Half of all automotive cyberattacks in history occurred in 2021 alone—almost 140% more than in 2020.
That’s according to Upstream Security Ltd., a startup offering a cloud-based automotive cybersecurity and data analytics platform, which is opening its first vehicle security operations center outside of its native Israel in Ann Arbor, Michigan.
The number of connected vehicles on the road has soared, and automakers including the Detroit Three have plans to add millions more over the rest of the decade, offering over-the-air updates, on-demand features and technology benefits that customers demand.
However, this also means they can be vulnerable to cyber-attacks that can steal personal information, take control of car functions and even potentially give hackers access to the larger electrical grid. And these threats are growing, with automakers and smart mobility providers accounting for 6 percent of attack targets so far in 2022, up from 2 percent last year.
“The automotive industry is now at a point where cars, trucks and vehicles are really becoming just another device,” said Richard Forneau, assistant director of the Cybersecurity Center at the University of Maryland, Baltimore County. “You have smart phones, Amazon Alexas, cars are now just another smart device. As such, they are always connected. There are a number of security issues for any other always-on device. With every new technology that becomes popular, you will see an increase in attacks.
This is where Upstream comes in. By working with automakers, it offers a layer of protection to identify and combat attackers, which is a requirement to regulate the services, says CEO Yoav Levy.
“This is critical infrastructure (that) needs to be taken very seriously not only by the car company or the fleet owners,” he said, “but also by the government.”
Hackers can search for personal information such as credit card numbers to unlock and start vehicles to be stolen, and to access electric vehicle charging stations to install ransomware, disable them as a means of cyberwarfare, or even to access the larger electrical grid, Levy said. It also has the potential to disrupt supply chains, supplies and other services.
“The impact is much more than if someone has an enterprise and steals their data,” Levy said. “The damage to the brand is very great.”
Also, he said, vehicles are more vulnerable when they use public charging stations or receive over-the-air updates, which the industry is rapidly expanding.
Upstream has the ability to cover 90 percent of potential attacks on a vehicle’s security, he said. From its customers, it receives information coming from and to connected vehicles, charging stations and other digital applications that are collected in the cloud. Upstream’s platform performs security analysis and uses machine learning models to look for known and unknown anomalies in data.
The company has hundreds of manuals generated from different use cases, from the moment anomalies are detected to actions that can be taken to protect the vehicle or information. Depending on the type of attack, some actions are automatic, while others may take longer. Actions may also include disabling the SIM card in a vehicle, working with the automaker’s cybersecurity team, and contacting the driver.
“We’re providing some sort of bird’s-eye view of the entire fleet,” Levy said. “And it’s monitored by cybersecurity experts. Once they detect a threat or an anomaly, they can actually respond in near real-time with textbooks and actually reduce the risk.”
In this way, Upstream was not only able to offer protections to new vehicles, but also to existing connected vehicles already on the road, which was one of the company’s goals when it launched in 2017.
Upstream today monitors around 12 million vehicles. Its center in Ann Arbor will be responsible for several million.
Levy declined to say whether Upstream was working with one of the Detroit automakers, citing the sensitive nature of cybersecurity. However, it has received more than $100 million in four funding rounds. Backers include the alliance between Renault, Nissan and Mitsubishi, Volvo Group, BMW and Hyundai Motor Co., as well as insurance companies, mobility firms and other investors. Levy declined to discuss the firm’s financial details.
The Ann Arbor center will be open 24/7. Upstream trains 10 people for the center but employs both full- and part-time staff. Today there are 130 employees worldwide. Levy recommends computer science degrees for those interested in the job, though it’s not required for the job.
Upstream chose Ann Arbor for access to Southeast Michigan’s customer base and automotive knowledge base. In Israel, where there is conscription for its citizens, many people have experience in cybersecurity, and Upstream offers training on its automotive application.
In Michigan, it’s the exact opposite. Upstream hopes to tap into deep-rooted industry knowledge in the state and offers cybersecurity job training for it.
“We can learn a lot from them around their deep automotive experience,” Levy said. “In Israel, we don’t have a car company that makes cars, so our knowledge of the car industry is very limited.”
The center is further evidence of how Michigan’s experience in automotive transportation gives it an edge in fostering an ecosystem that supports the cars of the future.
“Companies continue to invest in Michigan because of our world-class talent, quality of life, low cost of doing business and culture of innovation,” Trevor Paul, Michigan’s chief mobility officer, said in a statement. “Michigan remains committed to being the global epicenter of the next automotive revolution, and we applaud Upstream’s continued success and investment in Michigan’s autonomous and electrified future.”
Upstream expects its Ann Arbor center to be fully operational by the end of the year. It is looking to open a vehicle security operation at the center in Japan as well.