Securing The Future Of Vehicular Automation.

Maxime Mackieh, Head, Cyber Security, Punch Powertrain

Maxime Mackieh is an accomplished cyber security professional with extensive experience in multiple companies across Europe. He has been the Functional Safety Manager and the Cyber Security Manager at Schaeffler Automotive. He is currently the Head of Cyber Security at Punch Powertrain. In an exclusive interview with CIO Review he shared his invaluable insights regarding the future of automatization in the automotive industry.

Could you provide a brief overview in terms of your experience in the automotive sector and the current role you play within the organization you work in?

I am originally from an engineering background and I primarily studied robotics. For my additional studies I attended the University of Technology in Sydney, where I pursued double masters in robotics and engineering project management. I started my career at the automotive sector at Delphi Customer Technical Centre in Luxembourg, where I worked as a systems engineer for Diesel controllers, Diesel injection systems and central powertrain controllers for vehicles. For a brief period I worked in the same company as a software engineer as well.

After five years, I joined Schaeffler Automotive in Bühl, Germany, where I worked in functional safety as a software engineer on the application level. Later, I was assigned the role of functional safety manager. During this time the company was going through a phase of transformation to automate everything. Accordingly, they were working with automated gear boxes and clutches and refined solutions for hybrid and EVs (Electronic Vehicles). They were also trying to find their way in the EV market by attempting to elaborate new e-machine solutions for the powertrain.

In 2019, I became the cyber security manager at Schaeffler and was tasked with translating the new Regulations No. 155 and No. 156 from UN/ECE. These regulations aim to regulate the whole automotive industry by requesting their VMs to homologate their vehicles according to certain rules. Subsequently, I was requested to translate the new ISO 21434 about cyber security, understanding its impact on the company and applying to projects to make them compliant with them.

When I was contacted by Punch Powertrain, they were looking for someone who could fill a similar position - to lead this activity concerning the Regulations, tell them the requirements to create the company’s structure and the other requirements at several levels. This is because these regulations are not restricted to the product and its development. They also require a management system that needs to be created on the company level that takes care of different topics such as IT security, OT security and the care of production lines. Since I joined the company we are working on these topics, starting from scratch structure, which hopefully would soon be completed.

Based on your experience within the sector, what would you identify as some of the prominent challenges that are impacting the automotive sector right now in terms of safety and security?

The technical challenges within the sector are being handled by competent engineers working on the projects. According to me, the main challenges that are making an impact on the sector are, firstly, the political challenge concerning the necessity of restructuring. These things might cause some companies to restructure completely, to reconsider how they operate entirely and not just in one of their services.

"you would be happy to see the future where people can securely drive their vehicles, knowing first that the vehicle will never fail them and where no one can intervene and transform this vehicle into a dangerous machine for malicious intents"

The second is the financial aspect of restructuring, since restructuring, re-putting things in order and creating management systems entails substantial expenses. This is because you are required to hire certain people for this purpose. This is a subchallenge as these people either do not exist or if they do their services are expensive. Additionally, there is a high demand and little offer for them in the market. Moreover, being very well organized to restructure things correctly requires additional effort and finances.

What are some of the technologies and practices to streamline the strategies when it comes to addressing the challenges which you talked about?

Given that the aforementioned challenges are political and financial in nature, they cannot really be solved with technological solutions

However, on the technical side, we can find certain things that can aid in addressing the technical challenges. Artificial Intelligence (AI) for instance, is being used for fuzz testing and penetration testing in order to identify new way of attacking the system. In this kind of testing, attempts are made to break certain security mechanisms of a device. Automating this by using AI, the attack factors can be multiplied exponentially. It would also enable one to find the best attack factor to crack certain security features.

What are some of the technologies and practices you are looking forward to in the future?

The things that I am looking forward to in the future are unrelated to the challenges because we need to overcome the challenges and ensure a future that fits our expectations. I envision a secure future where we can enjoy the comforts that the vehicle provides while being completely protected from external attacks. We tend to forget that someone having the ability of locking the vehicle door externally and accelerating it to take the driver to certain death is actually possible in our present times.

 However, you would be happy to know that in the future in front of us, people can securely drive their vehicles, knowing first that the vehicle will never fail them and where no one can intervene and transform this vehicle into a dangerous machine.

Apart from AI driven automation, there exist concerns about post-quantum computing for crypto. Today we rely a lot on the crypto technology, and we know that once quantum computing becomes a reality, crypto will be rendered obsolete. Crypto is the main way we protect our information, but in the future it would turn out to be really inefficient.

There are a lot of new ideas emerging about post-quantum computing, and I am excited to see the manner in which postquantum computing will take us to a whole new level of computing power. Although this would be able to crack our existing security systems, it might also provide us with ways to improve them.

What would be your advice to fellow peers in the industry and also to our readers?

The advice would not be restricted to automotives and is more general in nature. I would advise people to keep an open mind regarding technology. This means that they need to know that they are in a never ending cycle of learning. We will always need to learn and update our systems. Learning here means understanding how things function so we can control them.

The technology is advancing so fast that the whole IOT space around us has exponentially exploded in numbers. Refusing to upgrade from old technology is not an option, and the more expedient alternative would be to learn and understand how the new technology works in order to protect yourself, your environment and your family.

You must educate yourself about the latest trends and the new use cases. In other words, you need to ride the wave instead of drowning under it.