Security for the Next Generation: SAE Cyber Auto Challenge

For the last seven years, the Society of Automotive Engineers (SAE) and Battelle corporation have hosted a worldwide event called the Cyber Auto Challenge aimed at introducing the next generation of engineers and software developers to the landscape of connected cars and their cyber-security needs. The Cyber Auto Challenge, in tandem with the Cyber Truck Challenge also hosted by SAE, gathers talented high school and university-class students from around the world for a week of intense training by automotive industry veterans and cyber-security experts in the techniques used to find and fix cyber vulnerabilities in connected vehicles.

The techniques taught and practiced at the Cyber Auto Challenge are none other than those used in the real world of automotive cyber-security and penetration testing, with the instructors being subject-matter experts in hardware, software, and automotive penetration testing. Mohammad Kamel Ghali, a field-applications engineer and penetration tester at Trillium gave the following reflection on the week-long event.

“During the week of the Cyber Auto Challenge, I had the pleasure of working alongside long-time colleagues and budding automotive cyber-security zealots alike. Getting to share experiences and exchange tips and tricks with fellow researchers and penetration testers from firms such as Grimm, Intrepid Control Systems and Battelle was a great opportunity. Each participant in the challenge brought forth their unique perspective on the challenges faced by the connected car security industry, making this week of collaborating with experts in the field an enlightening experience for everyone. I hope that together with Trillium I can continue to participate in and support the SAE and Cyber Auto Challenge for years to come, helping to ensure the continued cyber-security of the transportation of the future.”

As the prospect of automotive cyber-security shifts from an afterthought into a high priority for carmakers and legislators alike, the importance of standards-defining bodies such as the SAE cannot be understated. It is through cooperation with such entities that Trillium hopes to inspire an era of connected-car security to facilitate the next generation of cooperative connected transportation.

Cybersecurity for Defense on the Rise: New Cyber Range Operations Center in MI

On Friday, July 20th, federal, state and local officials convened for the opening of the Velocity Hub of the Michigan Cyber Range. The Michigan Cyber Range is a long-standing center for critical training of cyber security professionals, and the newly added Velocity Hub seeks to expand the range’s scope further than before.

A collaboration between private industry players and government bodies – both federal and state-level – the Velocity Hub aims to bridge the gap between cutting-edge cyber technologies and the environments they serve. By providing the necessary training, equipment, and secure-sandbox environments for the development and proliferation of cyber secure technologies and business practices, the Velocity Hub will establish Michigan as a key player in the cyber security field.

The necessity for pre-emptive drafts of cyber security standards in vehicles is not lost on the Brigadier General – the traditional method of waiting for an incident to occur before thinking of cyber legislation can result in a drastic loss of life when it comes to automobiles.

This need for vehicular security regulation is the driving force behind Trillium’s participation in projects such as the Velocity Hub, the SAE, and other standards-developing bodies to prepare the future of connected and autonomous vehicles. Trillium’s “security by design” mentality applies not only to technology, but to the design of society as a whole. Through working together with government agencies, our industry partners and standards committees, Trillium hopes to drive the next wave of cyber legislation in the US from the heart of the Midwest.

Buy it and Fly it: The Aftermarket Autonomy Market

As technology continuously moves towards making human life better and more effortless, transportation is a field that receives a lot of attention. From improving the speed of airplanes to the congestion in traffic, it seems that transportation has the most potential to benefit from technological advances. Self-driving cars are no small part of this. The ability for one’s car to take them along their every-day commute without the driver’s full attention will be a great leap towards the society of tomorrow, increasing road safety and allowing for more productive hours throughout the day. So anticipated is this revolution that tools are already being developed that can offer the same sort of functionality to vehicles already on the road – the aftermarket autonomy industry.

Far away from Tesla’s custom autopilot system or any other state of the art self-driving platform under development by Google or another large corporation, the startup scene has given birth to many self-driving solutions of its own. Focusing on the average consumer’s reluctance to buy a new vehicle solely for the sake of self-driving functionality, the players in the aftermarket autonomy market have developed “kits” that aim to be installed in cars already on the road to offer them self-driving capabilities. As the number of players in this market increases, so does the number of supported makes and models of vehicles. This technology opens the convenience to a larger number of people than would be able to buy a brand-new autonomous vehicle, expanding the connected and autonomous car sector to include older makes and models to make the roads safer for everyone.

These solutions often incorporate an external sensor (like a camera) with a device that allows commands to be sent to the OBD-II port found in most vehicles, granting direct control of the vehicle’s inner mechanisms. While the technology used in these products is remarkable, it raises the concern of unsecured connectivity being introduced to a diagnostic port – a situation that could potentially end in disaster if exploited. The merit to be gained by using such products cannot be understated, however just as with all things related to a connected ecosystem, security needs to be taken into account.

Infrastructure Hacking: Cyber Crime on the Rise

Last month in Detroit, Michigan, a gas station on 7 Mile and Southfield roads was the target of a crime – a robbery, specifically. What makes this incident different from the more commonplace robberies that frequently target gas stations is that the theft was not of cash or goods from within the store, but of gas itself. All the more puzzling though, is how it was achieved.

ClickOnDetroit reports that the gas pump was hacked. Two thieves armed with what can only be called “a device” were able to gain unauthorized control of a gas pump and freely discharge gasoline from it for over 90 minutes. In that time they were able to discretely steal 600 gallons of gas, a value of over 1,800 dollars without anyone catching on. By having cars come and fill up directly instead of filling up barrels that might draw suspicion, the thieves were able to avoid detection, abusing the fact that the station in question was almost always busy by blending in with the natural traffic.

The threat identified by this incident is no laughing matter. The root cause stems from the over-specialization of computer systems that carry out simple transactions like gas purchases. The devices used for these applications are often only designed to carry out that specific function, making them cheap but unable to implement peripheral systems, such as cyber security. This lack of security could result in not only theft of gas, but the credit card information of previous customers at the pump.

It is to secure resource-constrained devices such as those found in so many Internet of Things edge-nodes that the SecureGO module of Trillium Secure platform was originally developed. With its ability to add robust cyber security features to even the most basic automotive-grade hardware, SecureGO has the potential to introduce cyber security to the entire IoT edge-node ecosystem, securing every link in the chain that defines the interconnected world of tomorrow. As incidents like this become more frequent, the world will constantly be reminded that any defense – cyber or otherwise – is only as strong as its weakest link.

 

Trillium、JAFCOが率いるシリーズA2ラウンドで1100万ドルを資金調達

Trilliumのサイバーセキュリティ技術による安全なデータ管理が投資家の関心を高める

カリフォルニア州、サニーベール 及び東京, 2018年07月04日 – (JCN Newswire) – サイバーセキュリティ技術の世界的リーダーであり、車両および車両の安全なデータ管理を行うTrillium社は株式会社ジャフコが率いるシリーズA2ラウンドで1100万ドルを資金調達したと発表しました。このラウンドにおけるその他の投資家はAirbus Ventures (仏), Deutsche Bahn Digital Ventures(独), 東京センチュリー株式会社(日), 三菱UFJキャピタル株式会社(日), そして Plug and Play Ventures(米)です。
この最新のラウンドで、Trilliumの総資金調達額は1500万ドルになりました。Trilliumはこれらの資金を用いて、急速に成長するグローバル基盤を整えると共に、製品開発、セールス&マーケティング及び顧客サポートを推進していきます。総額約32億ドルを投資する日本最大級のベンチャーキャピタルであり、今回のリードインベスターでもある株式会社ジャフコ(本社:東京都港区)の取締役社長 豊貴伸一氏は 「Trillium社の革新的なビジネスモデルと、多重層アプローチによるサイバーセキュリティ・ソリューションは、競争が激化している自動車セキュリティ市場をリードする技術です。また、そのソリューションはコネクティッド・カー及び自動運転へ移行する流れを加速し、そのポテンシャルを最大限に引き出すキーカンパニーとなるでしょう」 とコメントしています。Trillium Secureサブスクリプション・サービスは、サイバー攻撃を防ぎ、特許取得済みのソフトウェア製品群(SecureGO、SecureIXS、SecureOTA、SecureSKYEなど)を通じてデータの安全性、プライバシー、および整合性をセキュアにしています。詳しくは www.trilliumsecure.com をご覧ください。

欧州の多国籍航空機メーカー、Airbus社の投資部門であるAirbus Venturesの日本及びアジア・パシフィック地区の代表、Lewis Pinault氏は「私たちは、他にはないアイデア、付加価値のあるソリューション、そして斬新的なビジネスモデルを持つベンチャーをサポートします。その上でTrillium社はこれらの要素を満たしており、戦略的投資を行うには最良のパートナーです。特に着目したのは輸送業界における重要なデータを保護するためのライフサイクル・ソリューションを開発した点です」とコメントしています。

またドイツ、Deutsche Bahn社のベンチャーキャピタル部門であるDeutsche Bahn Digital VenturesのディレクターBoris Kühn氏は「コネクティッド・カーを運行する際に重要となるのが、サイバーセキュリティの強力なパートナーとタッグを組む事です。Trillium社は市場でもトップクラスのプレーヤーであり、欧州におけるビジネス拡大を喜んでサポートします」とコメントしています。

輸送業界は世界的にコネクティッド・カー化が進んでおり、それに伴い車載制御・通信・AV機器がサイバー攻撃に対して脆弱になっています。車両機能のデジタル化は、サイバーセキュリティー市場の急速な成長機会をもたらしています。

Trillium社の社長兼CEOであるDavid Uzeは「アナリストによると、輸送業界のサイバーセキュリティ市場は2030年までに220億ドルを超えると予測しています。Trillium社はその市場の大きなシェアの獲得を目指します」とコメントしています。

最近制定された欧州連合(EU)の一般データ保護規制のようなプライバシー法や、カリフォルニア州の消費者データプライバシー法と同様、車両データ・ライフサイクル・サイバーセキュリティ保証は、我々が直面する最も重要な問題の1つです。

自動車リースとレンタカービジネスを傘下に持つ日本の金融・サービス業、東京センチュリー株式会社、 事業開発部門長 北川淑人氏は、「コネクテッドカーや自動運転技術の導入が広がる中、車両のサイバーセキュリティーは今後の最重要課題となるはずです。Trillium社は車両のサイバーセキュリティに高度な技術を持つ優れた投資先と考えています。Trillium社のビジネスを拡張させるため今後もサポートしていきます」 とコメントしています。

日本を代表する銀行・金融グループ、三菱UFJフィナンシャルグループの一員である三菱UFJキャピタル株式会社(本社:東京都中央区)代表取締役社長 半田宗樹氏は、「Trillium社のビジネスモデルは、独自の技術を使って自動車関連の情報を安全に保管、解析・分析し、顧客資産とそこから発生する大量の機密データを有機的に活用することをコアバリューとしており、保険・通信・フリートオーナーなどに対して多様な付加価値サービスを提供する会社です。」とコメントしています。

米国、シリコンバレーに本拠地を置くアクセラレータ投資企業の一つPlug and Play VenturesのパートナーであるIvan Zgomba氏は「未来の発展に向けたビジネスを創造している企業への投資を模索しています。その点でTrillium社は非常に短期間で車両サイバーセキュリティとデータ保護のリーダーとしての地位を確立しており、彼らと共に歩んでいくこの先の未来に興奮しています」とコメントしています。

Trillium Secure,Inc.について
Trillium社は、車両およびフリート車両の包括的なサイバーセキュリティ保護と、安全なデータ管理を提供します。Trillium Secureサブスクリプション・サービスは、コネクティッド・カー、自動運転車輌、配送などのフリート車輌をサイバー攻撃から守るために多重層のサイバーセキュリティ技術を用いています。また、駐車中や走行中においてもフリート車輌に対してプライバシー、機密性、データの匿名性を維持しながら、認証運用および危険を管理するデータ・ソリューションを提供します。Trillium社は、取得済み、または出願中の特許技術及びサービスを用いて、フリート運用会社、・ライドシェアサービス・、車輛メーカ・、航空宇宙業界・、防衛組織・、保険会社・、モバイルキャリア及びテレマティクスインテグレーターにセキュアなサービスを提供します。付加価値を提供するサービスプロバイダーはカーシェアリング・科学捜査、・故障予測、テレマティクス、UBI(Usage Based Insurance=利用ベース保険)などのデータ管理分野において信頼性をもってTrilliumのデータを使用するでしょう。
Trillium社のデザインセンター及びフリート・セキュリティ・オペレーションの拠点は、サニーベール、アナーバー、ホーチミン、東京に展開しており、年内中に欧州のデザインセンターも開設予定です。
詳細については、www.trilliumsecure.com をご覧ください。

代表取締役社長:ディビッド M. ユーゼ
東京所在地:東京都渋谷区恵比寿3丁目21番地2号
設立:2014年7月
E: Miki.Irie@trilliumsecure.com
U: https://trilliumsecure.com

Trillium Raises $11M in Series A2 Funding Led by JAFCO

SUNNYVALE, CA, July 4, 2018 – (ACN Newswire) – Trillium Secure, Inc. (Trillium), the global leader in cybersecurity protection and secure data management for vehicles and fleets, today announced an $11M round of Series A2 funding led by JAFCO, with participation from other investors including Airbus Ventures, Deutsche Bahn Digital Ventures, Mitsubishi UFJ Capital, Tokyo Century Corporation and Plug and Play Ventures.

The funds will be used for expanding Trillium’s product engineering, sales & marketing and customer support services to meet its rapidly growing global base of customers, partners and project deployments. The latest round brings Trillium’s total funding to $15M.

“We believe Trillium’s revolutionary business model and multi-layered approach raise the bar for hackers and Trillium’s competitors in the race to secure and protect vehicles and driver data,” said Shinichi Fuki, President & CEO of JAFCO, Japan’s largest venture capital firm with $3.2 billion in total commitments. “Effective cybersecurity solutions such as Trillium’s are key to helping ensure a smooth transition to the connected and autonomous vehicles of today and tomorrow.”

The company’s Trillium Secure subscription service defends against cyber-attacks and ensures the safety, privacy and integrity of data through a patented suite of software products. The Trillium Secure multi-layered suite of products includes SecureGO, SecureIXS, SecureOTA and SecureSKYE.

“We support entrepreneurs with unique ideas, value added solutions and disruptive business models. Trillium represents these elements and is exactly the type of partner we want when making strategic investments,” said Lewis Pinault, Managing Investment Partner, Japan & Asia Pacific, Airbus Ventures, the investment arm of the European multinational aircraft manufacturer. “Trillium has developed an effective lifecycle solution to securing mission critical data suitable for use across the transportation industry.”

“A strong partner for cybersecurity is crucial when it comes to operating connected vehicles and fleets. We see Trillium as one of the leading players in the market and look forward to supporting its expansion in Europe,” says Boris Kuhn, Managing Director of Deutsche Bahn Digital Ventures, the venture capital division of Deutsche Bahn.

Globally, the transportation market is going through dramatic changes with an ever-increasing number of vehicles connecting to the internet making their control, communication and entertainment systems vulnerable to cyber-incursions. The digitization of core vehicle functions has led to rapid growth in the market to protect connected vehicles from cyber threats.

“Analysts estimate the transportation industry cybersecurity market will top $22 billion by 2030,” said David Uze, President and CEO of Trillium. “With this round of investment, Trillium is positioned to capture a significant share of the vehicular cybersecurity assurance market.”

Due to recently enacted privacy laws like the European Union’s General Data Protection Regulation, as well as California’s Consumer Data Privacy Law, vehicular data lifecycle cybersecurity assurance is among the most important issues we will face.

“Under the expansion of connected car market and development of autonomous driving technology, cybersecurity assurance over the vehicle must be the most important issue we will face. We see Trillium as an excellent investment because of its advanced technology on cybersecurity over the automobile,” said Mr. Yoshito Kitagawa, President, Business Development Unit, Tokyo Century Corporation, a Japan-based leasing and financing company whose business includes auto leasing and car rental. “We empower businesses like Trillium and are pleased to support Trillium?s continued customer expansion and product development efforts.”

“Mitsubishi UFJ Capital, as part of Mitsubishi UFJ Financial Group, the Japan-based banking and financial services group, finds that Trillium’s business model aligns with their core values of protecting customer assets and safeguarding the privacy and value of vehicular data,” said Mr. Muneki Handa, President of Mitsubishi UFJ Capital. “Trillium enables value added services for fleets and other value chain partners by securing and aggregating increasingly robust pools of that data.”

“We seek to invest in companies that are creating the businesses of tomorrow,” said Ivan Zgomba, Partner at Plug and Play Ventures, one of the most active early stage investors in Silicon Valley. “In a very short time, Trillium has established itself as a leader in vehicular cybersecurity and data protection, and we are thrilled to be part of its journey.”

About Trillium Secure, Inc.
Trillium delivers comprehensive cybersecurity protection and secure data management for vehicles and fleets. Its Trillium Secure subscription service utilizes multi-layered cybersecurity technology that hardens connected and autonomous vehicles and fleets against cyber-attacks. Trillium also offers an authenticated operational and threat management data solution for fleet vehicles that preserves privacy, confidentiality and anonymity of data while at rest and in motion. Trillium serves fleet operators, rideshare services, vehicular OEMs, aerospace and defense organizations, insurance companies, mobile carriers and telematics integrators with its proprietary multi-layered, patented and patent pending solutions and services. Value-added service providers trust secure, authentic data from Trillium for car sharing, digital forensics, preventive maintenance, telematics, usage-based insurance and other services. Trillium’s design centers and fleet security operation sites are located in Sunnyvale, Ann Arbor, Ho Chi Minh City and Tokyo. Trillium will open a European design center in the third quarter of this year. For more information visit www.trilliumsecure.com.

For Media Enquiries, please contact Adrian.Sossna@trilliumsecure.com.

Connected Car Data: More Than Just a Byproduct

Given the number of computers residing in modern vehicles, it is no wonder that they generate a large amount of data during their operation. That data is used by the vehicle to facilitate its operation in real-time, but when aggregated and analyzed over long periods of time, that same data can be utilized in a myriad of ways to enhance road safety and user experience. Indeed, analysis of the data generated by vehicles is a valuable undertaking, offering both real-time and long-term benefits to consumers.

With an increasing number of sensors being used to assist drivers during travel, vehicles have the ability to learn about their environments during operation. For self-driving and other drive-assist functions, data on the locations of obstacles is a given, however the same tools used for these services can also provide data such as road conditions, wind speeds, precipitation status and traffic conditions. Vehicles receiving this data, if communicating with a common cloud server, can share information about their mutual environment to shorten commutes and increase safety. Even simple knowledge of the vehicle’s weight during operation can allow for optimization of the car’s performance, saving fuel and time for the user.

Despite the seemingly endless use-cases for vehicular data analysis, there are still some hurdles that need to be overcome. The sensitivity of the data collected is one such example, with studies showing that while users are more likely to share “objective” data such as road conditions and the technical status of their vehicles, they are more reluctant to share more personalized data such as personal driving preferences or GPS data. The personal value of this data cannot be undermined, and legislation is quickly taking steps to enforce its sanctity. Recognizing this, Trillium is dedicated to providing GDPR (and other future legislation) compliant data management technology that preserves the privacy, confidentiality and anonymity of all consumer data it manages. Without such a solution in place, the monetization of consumer vehicle data will never become the $500 billion industry it is destined to be.