With the evolution of digital technologies, a variety of products have become connected to the internet, and it is an important concern for all companies to ensure information security. We interviewed President Yukinori Hashimoto and Vice President Yuichiro Matsuura of NDIAS, a joint venture of the global automotive components manufacturer DENSO, and NRI Secure, which specializes in information security. We asked them about the information security measures that are currently undertaken in the mobility society and the vision of the new company.
Need for information security measures is recognized, but the progress is slow
―― Digital transformation and data utilization are often discussed, but are corporate information security measures being considered at the same time?
Hashimoto: In industries where information systems are used, information security has always been said to be important. However, the priorities were stable system construction and operation, and information security measures were only secondary to these. Many industries have a similar impression about information security measures, which is that when problems such as information leakage occur, new laws and regulations are enacted and countermeasures are taken as necessary. In the automotive industry, the hacking of an automobile system in the U.S. in 2015 seems to have prompted interest in information security.
Matsuura: Automobile security has traditionally focused on ensuring safety in case of accidents and countermeasures for vehicle theft. However, with the development of advanced systems such as car navigation and automated driving, as well as changes in service delivery methods such as providing vehicle software updates through the internet, it is necessary to protect vehicles against external attacks from remote locations.
Security measures to be taken throughout the vehicle lifecycle
―― Are there any challenges specific to automobiles in introducing information security measures?
Matsuura: For example, in the financial industry, high-performance servers and high-speed networks can be arranged and robust information security measures implemented, but in the case of automobiles, most of the functions are required to be accommodated within the space of a single vehicle. This is because information security functions and driving control must function together while the car is running at high speed. In addition, once a vehicle is sold, it is not easy to replace its hardware. Therefore, it is necessary to ensure safety and quality throughout the vehicle's lifecycle before it is sold. The reason we established NDIAS was that we felt the need to share our security expertise with the automotive industry.
Hashimoto: DENSO and NRI Secure have been establishing a relationship of mutual trust and confidence since 2015 through initiatives such as personnel exchanges. The automotive industry is famous for its strict quality standards, but NRI Secure has long experience in dealing with the stringent demands from the financial industry. The good compatibility of the two companies in terms of their cultures and values helped in the establishment of NDIAS.
―― What services does NDIAS provide?
Hashimoto: Currently, we provide vulnerability assessment services for the overall security of automotive electronic units such as car navigation systems. We also provide evaluation services to verify the effectiveness of development and design of security measures from a third-party perspective. Implementing information security measures from the planning and design stage is called "Security by Design." However, in the case of automobiles, where it is difficult to implement information security measures after they are sold, it is important to remain particularly conscious about it from the development stage itself.
Matsuura: People who work in automobile development have little experience in information security and are not aware of the important measures. Since we at NDIAS possess knowledge in both the information security and automotive domains, we can identify and respond to the problems faced by workplace staff. Our strength lies in the ability to provide appropriate information security services based on a comprehensive understanding of the lifecycle of automobiles, unique industrial structures, and supply chains.
Information security will enhance the future quality of automobiles
―― What is your outlook for NDIAS?
Hashimoto: There are very few information security personnel to begin with, but among these, those with expertise in the automotive industry are even more scarce. Therefore, first of all, we would like to focus on human resource development. We aim to become a group possessing the world's best automotive security technology, where each and every engineer takes pride in supporting the mobility society.
―― Finally, how should companies regard information security measures?
Hashimoto: Recently, the risk of information security incidents causing major damage has greatly increased. Therefore, in addition to preparing for such negative aspects and insuring against them, investment in information security should be seen as an activity that delivers a “positive value" to consumers in terms of safety and security.
Matsuura: Information security is part of quality. The development of the Japanese economy has been supported by the quality of manufacturing. Going forward, the quality of information is also required to improve. Information security is a tool for companies to sustain their brand and to continue competing globally, and we would like to support them with it.
Nomura Research Institute, Ltd.
Corporate Communications Department