While cybersecurity in vehicles is a relatively new concept—a field ushered in by widespread web connectivity and the emergence of self-driving cars—there are several universities which have turned their attention to this high-growth field.
One of the most prominent institutions focusing its research in this area is the University of Michigan’s Mobility Transformation Center (MTC) located near the old heart of the American car industry. The stated goal of the MTC’s R&D partnership with the automotive industry is to develop an advanced system of autonomous, connected vehicles by 2021. The MTC aims to give students cross-disciplinary instruction and opportunities to collaborate in a real-world setting. By illustration, in the College of Engineering’s Multidisciplinary Design Program, students at all degree levels take on varied research projects under the guidance of experienced mentors such as Dr. Di Ma (profiled below in the “Rockstars” section).
In one exemplary project, students are designing an automotive intrusion detection and prevention system (IDPS), which is being tested in the lab by one of the school’s Vertically Integrated Project (VIP) teams, drawing from various departments such as engineering, information science, design, business, and law. The technology is being tested at the MTC test track or Mcity, a state-of-the-art facility for testing connected (i.e., web-integrated) and autonomous (i.e., self-driving) vehicles. One of the current projects is to develop the “Cybersecurity Roadmap for Automated Cars.” Furthermore, the university’s famed Transportation Research Institute (UMTRI) has focused recent investigations on the cybersecurity of vehicles, highlighting the need to safeguard vulnerabilities such as the electronic control units (ECUs), web-connected infotainment systems, and other modern conveniences. One of the leading researchers in automotive cybersecurity in the world, Dr. André Weimerskirch (profiled in “Rockstars” below) leads this branch of the UMTRI.
Another school of interest is the University of Arkansas at Little Rock (UALR Aug. 2016), which boasts one of the world’s youngest researchers in vehicular cybersecurity: Zachary King, an undergraduate in computer science who authored a piece entitled "Investigating and Securing Communications in the Controller Area Network (CAN).” King was one of ten students selected from around the country to participate in the CyberSAFE@UALR program. Under the guidance of Dr. Shucheng Yu and Dr. Menjun Xie (profiled in “Rockstars” below), King helped to develop a security protocol to protect the CAN, an internal communications feature in cars. UALR’s Donaghey College of Engineering and Information Technology (EIT) offers several programs in areas such as computer science, information science, and systems engineering with independent research opportunities, including those in the field of automotive cybersecurity.
Additionally, Ohio State University’s Center for Automotive Research (CAR) offers interdisciplinary programs in systems engineering, including a graduate-level specialization in automotive systems engineering (GS-ASE). Classes in this track include instruction in vehicle electrification, dynamics & control, and engine & powertrain systems. One CAR research focus is on autonomous vehicles, which provides insight into the cybersecurity of automated driving mechanisms.
Carnegie Mellon University’s (CMU) College of Engineering counts one of the leading researchers in automotive cybersecurity among its faculty: Dr. Raj Rajkumar (profiled in “Rockstars” below). This school has a number of cybersecurity-focused research facilities, including the CyLab and the GM Collaborative Research Lab. The latter focuses on advancing the realm of vehicle information technology with research squarely aimed at developing dependable embedded systems. Among CMU’s program offerings is a bachelor of science (BS) in electrical & computer engineering, which strongly encourages students to pursue original, practical research stemming from their coursework and interests. An impressive 60 percent of undergraduate engineering students take advantage of the opportunity to work under leading researchers.
Finally, New York University (NYU) provides excellent opportunities for mentored research in this field. In fact, the Department of Homeland Security’s Science and Technology Directorate (DHS S&T) awarded $1.4 million to NYU in October 2015 to develop a technology to prevent cyber-attacks in government and consumer vehicles. A team led by outstanding professor Dr. Justin Cappos (profiled in “Rockstars” below) has been developing a multi-pronged security feature to prevent vehicle cyberattacks at varied points of entry (e.g., car manufacturers, dealerships, internal software developers, etc). Notably, the Tandon School of Engineering provides a dual bachelor of science (BS) degree in computer science and computer engineering. This innovative 140-credit program has courses such as engineering & design; programming & problem-solving; structures & algorithms; fundamentals of electric circuits; logic & state machine design; and a professional development & presentation unit for student-developed research to flourish.
For students and working professionals interested in automotive cybersecurity, it’s crucial to connect with the most experienced professors and researchers in the field, particularly for a discipline still in its infancy. Here are five leading mentors in this nascent industry:
Dr. Justin Cappos, Assistant Professor of Computer Science and Engineering at New York University
“The philosophy is ‘technology in service to society’...You need not only to have technical skills, but you really need that heart and that passion for making a difference, that willingness to take a problem wherever it needs to go in order to solve it.”
Dr. Cappos is a respected role model and professor who concentrates on the real-world, practical applications of his research. While working on his PhD at University of Arizona he built Stork, the first package manager optimized for OS virtualization environments (e.g., cloud computing). His current team projects include work with TUF, PolyPasswordHasher, and Seattle, among others. Notably, NYU received $1.4M from the Department of Homeland Security’s Science & Technology Directorate in October 2015 to develop technology which combats cyberattacks against vehicles. Dr. Cappos was appointed the leader of that effort for which he’s been working in conjunction with the University of Michigan and the Southwest Research Institute. Overall, Dr. Cappos serves as a collaborator and mentor to many people, including four high school students, six undergraduates, a dozen master’s students, eight PhD students, and others.
In August 2016, he graciously agreed to an interview with OEP:
Who inspired you to get into your career field?
“When I was in elementary school, I taught myself to program. My parents bought me an old Commodore 64.” He added that as a teenager, he enrolled in a University of Arizona capstone course in operating systems for which he’d taken none of the prerequisites. After initial challenges, Dr. Cappos ultimately did well in the class with the support and encouragement of Professor Patrick Homer and spoke positively of his young induction into academia: “There was such beauty and depth in the field that I’d never realized.”
Who continues to inspire you in your field?
Dr. Cappos celebrates the work of CMU Professor Dr. Mahadev ‘Satya’ Satyanarayanan, who had built a distributed file system and shared it with people throughout the university. “He demonstrated a philosophy that I try really hard to carry into all of the work that I do: solve problems that matter and do enough to solve them in practice. Don’t assume that every person who’s a practitioner in the world is going to read your paper published in some obscure academic journal.” He later referred to this tenet as “technology in service to society,” a philosophy which has been embraced at NYU.
What are the real hands-on challenges of the automotive security project and your approach?
“I really want to understand the real-world constraints that keep a problem from being solved and these can sometimes be things that aren’t ‘technical’, such as legal forces or business forces. My goal above everything else is to solve problems in practice. I don’t just want to write papers; I don’t just want to write grants for the sake of having lots of students...I really want to make the world a better place.” He likened the theoretical approach of his current DHS-funded project to the checks-and-balances of a nuclear submarine: “To give you a conceptual idea, think about the nuclear submarines...They have a way of controlling the system launch: two people with keys who simultaneously need to turn them to enable the launch codes...We use that technique so that two parties need to go in to produce an update that your car will trust.”
Dr. Di Ma, Associate Professor at the University of Michigan—Dearborn and Esteemed Security and Forensics rEsearch (SAFE) Lab Director
After earning her PhD from the University of California—Irvine, Dr. Ma worked at IBM’s Almaden Research Institute and the Institute for Infocomm Research based in Singapore. The main thrust of her research is in security and cryptography, and she’s slated to speak at the 2016 Automotive Cybersecurity Summit in San Francisco. She’s won countless awards and honors, including the NSF-TRUST Fellowship and an Appreciation Award from IEEE.
Dr. Mengjun Xie, Associate Professor of Computer Science at the University of Arkansas at Little Rock (UALR)
After receiving his PhD in computer science from the College of William and Mary, Dr. Xie joined the faculty at UALR where he currently leads the Networked and Complex Systems Security Research (NEXUS) Lab. He’s received grants for research in information assurance and cybersecurity from the National Science Foundation (NSF) and Amazon Web Services (AWS) in Education. Notably, he’s the director of the CyberSAFE@UALR program, which aims to “decrease cyberattacks on people using mobile technology and social networking sites,” said Dr. Xie. Through CyberSAFE, promising undergraduate Zachary King conducted research on automotive cybersecurity in 2016.
Dr. Raj Rajkumar, George Westinghouse Professor of Electrical & Computer Engineering and Robotics Institute at Carnegie Mellon University
Dr. “Raj” is an international leader in the cybersecurity of vehicles and directs several research laboratories, including the Real-Time and Multimedia Systems Laboratory (RTML) and the General Motors-Carnegie Mellon Connected and Autonomous Driving Collaborative Research Laboratory (CAD-CRL), as well as the National University Transportation Center of Safety, an organization sponsored by the US Department of Transportation. Additionally, he was the founder of Ottomatika Inc., one of the pioneering companies in software for self-driving cars. He’s won countless awards such as the Carnegie Science Award (2011) and IEEE’s Outstanding Technical Achievement and Leadership Award (2009). Finally, Dr. Rajkumar considerately offered to answer some of OEP’s questions in August 2016. He mentioned that he’d loved math since childhood and had two uncles in India where he grew up who were engineers. He spoke highly of CMU Professors Raj Reddy and John Lehoczky who actively inspire him, adding that Dr. Lehoczky’s “world-class math expertise combined with the clarity of thinking and abstraction amaze me to this day.” He also outlined the greatest challenges today in developing safe vehicles in the age of connectivity:
First, cars, like many things in modern life today, are increasingly becoming connected through 4G cellular technology and WiFi. This capability introduces the possibility of malicious attacks or inadvertent intrusions into vehicles, which can potentially turn them into weapons of destruction. Secondly, traditionally, automotive components were designed assuming that everything that is received from within the car could be trusted. No security checks were put in place. But we now live in a different world, and automotive standards and components have quite some catching up to do.
In recent years, there’s been an explosion of research institutes and private ventures dedicated to preventing cyberattacks on vehicles. With several wealthy companies investing in self-driving cars (e.g., Tesla, Google, Apple’s Project Titan), there’s expected to be a concurrent demand for automotive cybersecurity experts at all of these companies. One way which corporations are investing in this branch of security is by learning from non-malicious hackers who are willing to share system vulnerabilities with industry experts.
By illustration, Uber hired Charlie Miller and Chris Valasak into the company’s Advanced Technology Center (ATC) shortly after the two famously hacked and assumed control of the Jeep Cherokee. Uber is squarely focused on developing a future of autonomous vehicles in a sharing economy. Naturally this endeavor presents several security challenges since there are many points of vulnerability in this on-demand car system, but this vision may become manifest sooner than expected. By illustration, Uber acquired self-driving truck startup Otto in August 2016, and since May, the ATC has been performing self-driving vehicle tests in Philadelphia. The company will likely continue to invest heavily in this project given its vast stores of cash and multibillion dollar valuation. These vehicles are not designed by Uber, but rather are hybrid Ford Fusions with self-driving modifications. If Uber’s sharing economy “fleet model” takes off, there are expected to be ample opportunities in their division of automotive cybersecurity in the coming years.
HARMAN is a vehicular infotainment systems, augmented navigation, and telematics (i.e., using cellular communication to automate functions) corporation. This company is one of the global leaders in developing connected systems for cars and more than 25 million automobiles worldwide have embedded HARMAN systems (e.g., BMW, Porsche, Mercedes-Benz). During the past two years, HARMAN has acquired Red Bend and award-winning TowerSec Automotive Cyber Security, moves widely seen to to beef up the company’s investment in secure solutions for connected vehicle controls. It’s worth noting that HARMAN is based in Ann Arbor, one of the most prolific regions for automotive cybersecurity R&D (Spark April 2016).
The Movimento Group occupies the gap between industries in Detroit and the Silicon Valley. This self-described “tech company with automotive DNA” is tackling challenges such as preventing infotainment system data theft, thwarting driving system takeovers, and developing advanced OTA (i.e., over-the-air) security updates and protections. For its groundbreaking OTA developments, Movimento won the 2016 TU-Automotive Award in the “best telematic product/service” category.
Another company recognized for its excellence was Security Innovation, which was awarded a 2016 TU-Automotive Award in the “best auto cybersecurity product/service.” The company’s award-winning product was Aerolink, an innovative technology aimed at securing vehicle-to-vehicle (V2V) and vehicle-to-infrastructure (V2I) communications. The Aerolink product is celebrated for its interoperability with a wide range of OSs and processors and will be available in the 2017 Cadillac CTS. Above all, Security Innovation is expected to be a must-watch company in automotive cybersecurity into the future.
These are just a few of the companies available in this space and the options are expected to grow in coming years. Other companies of note include all car manufacturers (particularly those with web-connected vehicles) and Israel-based Argus Cyber Security.
Finally, there’s a wealth of conferences and other resources for students and professionals interested in the future of this high-growth field. These include:
The ability of a computer to learn and problem solve (i.e., machine learning) is what makes AI different from any other major technological advances we’ve seen in the last century. More than simply assisting people with tasks, AI allows the technology to take the reins and improve processes without any help from humans.
Human-centered design, sometimes also called human-computer interaction or engineering psychology, teaches the importance of prioritizing the needs, desires, and behaviors of people when building technology. Professionals in this discipline are usually called user experience (UX) practitioners.
Discover the humanitarian applications of artificial intelligence, robotics, virtual reality, and big data, including exclusive interviews with industry predictions and a discussion of current advances across these sectors of software engineering.
Done right, computer engineering has put Americans on the moon with less computing power than one of today’s dishwashers. Done wrong, it’s caused two commercial airliners of incredible complexity to tragically crash into the ground after takeoff.
User experience refers to how a person feels and behaves when using a system, service, or product. The UX discipline is vast, including a variety of professionals who focus on making experiences that are valuable and accessible to people.