How does one become a Connectivity Manager? Can you describe your background for us?
“I graduated in electrical engineering in 1996: my desire was to enter a company in that world, for example Enel. The concept of connectivity, at that time, was still a bit far away. My first job in a mechatronics company was in line with my studies, and then I joined FCA, at the time FIAT auto, as a developer of mechanical and mechatronic components. In FIAT I had the opportunity to broaden my experience by becoming purchasing manager for a segment of Alfa Romeo vehicles, and then dealing with the dealer quality network. I was on the verge of becoming head of the infotainment team for the entire FIAT Group, but I didn’t make it in time because in the meantime there was the need to manage the new synergies with the newly acquired Chrysler. The Marchionne era had begun, and the first joint technical project that the CEO asked for concerned the creation of the first info-telematics platform, with responsibility equally divided between me and my correspondent in the United States. “
And here infotainment played an important role….
“Absolutely, and starting with the name: in fact, “Uconnect” was born, from which the group’s entire connectivity business originated, until in 2017 it became FCA’s first connectivity platform organized globally and no longer in individual regions. I was responsible globally for the on-board vehicle side.
Then came the real reorganization of FCA’s engineering that gave birth to the Global Organization and I took on the role of global manager for all engineering related to “e-components”, those components that are not seen but represent the heart of the electrical architecture, such as Body Computers, vehicle access systems.
In January 2021, with the entry of Stellantis, my role becomes even more global, and I become responsible for teams of 300 people around the world. A fantastic experience but with time, also due to the restrictions due to Covid, I felt the need to learn, and do, something new and different.”
And we get to the meeting with DriveSec.
“I had known Giuseppe Faranda, CEO and Founder of the company for a very long time, he was a supplier to FCA and for years we worked together. I knew that DriveSec had signed an agreement with LIFTT, the project stimulated me and I found it very important. I was struck by the idea that the company was pursuing, which was to create a remote system from a cyber perspective, and I immediately found it very useful, also aware of the problems that we had and that exploded with Covid. In fact, I often asked my bosses to stop thinking that they could work as before because since 2020 nothing is the same as before. What you could do in 24 hours in the pre-Covid era is no longer feasible. For example, an update of a control unit or a testing process that could have been done by sending a person to the United States could no longer be done, because access to the country was closed and it was necessary to send the machine with extended time and costs”.
What stands out to you about the project?
“As I mentioned, the project is very innovative and is in progress because it allows you to think about other evolutions to make it grow further. DriveSec has a very strong idea, we are using PoCs to gather feedback and methods to use. To date we have a working tool that is being optimized and used as a remote penetration test but the interesting thing now is to think about what other possible uses, with an “out of the box” approach. Moreover, the team is young and this is a stimulus on one side, and on the other side it allows me to help their growth path through my experience”. To date we have a working tool that is being optimized and used as a remote penetration test but the interesting thing now is to think about what other possible uses, with an “out of the box” approach.
Which sectors do you taget?
“The Automotive industry is the primary reference, but not the only one. Automotive, where the issue of connectivity has reached the point of developing self-driving cars and where the potential danger of a hacker attack on driving systems has been demonstrated, has been the first industry to give itself a stringent regulation in the field of cyber security. As of next June, certificates based on the UN155 standard will be required to type-approve a car (so-called newtype or new vehicle). In addition, in 2 years everything that will be produced will have to comply with these regulations at least in Europe, and this has led to a radical rethink of the concept of penetration testing.
During my career I have been involved in developing wireless components such as infotelematic systems or body computers with vehicle access systems, and this new regulation has certainly brought even more focus on the resistance to cyber attacks of such components. In order to optimize costs and quality of test results, tests were planned with final hardware and software releases of a certain level of maturity, with the aim of validating the implemented solutions from a cyber point of view, but with the risk that in case of problems, the time available to carry out updates and changes in view of the resolution to produce would be very compressed.
Today the new UN155 norm has determined a change of paradigm, imposing that the results of these tests are made available in the phase of homologation of the model. Therefore, considering that this phase takes place 3 -4 months before the start of production, the impact on the development phase of the components both in terms of HW and SW is very high and requires a different approach, with a strong integration between engineering and cyber test, and with a heavy economic impact / time (test samples, availability of test benches, for example). These are times that, on a development of a vehicle of 18 months, are devastating and that mean starting a long time before, re-engineering or thinking from the beginning of the process in a different way.
For me, who has been working in this field for years, this is a very substantial change. The type of platform developed by DriveSec was born exactly to handle this need and allows testing to be done in the development phase, brutally anticipating the entire validation and certification phase of the software itself, reducing costs and time.”
Cyber security, however, is not just about Automotive.
It’s about the Iot in general: all components that may have connectivity, a wireless system that may be a WIFI or Bluetooth can be attacked and it is good to take great caution in their use. I for example, in my small way, do not have Alexa! To give an idea of the pervasiveness of this problem, I remember that one of the first cyber-attacks in the automotive world that there were was done to tire pressure sensors. Hackers would hook into the RF sensors in the tires and based on the turns you made, the change in pressure, and a map they knew where your car was going and could track you. It’s a vast, and disturbing, topic that needs a lot of attention.”
