Had the engine control units in Volkswagen road cars been subject to the same level of scrutiny as those in Formula One racing cars, it’s likely that the German automaker would not have been able to introduce illicit softwar that fooled emissions tests and led this year to the biggest fraud in automobile manufacturing history. Electronic security and policing of software systems is a major area of industry growth and concern. And as it is in other areas, Formula One is being used as a testing ground for future electronic security developments.
The current Formula One engine control unit, or E.C.U., is a hotbed of technological development for the car manufacturing industry. Formula One teams use the system to police software and racing devices in the cars and to control their engines and electronics systems.
The E.C.U. is produced by McLaren Applied Technologies, a company that is part of the group that owns the McLaren Formula One team. It was introduced as a standard piece of equipment in 2008 for all Formula One cars, primarily to reduce costs and to police against the use of illegal driver aids.
The unit has since evolved into a system that the International Automobile Federation, or F.I.A., the sport’s governing body, uses to place strict controls on all areas of software involved in the cars. The unit has also become a resource that teams use to develop and install their own software and electronic systems, as did Volkswagen in its road cars.
“There is a lot of security behind all of that,” said Tim Strafford, commercial director of McLaren Applied Technologies, “because the F.I.A. have to satisfy themselves that when the teams are running with some of their own software in there that they can’t circumnavigate what is in the box and use some of these driver aids.”
“Even though the teams are writing some of the software in here in their own apps,” he added, “they are not able to have full authority over what is going on in there.” The series is also a testing ground for the companies that supply processors and E.C.U.s to the automotive market for general road car needs and security. Of particular interest is how to provide protection from potential hackers in the connected car of the future, in the so-called Internet of Things.
The company that provides the silicon processors for the unit is Freescale, a Texas-based company that is one of the world’s largest manufacturers of chips for road cars. Freescale is involved in Formula One precisely because of the sport’s stringent, competitive and challenging environment. For example, Freescale has transferred to road cars chips the security features that McLaren Applied Technologies began using a decade ago in Formula One.
The Formula One system, unlike the one in the Volkswagen emissions scandal, is highly policed and considered almost foolproof in terms of security. It is believed to be impossible for a team to hack the F.I.A.’s control of the E.C.U., and team engineers have no access to the unit of a competing team, despite it being essentially the same box. That is because every team is provided with exclusive software that works with its own unit exclusively. It is also impossible for the team to install its own “illegal” software.
“If they do that, it automatically gets trapped,” said Pete Highton, the principal staff engineer for global sales and marketing at Freescale.
Freescale has mostly been using advances in Formula One — where innovations may be made within a few weeks instead of the five years it usually takes for developments in the automotive industry — to create systems that it intends for use against hackers on road cars. The development of the connected car and in-car entertainment systems has required a rethinking of how to make cars secure.
“We have seen recently that cars have been hacked — I’m thinking of the Jeep recently — and the way in for those guys was through the infotainment system,” Highton said, “which hadn’t been secured in the same way as what a lot of the auto guys refer to as mission-critical.”
“What you really don’t want to happen is for somebody to play around with the way the engine is running,” he added. “So that becomes a self-contained, lock-down system. And there are only probably a few people in the world that have the backdoor key that allows you to actually go in and do an update, which is what the dealers do.”
In the past, the cable attached to the car at the garage to update a computer system would have been the only vulnerable moment. But today, updating via wireless systems such as 3G or 4G can make the car vulnerable.
“Cars will have I.P. addresses,” Highton said. “And so we have to build in the same protection that you have on a computer, into the car. Because as you are driving around in it is just as critical, if not more so.” It is partly for that reason that one of the world’s leading Internet security software companies, Kaspersky Lab, is also involved in Formula One, as both a technical partner and a sponsor of the Ferrari team.
Kaspersky, like Freescale, hopes to take advantage of the particularly challenging environment of the series.
“The next step in I.T. security I think is protecting their physical structure, power plants, power grid, transportation, including the cars,” said Eugene Kaspersky, the company’s founder. “Because cars are also computers.”
“Technically it is possible to manage the car, to do anything you want,” he said. “So I think the next step in I.T. security is protecting the physical environment, but in a different way.” His company also provides antivirus software to Ferrari’s production line, partly in order to strengthen an aspect of its business to which it hopes to attract more clients.
“We are very successful in the consumer segment, the small and medium businesses, a little bit less in the enterprise, and almost zero in industrial,” Kaspersky said, “And right now every industrial contract makes our products better,” he added, “because we are learning what this particular customer wants from us.”