, we have, the capability
to apply, rule sets or pack,
patches to the vehicle where
you don't need to go through
that whole software testing
and validation process.
You can actually mitigate
it before you actually,
if you want to we call it
like a "band aid" solution.
So you put the band aid in
place to give you enough time
to actually go through the
test and verification process.
Right. Interim mitigation
solution. Exactly.
And, the off-board
side then, if again,
if you need to look at
macro- level decisions,
then that would be typically
done in our our vehicle SOC,
xNexus, which takes, you know,
telemetry from the vehicle.
It it could take all
the different, signals.
But, typically, what we do is we only
send information that's necessary.
So one of the challenges that
with OEMs right now is that
they're fighting this battle of,
tell sending all this
information off-board,
which costs a lot of money
because they need to basically
send everything and then
use AI modeling in the off-
board system then to try to
figure out figure out the noise.
What we do is we
do that onboard.
Right.
And, actually, we only send
what's relevant then off-board.
So that cuts down on cost,
cuts down on operation time
in in for the analyst that's
actually dealing with those.
And, when we augment that then
with our threat capabilities,
we we have a huge heritage
in the threat landscape,
and we actually build that
into our solutions as well.
So we then overlay the
threat information.
So, basically, something that we
see happening in the wild.
Some threat actors are
doing something nefarious.
We then augment that against
the vehicle data plus feeds
from vulnerability management.
So when we look at
the supply chain,
assets are the
vehicle architecture.
We then cross correlate the
threat against the asset,
against this the the information
that we see in the vehicle,
and it gives us a full view of
what's happening across the board.
And then we can put the right,
mechanisms in place then to
protect, against those, situations.
And we provide that information
then to the VSOC analyst,
and then they they package that
up then to hand off then into
the PSIRT team then
that would basically,
mitigate that and actually
put a a long term fix.
And that's that's basically
how we do Just just for the the
benefit or, I guess, VSOC is
vehicle security operation
center, usually
operated by the OEM.
Yeah.
Someone who's monitoring
the threats from their Yeah.
You it can be a vehicle SOC or
you can call it product SOC.
Mhmm.
So depending which side
of the organization,
if it's more on the IT side,
it's more typically called VSOC.
If it's on the
product security side,
It was like a a product
security operations center.
Or you can also call it like a
cross-detection response system
Right.
Which basically takes,
different feeds from
different systems and then,
integrate them with the
operation practice within the
within the OEM.
That's fantastic.
This is becoming a master class
in cybersecurity. Wonderful.
I'll just stop there.
We also have solutions
for EVSE protection.
So for the, vehicle charging,
we know that's
another attack path.
So whether it's over the air,
whether it's through the
vehicle, charging side,
whether it's through
the cloud back end,
whether it's through
the API layer,
whether it's through
the IVI system,
whether it's on
the vehicle itself,
the attack surface
is is exploded.
And then you're introducing a
lot of new technologies as well.
Right?
So you're taking your you do
the we talk about SDV and the
abstraction that's happening.
We use a consolidated
architecture onto the domain
controllers of the
zone controllers,
and then you see abstraction of
workload and segregation of workload.
Right.
So you get the introduction
of, you know, hypervisors,
container security, and
these all bring additional,
challenges as well.
And that brings the that's why
I talk about the traditional,
challenges around security
into the vehicle now.
And that's where you
get this perfect storm.
Traditional, like,
hardware, software embedded,
together with the SDV and
the technology that's
required to make that happen.
And it's it's an opportunity
that's ripe for somebody to
take advantage of.
So you talked about, sometimes
your solutions run-in the
cloud, sometimes you
run-in the vehicle.
Speaking to in the
vehicle now for a moment,
what sorts of
resources do you...
where do you run-in the vehicle?
What sorts of
resources do you use?
So we would go through a
design discussion with whether it's an
OEM or tier one, in regards to
what's the best place to do it.
So it depends really
on the architecture.
Some of their architecture
are all varied.
Typically, you would see
something at the TCU.
You would see something
maybe at the ADAS system,
maybe in the IVI side.
So we would then, you
know, work with the,
the vendor, to figure out what is
the most optimal way to do that.
That typically takes well,
and we we have a lot of,
partnerships already
developed with,
some of the major chip
manufacturers to pre integrate.
So, so I'll give
an example, NXP.
We've integrated with
their GoldBox solution.
And,
basically, that can speed up the
time to market for for tier ones and
OEMs to to deploy and
utilize some of the hardware
acceleration features.
Some sometimes are actually cut
down on the integration work.
Typically, this is a very
quick process for us.
We turn around, even in,
let's say it's a new
architecture or a new chip
manufacturer that
we want to, or SOC,
we can turn this around
in two to three weeks.
It's really a great process.
And then, obviously,
the integration process takes a
little bit longer when you work
with them, but the validation
of that is really, really quick.
And,
so, yeah, that's that's,
that's how we work
with OEMs and embedded.
And then, I missed
some of the question...
The question is resources.
Oh, yeah. Okay. We have
a very low footprint.
This is one of our unique
differentiation points against
some of the, other
players in this space.
We really only use the minimum
set of resources to run that
workload, and that can then,
run at the application there.
But it also can integrate
with some of the hardware
capabilities of the chip.
So, again, I use
NXP as an example.
Let's say they have
a NPU, which they do.
And, if you want to do
things like, for example,
packet inspection and you
wanna do that at wire speed,
then there's ability to utilize
maybe some of the memory space
within there to actually,
do that at fast speed where
some of you might offset.
So we we have the,
ability to utilize some of
the hardware capabilities for
specific requirements.
But as I said,
this is all down to each
individual use case and
actually their
security requirements,
from their service
security team.
That's an important point.
And Sonatus does this as well.
We have, for example,
a partnership with NXP,
and we're in
production with them.
And we're using specific
capabilities like,
packet acceleration, packet
forwarding acceleration,
and so using the resources
of whatever chip vendor or
whatever ECU you're
on is really smart.
So we were talking yesterday,
and you you have this
incredible program between
yourselves and Trend Micro to
help companies identify zero
day threats in their products.
Tell us about this program.
It's a really incredible .
Yeah. It's, story.
It's called Pwn2Own, and we've
we've been the first dedicated
Pwn2Own for automotive
since, last two years.
And we run that successfully
now for the last two years in
Japan and Tokyo every January.
And
it's, it's really
successful, for automotive.
But I'll give us a little bit
of history on on Pwn2Own itself.
So, basically, it's about bounty program
that incentivize the best ethical
hackers in the world.
White hat hackers.
Yeah.
Yeah. The good guys. Yeah.
And, basically, to
compete to identify
zero -day vulnerabilities.
Maybe for our guest,
you could explain what
a zero-day threat is.
Zero-day vulnerability is a
vulnerability that there's
there's the zero represents
the time to patch,
which is you need to do it
right now because these have
never been seen before.
Yeah.
So these are novel threats,
novel weaknesses that,
vulnerabilities that haven't
been identified before.
And either by the vendor,
by the public, at large.
And as long as that time,
time from zero exists,
they're they're exploitable.
And, it's in everyone's interest
to reduce that time as much as
possible and patch the and and
mitigate the risk as much as possible.
So that's the term zero-day.
So we we're not we're for the
Pwn2Own event so the ZDI group,
zero day initiative,
they they do a bug bounty
program where they purchase
exploits in general.
But the Pwn2Own event
is about identifying zero-day exploits.
And we've been running this
successfully since 2007,
I think.
So it's over many, many
years in Trend Micro,
and then more recently
with VicOne for for Pwn2Own
Automotive.
And, as I said, it's really
the best of the best.
To give an example, last year,
we had forty nine zero days
identified in three days.
So when you think about,
comparing that against
the general industry,
there was thirty eight,
zero days identified across
the entire automotive sector
in the entire year.
In just three days with highly
motivated, highly skilled,
highly incentivized,
individuals,
in a controlled
environment that can
actually identify that
many vulnerabilities,
you can infer from that
a couple of things.
Number one, there's a lot of low
hanging fruit out there in regards to
and and actually, we've seen
that from the results, very,
traditional type,
risks that we see and and
exploits that have been used.
The second one is that it's
kind of a wake up call is that
when eventually,
what will happen is two things
will happen at the same time
and will will be a a dramatic
change for the industry.
Number one is that the
technical barrier of entry for
we're bad actors to take
advantage of will become lower.
And we we already kind
of see that in some ways.
But the probably the one that's
more compelling is once they
figure out a
monetization opportunity,
then that's where it'll
really change the game.
Alright?
So one of the, again,
just just to kinda bring the
story back a little bit for
Pwn2Own.
The the purpose of
point to one is is, one,
we we partner with the vendor.
So a vendor will you know,
like like Tesla was the anchor
sponsor for the last Sure.
Five years for for,
Pwn2Own Automotive.
They provide a whole vehicle to the
hackers to actually try and target.
By the way, they get to keep
it if if they're successful.
Yeah.
Tell us about that story.
That's really interesting.
Yeah.
Because, I mean
well, first of all,
the aftermarket value of a of
a hacked car is not not much.
Right?
So it probably makes sense
to give them the vehicle,
but it's a good incentive
for them to to do it.
But also we have, you know,
EVSE suppliers that will,
you know, send their,
components, for for attack.
But most of the the,
solutions are available
in public domain.
They they try to hack it.
And, what you find
is that a lot of
these, they're competing
with each other.
Right?
So some some of them even,
are they're trying up
to the last minute,
they're trying to
identify weaknesses,
and they're hoping the vendor
doesn't patch it the week
before so that when they run
the rest so what they do is
they turn up at the event.
They get they get a lottery system
to figure out who goes first.
They run their script to to
demonstrate how the attack is working.
It's validated by
us, by the vendor.
And, if it's successful,
they get prize money.
And, they get points.
And they get the winner then
is called a master of Pwn2Own
So it's really, really
highly contested.
We give away anything from
eight hundred thousand to over
one point five
million depending on.
This is real
legitimate prize money!
Yes. It's really I mean, these
are the best of the best.
These are people who
identify vulnerabilities that no other
people can identify.
Really, really high
skilled individuals.
And, sometimes they're
groups, sometimes they're individuals.
So we have a lot of very famous
groups that that compete.
It's like a circuit,
but Pwn2Own is the holy
grail of of the circuit.
Now what we do is once we
identify the vulnerability,
the reason is why do we do this.
Right?
So the bounty is actually paid
out then by the vendor and by us.
So we we split that.
And, and then we take
ownership of the IP.
So we then understand the
TTPs that have been used,
how the exploit
has been, you know,
what are the different elements
of it that we bring that we
could bring that into our products
and protect our customers.
And then we work with the vendor
to do the disclosure process.
And the purpose of that is that
it is responsible disclosure.
And we've been doing that
successfully in the enterprise
domain for many, many years,
which is well known practice,
adopted by everybody.
Right.
And, it's typically a
ninety day notification.
The challenge in the
automotive sector is
there's a very different safety
aspect to the disclosure.
So and also there's a very
complicated mechanism to disclosure.
So, the safety aspect, I
think we all understand.
You know, there's if,
a bad actor can take advantage
of a vehicle that has safety
and, you know,
life implications,
the complexity
side is, you know,
there's so many different, tiers
in the delivery mechanism for OEMs.
Ultimately, OEM is
responsible, but, you know,
there's a tier one
supplier, tier two supplier.
There's a long life cycle.
Some of these vehicles on
the road for, you know,
up to twenty, twenty five
years depending in some cases.
And the,
are the engineering teams that
built this hardware software
component still working are
they still working together
with the source code?
Have they got the capacity
to release a patch?
What does that mean from an operational
perspective in in regards to cost?
How quickly can they do that or prioritize
with their existing commitments?
What is the implication
and indemnity? You know?
So there's all of these operational
challenges, risks, legal risks,
insurance risks, that
they need to consider.
So it's it's not a it's not
a simple situation to solve,
so we need to work very
closely with the OEMs and the suppliers
to actually identify a
mechanism for them to actually
mitigate that mitigate that risk
and then disclose that publicly.
You were sharing with us
some stories from other industries
from your Trend Micro...
because you've been at Trend
Micro for a long time until
recently moving to VicOne.
Some, really,
horror stories about how
cybersecurity threats can
impact other types
of businesses.
Do you want to share
some of those stories?
Yeah.
So one of the you know, maybe
before I go to the stories,
I think one of the things to
think about specifically in
automotive is
deterministic
disclosure.
So when we talk when when
I talk about the challenges
around the, coordinator
or, disclosure,
it's deterministic in some
ways because, you know,
whether you know, we
know OEMs and and,
tier ones have to
do pen testing.
And, they they have their
own bug bounty programs.
They might have their own,
ways and means of identifying
risks in the, you know,
in the architecture and the software
and the components themselves.
But it's it's on their
schedule in regards to when
they do the disclosure.
Right?
What will and I talked about
the two inflection points.
When does the lower technical barrier
of entry and high monetization?
So once that happens,
and it will happen,
I think at some point,
it no longer becomes
deterministic.
Now you need to react and
to make decisions very,
very quickly in a
really complex situation that's
already difficult to
do in today's world.
And then to do that with time
pressure and public scrutiny on
on top of you.
Right? So, that
changed the landscape.
And back to your question,
I've had firsthand
experience of many people,
even in in Ireland,
which is a small country,
but I've I've a lot of
friends who are CISOs that
we know in so many
different situations,
people and companies
get hacked all the time.
Mhmm. Most of it is
not publicly disclosed.
I can recall three specific
conversations where a friend of
mine who's a CISO got made
a phone call to me and said,
"I'm in trouble."
There was one example
where is, the, you know,
the person was literally
onboarded a couple of weeks and
and, all their operations
are down globally.
Another example, were, medical
institutions were affected.
So, and when that happens,
that will either make
or break you as a CISO.
Sure. It's something
that you'll never forget.
You need to make so many high
quality decisions under extreme
pressure in a very
short space of time.
And a lot of times, no
matter how much work you do,
no matter how many
tabletop exercises you run,
no many how many dry
runs you prepare for,
you can't really prepare
for this type of event.
And, the stress, some of the personal stress
that they're under to to deal with this.
You know?
You you're you have, you know,
public obligations if it's
a public organization.
You have, you're dealing with
third parties coming in that are
offering to, you know,
maybe the board is recommending
someone to come in and,
try to figure out what
happened to get to get answers.
You've everybody wanting
updates regularly.
You have your team who are
gonna be stressed and burnt out
to try and figure this out.
It's it's a nightmare.
And I've had firsthand
experience with that.
So this is not something
you want to do very often.
I'm pretty sure every CISO goes
through at least once in their
in their in their lifetime,
but it's it's not a
pretty place to be.
Yeah.
So then that tends to make people
reticent, to, you know, oh, gosh.
We we shouldn't put
software in vehicles,
and we shouldn't do this.
But the reality is
we have techniques.
There are best practices in
enterprise IT to solve these problems.
The technology is
getting better.
Trend Micro is continuing
to stay ahead of that.
So, you know, as we think
to the automotive space,
what's your recommendation
to the industry, really,
for how we should be bringing
those practices in automotive?
Yeah.
So the demands are going to
this is gonna happen regardless.
I mean, the I mean,
its question is around
how do we put you know,
should we do this from a
security point of view?
We should because
the the benefits
economically benefits, the
commercial benefits, the,
time to market benefits,
the operational benefits,
they're they outweigh the risk.
The question is how do
you manage the risk?
And we've seen this
successfully managed as we've
seen software-defined
everything come into the
enterprise space.
There are ways to mitigate
those and stay ahead of those.
So the more you do in regards
to proactive security,
the more investment that
you make in in regards to
understanding the type of
scenarios that may happen,
building in security by design,
building in very
strong operational,
mechanisms to be able
to handle an event,
but also to, you know you know,
throughout throughout the
life cycle of the attack,
what is your mitigation
throughout that whole life cycle?
And making sure that you're
covered in all those areas.
Software defined
vehicle is no different.
It's just another way to make
sure that you're you're protected.
So I my advice is is,
not not to change any strategy
in regards to adoption of it.
Just make sure that you
protect it correctly.
Right.
But, you know, such an important conversation
these days is artificial intelligence.
It's becoming, pervasive in many
different parts of the the world,
of course, but in
vehicles as well.
Tell me about the the
pros and cons of AI,
in vehicles with respect
to cybersecurity.
So I'm gonna tie this back
to, the Pwn2Own event. Right?
And recently, we had, Sina,
who's the master of
Pwn2Own this year.
He's an individual,
and he's competing against
teams like Synacktiv and lots
of other groups that have
multiple individuals,
you know, really high
skilled, high caliber,
individuals that are that are
trying to identify vulnerabilities.
And I asked him the question
that, you know, around AI.
And, he claimed to
be not an AI expert,
but his answer was, I develop
AI models that help me
to offload the repetitive work
or the type of work I just
don't have time to do,
but I need to get done to help
me to actually figure out all
these attack, situations.
And so he said he's a white
hat hacker — White hat hacker —
using AI to increase
his productivity
in white hat hacking.
Exactly. And and that's how
he can compete against groups.
And so my my inflection
from that was,
this is a guy who's doing,
you know, ethical hacking.
What if what if
he's a bad actor?
Then they can also take
advantage of AI to help them to
even be more
successful in their,
in their attempts as well.
So that that's on
one side. Right?
But then we also see the
capability of using AI for
protection, you
know, in regards to,
using various models to
identify patterns of behavior,
in regards to anomaly
model, anomaly models.
You can see in
regards to filtration,
in regards to different
events we see from vehicles.
We can see that in regards to
correlation, in regards to,
different patterns of
behavior that we see.
You know, we talked about
onboard or off-board,
but also from different systems.
You might want to see different
activities across those,
not just looking at
them as isolation pools,
but actually look
across the whole piece.
So all these different things
you need you can use AI to
speed it up where a
human just cannot do it.
You know? Reading reading
logs from the vehicle itself.
You know?
You're gonna need
different ways to,
traditionally move on
from just rule sets.
You know?
And, so you need to to you need
to AI we can see people are gonna
use AI to attack, but also
you can use AI to defend.
And the question is, who's
gonna win the race and,
who can quickly adapt the best?
That's such an interesting
perspective of the double-edged
sword of AI for cybersecurity.
Willy, this has been an
incredible conversation.
We've covered such a wide
range. I've learned a ton.
Thank you for visiting with us.
And, we're excited
to work with you.
We look forward to working with
you more in the future from
Sonatus, and, and thank
you for being on the show.
Thank you very much.
If you like what you're
seeing with, today's episode,
please like and subscribe to
see more episodes like this.
And you could find
us on, YouTube,
on the Sonatus website,
Apple Podcasts, and Spotify.
We look forward to seeing you
again in another episode of The
Garage very soon.
