image: Vulnerability analysis based on security risk analysis at the vehicle level

Sep 09, 2024

Products & Solutions / Press Release

Development of Vulnerability Analysis Innovations VERZEUSE™ for SIRT

Yokohama, Japan, September 9, 2024 – Panasonic Automotive Systems Co., Ltd. (“Panasonic Automotive Systems”) has developed VERZEUSE™ for SIRT (Security Incident Response Team) to analyze the security risks of vulnerabilities in vehicle software after shipment, in collaboration with Panasonic Holdings Corporation.

VERZEUSE™ for SIRT is an innovative system that analyzes the security risks of vulnerabilities identified in software installed in vehicles after shipment and determines the priority of response. It aims to automatically narrow down high-risk vulnerabilities from the vast amount of ever-increasing vulnerability information, and to significantly reduce the time required for risk analysis and vulnerability response.

This system will be exhibited at the 30th ITS World Congress 2024 in Dubai*1 to be held from September 16 to 20, 2024.

<Development background>

With the evolution of automated driving technology, the expansion of digitalization, and the proliferation of Internet connected cars, the risk of cyber attacks on automobiles is increasing.

As cyber attacks have become more sophisticated in recent years, the number of reported vulnerabilities in vehicle software has been on the rise, particularly for open source software (OSS). Furthermore, the number will surely continue to grow alongside the evolution of software-defined vehicles (SDVs), in which vehicles are enhanced with software.

Under these circumstances, there is an urgent need in the automotive industry to create systems that can monitor and protect against cyber attacks on vehicles. Both during the design and development phases and after vehicles have shipped, it is vital to continuously monitor for new vulnerabilities in the wide array of software installed in each vehicle and take measures according to the security risks of identified vulnerabilities.

However, if all vulnerability information is analyzed exhaustively and countermeasures are taken without considering the specifics of each security risk, cost issues may arise when work scope becomes too large. The large number of vulnerabilities that occur every day are a mixture of high and low security risks. Since vehicles consist of many Electronic Control Units (ECUs), each equipped with its own software, a vulnerability in software poses different security risks to each vehicle depending on the ECU on which it is installed, so the number of analyses to be performed can be estimated by multiplying the number of software components, vulnerabilities, and ECUs. With the evolution of SDVs, functions that link multiple ECUs are on the rise, and we expect it to become even more difficult to accurately grasp the security risks that a single vulnerability poses to the entire vehicle.

It is thus essential to properly identify and respond to vulnerabilities that pose high security risks to automobiles, not just at the level of individual ECUs but also at the overall vehicle level, from the vast amount of vulnerability information available, in order to maintain a high level of security.

<VERZEUSE™ for SIRT features>

1. Vulnerability analysis based on vehicle-level risk estimation

image: Vulnerability analysis based on security risk analysis at the vehicle level

VERZEUSE™ for SIRT uses the results of the vehicle security threat analysis during design, a list of software installed in each ECU called the Software Bill of Materials (SBOM), the connection information between each ECU, and our proprietary analysis algorithm to calculate the possible cyber security attack routes and impacts. Security risks are analyzed for the entire vehicle, not just the ECUs.

2. Threat information collected by the Panasonic Group from various industries

Working together with Panasonic Holdings Corporation, we will improve the accuracy of security risk assessment by collaborating with Cyber Security Intelligence, which accumulates threat information collected by the Panasonic Group from various industries such as factory automation, home appliances, and IoT devices.

3. ISO/SAE 21434-compliant vulnerability analysis support

Vulnerability analysis in VERZEUSE™ for SIRT is performed in accordance with the ISO/SAE 21434 process and the results are saved. These results can be used as evidence to be submitted for audits.

*1 Panasonic Automotive Systems Exhibit at the 30th ITS World Congress 2024 Dubai
https://news.panasonic.com/global/press/en240909-2

About VERZEUSE™

Panasonic Automotive Systems Co., Ltd. markets VERZEUSE™ cybersecurity technology and services globally.*2 Engineers at Panasonic Automotive Systems who worked together in the development of security technologies in various Panasonic Group products, including TVs, recorders, mobile phones, smartphones, payment terminals, and semiconductors, have turned their expertise toward developing cyber security technologies since 2014, drawing on their individual strengths to apply these technologies to automotive products. We will ensure the safety and security of automated driving functions and network services to benefit society with technologies underpinned by a wealth of knowledge and experience. VERZEUSE™ introduction website https://automotive.panasonic.com/en/technology/cyber-security

*2 VERZEUSE™ was coined by combining the Spanish word “ver” meaning “look” and the god Zeus. The name is meant to inspire the feeling of a protective god of the sky watching over the safety of society.

About Panasonic Automotive Systems Co., Ltd.

Panasonic Automotive Systems Co., Ltd. was launched on April 1, 2022, as a business company responsible for the automotive business in line with the start of the Panasonic Group’s business company system. We are a global company with operations in 22 countries and regions, approximately 30,000 employees, and sales of approximately 1,491.9 billion yen (fiscal 2023 results). As a Tier 1 company, we contribute to the creation of comfortable, safe, and secure automobiles by providing advanced technologies unique to Panasonic, such as infotainment systems, to automakers in Japan and overseas. Our corporate vision is to be the World’s No.1 Joy in Motion Design Company, and we are committed to meeting and surpassing the expectations of our customers around the world with technology that stands by people.

▼Panasonic Automotive Systems Co., Ltd. website
https://automotive.panasonic.com/en/

The content in this website is accurate at the time of publication but may be subject to change without notice.
Please note therefore that these documents may not always contain the most up-to-date information.
Please note that German, French and Chinese versions are machine translations, so the quality and accuracy may vary.

Issued:
Panasonic Automotive Systems Co., Ltd.

Downloads (Images)

Featured news