Published on February 9th, 2019 | by Nicolas Zart0
Abe Chen, Byton VP Of Security, On The Importance Of Security In Early Design Stages — #CleanTechnica Interview
February 9th, 2019 by Nicolas Zart
Security seems to be a vague concept for most. With the constant flow of security breaches taking their toll on businesses, carmakers have no choice but to toughen up their security by reaching out to security firms. Modern mobility startups make it a priority by hiring security experts, hackers, and coders. Both approaches have their pros and cons.
For part of our ongoing Byton interview series, I met with Abe Chen, Vice President of Digital Technology, who showed me how the mobility startup places security at the beginning of the design process and not as an after-thought.
Taking Byton Security Into Consideration From Day One
To say that Byton is serious about security is an understatement. The company hired a former Defcon Car Hacking Village winner. Abe was able to remove himself from a car trunk, hands tied behind his back, in under two minutes.
I asked Abe what attracted him to a startup and why he joined Byton? He told me that it was a way to continue working in the security industry in Silicon Valley and get into the automotive world. I also asked him about the challenges, both good and bad, of working in a startup.
One core challenge is inventing mobility security. There is no guidebook and everything has to be written from scratch. It can be disorganized at times, but it is also a lot of fun.
One thing I appreciate a lot about any startup serious about security is its use of open source. I asked Abe was Byton was doing with open source and security. He told me Byton builds its security connectivity products from the ground up. One of the great things about startups is that you can have R&D and engineering work closely together in a creative way. This way, you can make sure everything is integrated from the beginning. Traditional carmakers usually let the product marketing team come up with concepts, which they hand off to engineering. But when security finally gets involved, by that time it’s too late to make any major changes. Oftentimes, the product gets shipped off knowingly requiring future updates and upgrades. Abe said he didn’t want to be part of that and wanted their mobility platform to be built with security at its core.
Open source has a huge advantage for startups. Obviously, Abe personally embraces it. The source code is out there and reviewed by millions. A problem is quickly spotted and resolved. In many ways, open source speeds up development. Abe told me Byton is looking into opening some of its closed-source modules back to the community. Some of the hardware specs will be open source, especially vehicle-to-vehicle (V2V) and the broader V2X technologies developed in-house.
Byton invests a lot of energy into vehicle connectivity. Over-the-air (OTA) updates are great but can be costly to users. Byton is looking into how its vehicles could update one another. For example, if you park underground, you might not get an OTA update. With a WiFi network more readily available, one Byton vehicle could update another on the road.
I asked why not more automotive companies embrace open source. Abe feels the biggest problem is their lack of understanding of the licensing process. Open source is about taking and giving back. That can be daunting for many focused on bottom line return on investment (ROI). Mostly, certain carmakers feel more comfortable with an off-the-shelf product with a straightforward support system. Unfortunately, that is an expensive solution for the consumer. To do a good job, a mobility company needs to dedicate an entire team to open source.
How Open Source Can Make Mobility More Efficient & Lower Costs
Asked about Byton’s security philosophy, Abe feels most in the automotive industry rely on IT scripting and applies it to the auto industry. From his personal experience, it can’t always work well. It has to be part of a core, in-house automotive security foundation that is developed from a mobility standpoint. He used the analogy of how it’s one thing to hack into a phone or computer and lose data. It’s another thing when it comes to a car and human lives are at stake. Automotive security has to be part of the original design and not an afterthought. There is no such thing as 100% security, but you can put into place compensating technologies as well as redundant systems to come as close as possible to that.
Byton said we’d be able to use our Byton profile or not — it’ up to us. Also, data created in the vehicle will stay in the region of that vehicle. For instance, if you live in North America, your profile stays there. Same thing in Europe and Asia. Your profile and data stay in your country’s data centers.
Where Byton feels it can differentiate itself from other mobility enablers is by asking in plain simple terms about its security features. For example, there will be a popup asking in plain words if you would like to share certain information with Byton for a specific reason. It will be made clear. Any recommendations made, whether food, entertainment, or calendaring is based on whatever information is shared.
This is how Byton sees its artificial intelligence (AI) working. The more customers let Byton know, the more the recommendations become relevant. Of course, you can opt out of that service and nothing relevant will be suggested. It’s your choice.
Abe told me we will be able to try it out, and if you don’t like, the information can be forgotten. But he did stress that Byton has no control over what third-party services we might use can do. As far as Byton is concerned, though, what’s important is we’ll have control over our security profile.
If It’s Too Good To Be True, Beware!
I asked Abe about any general security recommendations he might have and he told me, if it’s too good to be true, it’s probably not. That is the human factor, the biggest security threat. If you have a strange feeling, think twice and don’t act rashly. If someone is claiming to be the IRS and threatens to throw you in jail, it very most likely will not happen. The IRS does not warn you beforehand. The same can be said about banks.
P.S. This was not a sponsored post and I am not paid by Byton to cover any of those topics.