Where else would you find leaders in the crucial and growing market of cybersecurity in transportation and connected cars? Israel’s human capital, specifically in cybersecurity, is near the top. The experiences from the military intelligence and tech units are preparing leaders to address, innovate and find solutions for the evolving, new threats in an ever-changing arena. We found an example of this at Upstream Security, an automotive cybersecurity company founded in 2017 and already providing a solution for all existing and new vehicles.
Written by Nachshon Ben
Behold Israel met with Oded Yarkoni from Upstream at the company’s headquarters in Herzliya. It’s hard to imagine that a company not even three years old has already expanded to the Silicon Valley, Germany and even has representation in Japan. But this is a theme in Israeli tech: young, vibrant and tackling several global needs. The company developed a solution for cybersecurity needs in connected and autonomous vehicles and has done so proactively as this is a new and distinct field, one that is and will continue to affect us all. Yarkoni, and a few others at Upstream, served in the Israel Defense Forces (IDF) Unit 8200, the IDF’s elite intelligence unit. Following his military service, he worked at Check Point before joining Upstream, where he has held a few roles. “We are in the middle of a big change in the automotive industry that will change everything in terms of technology, business models and commerce,” Yarkoni explained. The major changes are the automotive industry becoming more electrified, autonomous and the enabler for everything: connectivity. And these changes are not in the near future. They are already here and within 5-10 years from now, all new cars will be autonomous, connected and electrified.
These changes are swiftly changing the industry. Just take a look at technology companies making cars, like Google and Apple. “The business model has changed to make revenue from services, not selling cars. Revenue from directly selling cars will change in the coming years,” Yarkoni explained. “With autonomous cars, consumers won’t buy cars anymore and instead will subscribe to a car service. Cars will come with an app and everything will be done remotely.” He gave an example of Amazon’s new business with car manufacturers to provide in-car-delivery. “Once you used to order things to your house, now you can order to your car. A delivery man can unlock the trunk, they take a photo and you get a notification on your phone.” This is a new revenue stream for car manufacturers.
This leads to car security, specifically, cybersecurity, as cars will be connected. Autonomous vehicles will include new security and convenience technologies, but what about existing cars? Of the 300 million connected cars on the roads today, Upstream is the only company offering them a solution to cybersecurity threats. “Two years from now, all cars will be connected. Cars today are like computers on wheels. They have anywhere between 70-100 computers inside each vehicle, with millions of lines of code. You have more code in your car than your computer.” Data is all Upstream needs, as they have cracked an innovative means of servicing all vehicles. “What happens with computers that are connected to the internet? They become exposed to cyber threats.” This provides predictive maintenance because a car is connected, the manufacturer receives updates on the state of the car and can tell you problems that could arise.
He gave an example of the car door locks that are connected to the car’s computers (ECUs), which are connected to the car’s networks (CAN bus), which is connected to the internet (via another computer- TCU/Gateway). The need is clear as “today, there is hardly any cybersecurity in vehicles,” Yarkoni explained. He spoke of the magnitude of the issues. For instance, Yarkoni researched and found over 250 reported and automotive related cybersecurity incidents. And the difference in risk is most significant. Attacks on an enterprise would result in loss of data, revenue and damage to the company’s reputation, while cybersecurity incidences on cars could mean losing someone’s life. For instance, the majority of cyber breaches involved controlling the vehicle. Yarkoni explained, “The most sensitive computers in cars control the wheels, via lanes and camera. If the computer can control the wheel, anyone who can hack this computer can hack the wheel.” This could go for the gas, brakes- you name it. One of the more advanced hacks currently are remote keyless entry hacks on vehicles that have no key to open car or start the engine. Hackers have now come up with what is referred to as “relay attacks”, where a receiver and amplifier get a signal that transfer to the other hacker near the vehicle. This opens the vehicle and can be stolen in less than a minute.
But the greatest fear is that of hacking cars remotely. There was a recent incident in Chicago where hackers broke into a mobile app and stole 100 Mercedes cars. But how is this happening and why? Yarkoni explained that “Security for automotive industries is much more challenging than for security for IT or PC’s. For example, antivirus is one of the challenges. You can’t just download antivirus software to cars. There are risks involved so manufacturers won’t allow you to do this. It needs to be tested, verified as every new software needs to be tested. This is a process that could take several years and is relevant for new vehicles, not existing ones.” He emphasized, “With cars, safety and security are one and the same.” This is what Upstream is solving. They are the first and only automotive cybersecurity company capable of securing vehicles existing on the roads today. They are an agentless solution and it is something they can do rather easily.
How does it work? Big data analytics. They only thing they need is data from car manufacturers and fleet managers that are already collecting data. They take a replica of the data, analyze it and use their algorithm to offer solutions and protection for vehicles. “The special thing about our solution is that we can gather any type of data from this ecosystem. It’s not only data from cars, but from servers.” He explained how cars send telematic data to backend servers, like on gas, brakes, and sensors. “Upstream’s solution gathers data from the car, servers, mobile apps, and any other services.
They then normalize the data. “Data from cars are proprietary. Each car manufacturer has its own language. Upstream is specializing in this as we can decipher all types of data.” 
They do all of this in a transparent process for all types of cars and transportation. Upstream is doing this while protecting customers’ privacy using a mechanism that strips personal identifying information (PII). Once they have retrieved and normalized the data, they then have a process of profiling, a means to learn automatically using machine learning and big data. An example of this is how the sequence of information from a mobile app to the car is shared. This allows them to proactively detect issues before they arise. “It’s early detection of anomalies and cyber threats,” Yarkoni boasted. “Cybersecurity engines that search for breaches and instances, including the context of the vehicles (is it running, is it hired, etc). Understanding the context allows them to understand the whole picture.”
Upstream provides customers the option to create manual policies, as geography and laws play a huge role in what companies are permitted, can and cannot do. They bypass this, by allowing the user to be in control, essentially. The solution is not inline and focuses on early detection and works with customers using Upstream’s product within their Security Operation Centers (SOC). The Upstream product sends alerts on suspicious activities and provides the SOC analytics investigation tools for triage. The solution allows customers to be informed of risks so they can take action.
Upstream is working with car manufacturers, car sharing platforms, fleets, MSSP’s (companies providing cybersecurity services for other companies such as vehicle SOC, telematic service providers much more. Their long term vision is to be part of smart cities and all methods of transportation, like trains, scooters, traffic lights, drones- anything connected and related to transportation.
Photos: Courtesy of Upstream, 2019.
