Funded by the UK government’s Economic and Research Council (ESRC) Discribe (Digital Security by Design Social Science), Coventry University along with other leading research centres and industry bodies are conducting a research  to

• understand the benefits of secure hardware adoption, and how such benefits are measured and perceived
• identify the costs of security failures arising out of the lack of such practices
• assess what value gains are expected from software add-ons and developer platforms on top of enhanced security at hardware
• identify what practices offset such value through various stages of the use case lifecycle.

The 26262 club had the opportunity to talk with Prof. Siraj Shaikh, lead investigator of this research.

Club: Siraj, why do you believe such research is necessary?

Siraj: The automotive supply chain is complex and distributed. As the need for assurance on the components and systems grow, along with the threat of cyber attacks, we need more research to better understand what economic factors help or hinder adoption of security. While this applies widely, our focus here is on secure hardware (that is, any hardware-level enhancement that helps with system-level security). Such secure hardware could help thwart certain classes of attacks and also establish hardware root of trust. 

Club: In your view, what do you think the automotive industry can do immediately better to improve their security?

Siraj: Security is seen as a cost generally, and we are seeing regulation to help overcome this. Beyond compliance, the industry needs to consider how the security is communicated to the customer as a core value proposition (rather like safety). This would need better customer awareness and education on why effective security is important and necessary. More innovation also needs to be a priority: how can the industry leverage advances in secure software engineering, for example, to inform secure development and engineering practices?

The research team is looking to speak with industry professionals directly or indirectly working with hardware security issues.  

Information for interested parties can be found to the Discribe page for this research here.

If you are interested and want to learn more, get in touch with Andrew Tomlinson at ad5850@coventry.ac.uk 

Related media:
SEMI Press Release: BERLIN, Germany ─ March 30, 2021 ─ SEMI today announced its participation as an industry expert in a study by researchers in Coventry University’s Institute for Future Transport and Cities’ (IFTC) Systems Security Group (SSG) to examine drivers of computer hardware security adoption among businesses and consumers.

 

Photo by Pixabay on Pexels.com