Aviva Zacks of Safety Detective had a great interview with Slava Bronfman, CEO and co-founder of Cybellum, and found out all about his company’s Cybersecurity Digital Twin™.
Safety Detective: How did you get into cybersecurity?
Slava Bronfman: Like most Israelis who work in cybersecurity, I got my start serving in the Intelligence Corps of the IDF, where I worked on cybersecurity at both ends: defensive and offensive. It was the best kind of cybersecurity school.
SD: Can you tell me about Cybellum?
SB: Cybellum is about risk assessment and management for the automotive industry. We provide solutions to help carmakers manage vehicle risk throughout the entire product lifecycle—from development to production, and through postproduction. You can consider today’s vehicles as small data centers full of smart, connected components. A single vehicle typically has over 100 connected components driven by over 100 million lines of code.
SD: Do you secure self-driving cars or just automobiles the way they are today?
SB: We do both. The industry today is on level three, which means “eyes off”—and level five will be completely autonomous vehicles. The largest carmakers in the world are currently using our solutions during their development and design phases. Our solutions are for both vehicles that are already connected and on the road, and for the autonomous vehicles that are coming in the future.
SD: Do you want to talk a little bit more deeply about V-Ray and V-Monitor?
SB: Cybellum provides solutions for carmakers and their suppliers—really the entire value chain. Our solution comprises two main products, one for the preproduction phase, the other for the postproduction phase. The preproduction phase solution, called V-Ray, scans all components that are going into the vehicle before integration. We inspect all of the software to verify that it meets cybersecurity compliance and regulations, decide whether it meets the best practices of cybersecurity defined by the customer, and produce a full gap analysis and gap resolutions. Then we can generate reports that itemize all issues that must be resolved before the vehicle and its software are ready for production.
V-Ray also generates what we call a Cybersecurity Digital Twin™ of the scanned component—or the entire scanned vehicle—that is used by V-Monitor, the postproduction solution. V-Monitor receives all these digital replicas—the digital blueprints of all the scanned components from the preproduction phase—and constantly monitors them in the backend for new vulnerabilities, new attack techniques, and new threat intelligence. Working with these Digital Twins, the customer receives a constant, up-to-date status of the risk of each component in a very nonintrusive way, with no need to install anything on the component—or the vehicle.
SD: What do you feel are the worst cyberthreats out there today?
SB: Today there are a lot of mobile apps and smart key fobs that are connected to vehicles. A thief, using Bluetooth, can open the door, start the engine, and drive away. A bad actor can hack into them and take full control of the vehicle.
In the future, when the entire vehicle is connected, you will store your data in the computer of the vehicle, so, when you buy gas, you’ll just drive by and your credit card, which will be part of the vehicle system, will automatically be charged. Smart apps like Spotify and Netflix are already part of vehicle systems. Attackers on the lookout for financial gain can hack these systems and steal your private information and financial data.
We are going to see more and more attacks on people’s finances and privacy, and, looking ahead, what has been going on in the past few years in the IT world will slowly come to the automotive world as well. Think of ransomware attacks where you are locked inside your car and you can’t get out until you pay out a certain amount of money.
SD: How do you think the COVID-19 situation has changed cybersecurity, and how will that impact the future?
SB: Obviously, there has been an overall economic slowdown because of COVID-19. But carmakers are still working on their cybersecurity projects to make future vehicles compliant with the new standards. Even more so, both carmakers and their suppliers are looking for ways to improve their operations, including cybersecurity. Both of these present us with a great opportunity since we provide solutions in both areas.