A modern car has over 100 million lines of software.
As the software in a car grows so does the attack surface, which makes it more vulnerable to cyberattacks.
Each poorly constructed piece of software represents a potential vulnerability that can be exploited by attackers.
In his keynote address at the North American International Automotive Show (NAIAS), BlackBerry Executive Chairman and CEO, John Chen, unveiled BlackBerry Jarvis, a transformational software cybersecurity product.
BlackBerry, an ‘ASTORS’ Homeland Security Award Winner, is initially marketing this solution to automakers, whose complex software supply chains create compelling and urgent use cases that Jarvis can help solve today.
BlackBerry also noted that Jarvis is applicable to other industry segments, citing healthcare, industrial automation, aerospace, and defense as examples of other fields with immediate need for this product.
Built on the company’s decades of cybersecurity expertise and proprietary technology, Jarvis is a one-of-its-kind cloud-based static binary code scanning solution that identifies vulnerabilities in software used in automobiles.
(BlackBerry Jarvis is a transformational cybersecurity software product built on the company’s decades of cybersecurity expertise and proprietary technology. Courtesy of Blackberry and YouTube)
Jarvis scans and delivers deep actionable insights in minutes, what would otherwise involve manually scanning that will take large numbers of experts and an impractical amount of time.
“Connected and autonomous vehicles require some of the most complex software ever developed, creating a significant challenge for automakers who must ensure the code complies with industry and manufacturer-specific standards while simultaneously battle-hardening a very large and tempting attack surface for cybercriminals,” explained Mr. Chen.
(BlackBerry Executive Chairman & CEO John Chen introduced Jarvis, the solution to secure data in the connected and self-driving cars, at the North American International Automotive Show (NAIAS). Courtesy of ExpovistaTV and YouTube. Posted on Jan 15, 2018)
Exacerbating the challenge for OEMs is the fact that vehicles use hundreds of software components, many of which are written by an expansive network of third party suppliers spread across several tiers.
This distributed supply chain offers many advantages while also increasing opportunities for human error that can slow down production cycles and impact overall quality.
“Jarvis is a game-changer for OEMs because for the first time they have a complete, consistent, and near real-time view into the security posture of a vehicle’s entire code base along with the insights and deep learning needed to predict and fix vulnerabilities, ensure compliance, and remain a step ahead of bad actors,” concluded Chen.
(Learn More. Courtesy of Blackberry and YouTube. Posted on Jan 22, 2018)
How Jarvis Works
Offered on a pay-as-you-go usage basis, Jarvis is customized for the unique needs of each OEM and their entire software supply chain.
Once initiated, automakers will have online access to Jarvis and can scan any number of binary files at every stage of software development.
This includes the capability to evaluate new software under consideration as well as the ability to assess existing software already in production.
Once scanned, development teams have immediate access to the results via user-friendly dashboards with specific cautions and advisories.
In addition to cost and time savings, BlackBerry Jarvis helps ensure that production software adheres to industry standards such as MISRA and CERT, and enables OEMs to define custom rules to meet organization-specific objectives.
Current Obstacles to Securing the Automative Software Supply Chain
Supply Chain Complexity
- Automotive software is built by multiple tiers of suppliers with no established standards among them.
Source Code Access
- Not all suppliers in the supply chain provide software in source code.
Manual Inspection is Costly
- It would take thousands of engineers and years of work to manually inspect 100 million lines of code, built iteratively, for each car model.
Blackberry Jarvis is Powerful
- A customizable tool that delivers precise actionable insights
- Inspects binary files for known security vulnerabilities and facilitates compliance with standards
- Allows continuous enhancement of functionality through the addition and customization of “executors”
- Helps companies achieve OEM-defined assurance standards across the software supply chain, regardless of supplier or stage in the development process
Easy to Use
- No source code needed
- Easy integration with existing development tools via APIs
- User-friendly dashboards, with powerful drill-down analytics
Scalable and Cost-Effective
- Secure your software supply chain at a fraction of the cost of manual inspection
- Pay as you go
- This transformational tool will aid OEMs with software assurance assessment by delivering deep insights into the quality and security of software components
Jarvis: Proven and Tested
BlackBerry has already begun trialing Jarvis with some of the world’s largest automakers.
“Jaguar Land Rover and BlackBerry share a common objective in bringing the most intelligent vehicles to reality,” said Dr. Ralf Speth, CEO, Jaguar Land Rover.
“BlackBerry Jarvis addresses the software cybersecurity needs of the automotive industry.”
“In our independent study, Jarvis delivered excellent efficiencies in time-to-market, significantly reducing the time to security assess code from thirty days to seven minutes.”
“The productivity delivered by Jarvis combined with BlackBerry’s trusted security heritage can transform vehicle safety.”
Providing the Secure Foundation for Connected and Autonomous Vehicles
As a leader in safety-certified, secure, and reliable software for the automobile industry, BlackBerry currently provides OEMs around the world with state-of-the-art cybersecurity technology to mitigate the risk of cyberattacks targeting a vehicle’s software.
BlackBerry’s pedigree in security and continued innovation has led to recent automotive design wins with Baidu, Delphi, Denso, NVIDIA, Qualcomm, Visteon, and others.
To Learn More about BlackBerry Jarvis can be found at BlackBerry.com/Jarvis.
AST focuses on Homeland Security and Public Safety Breaking News, the Newest Initiatives and Hottest Technologies in Physical & IT Security, essential to meeting today’s growing security challenges.
Nominations are now being accepted for the 2018 ‘ASTORS’ Homeland Security Awards at https://americansecuritytoday.com/ast-awards/.
American Security Today will be holding the 2018 ‘ASTORS’ Awards Presentation Luncheon to honor Nominees, Finalists and Winner in November 2018, in New York City.
For ‘ASTORS’ Sponsorship Opportunities and More Information on the AST 2018 ‘ASTORS’ Homeland Security Awards Program, please contact Michael Madsen, AST Publisher at: mmadsen@americansecuritytoday.com or call 732.233.8119 (mobile) or 646-450-6027 (office).
