The Auto Industry’s ‘Safety At Any Cost’ Changes Daily, Especially For Cybersecurity
September 29, 2020
In April of 2014, Mary Barra announced at a Senate hearing investigating the General Motors GM ignition switch recall, “…with any safety defect, there is no calculation of the cost.” Essentially, she was stating to the world that the ‘New GM’ cared more about lives than profits and that “safety at all costs” was the priority. This is a much more comforting story than that told by Edward Norton’s character in the 1999 film “Fight Club”. “Should we initiate a recall? … take the number of vehicles in the field: ‘A’. Multiple it by the probable rate of failure: ‘B’. Then multiple the result by the average out-of-court settlement: ‘C’. A times B times C equals ‘X’. If X is less than the cost of a recall, we don’t do one.”
Both Barra’s and Norton’s stories are fiction. Reality lies somewhere in-between.
In truth, the safety-cost equation is much more complicated, and the calculations behind these seemingly rare recalls has already been changing. Since 1998, the average number of recalls per year has grown by 150% with the average number of vehicles affected per recall increasing approximately 300%. In fact, in 2018 there was a record number of light-vehicle safety recalls (341) and more than 1 in 5 cars in the United States had an open recall. Increasing recalls have eroded margins in the industry in a way that likely was not predictable when any current vehicle’s business case was established.
To make it more complicated, the cost trend may either increase or decrease in the years to come due to three separate variables mostly centered around cybersecurity. Each of these might contribute to the company’s margins or degrade them: certification costs, oversight costs, and reflash resolution.
For the first time, The United Nations ECE (UNECE) World Forum for Harmonization of Vehicle Regulations (WP.29) will essentially force vehicle manufacturers to obtain certification by demonstrating proof of meeting the requirements for a cybersecurity management system (CSMS) and a software update management system (SUMS). Without said evidence, they do not gain “type approval” from national approval authorities and, therein, can be restricted from selling vehicles on multiple continents. Huge money. Therefore, fulfilling cybersecurity requirements is a critical factor towards approval, sales and distributed costs.
Scenarios That Will Degrade Margins: Depending upon the internal strategy, there are multiple paths towards failure here. Even prior to this mandate, hiring a cybersecurity professional was the atop the most difficult positions to fill for both I.T. and embedded development, so building-up an organization overnight might not be simply expensive and late, but possibly impossible. If late, that puts certification in jeopardy, which would sacrifice billions in revenue and decrease amortization of fixed across against a worldwide fleet. Disaster.
Scenarios That Will Improve Margins: History has shown that cybersecurity attacks will occur across the end-to-end system with a 99% increase in 2019 and a 94% increase year-over-year. Knowing that the average cost to a standard company per attack is $1.1M — with automotive likely a couple orders of magnitude higher — and an estimated $600B annually, being the target can be expensive. However, the manufacturers and suppliers with certified designs and processes are likely to create just enough resistance that hackers attack the competition, thereby increasing their costs and decreasing their brand. It’s a dog-eat-dog world. Sorry if that wasn’t clear so far.
For forty-three (43) straight years, the Ford F-series has been the best-selling pick-up truck with 1.24M trucks sold worldwide in 2019. Therein, costs per truck should be lower since fixed costs can be spread across a larger fleet, however sometimes the Costs of Goods Solds (COGS) can explode with many configurations to manage. In just 2016 alone, the F-Series had nearly one billion buildable combinations, which means the nearly 821,000 trucks sold that year could have all been unique. Now imagine the buildable combinations across the likely 15-20M F-series still in service. Now imagine overseeing the ongoing cybersecurity of that complexity with all of Ford/Lincoln vehicles, new threats every day, multiple suppliers and sub-suppliers per part per vehicle per year, etc. The enormity both COGS and risks become unfathomable. Yes, there are 100x more cell phones on the market, but they do not inherently have that buildable convolution.
Scenarios That Will Degrade Margins: Certainly having poor discipline on Configuration Management, Cybersecurity Threat Analyses and Risk Assessments (TARAs) and/or buildable combinations shall increase downstream costs, but possibly the largest degradation of margins would be poor Incident Response capability. As stated by Theresa Payton, a former White House CIO and cybersecurity expert, “In the event of a breach, companies that aren’t prepared for an attack and don’t have a well-defined incident response plan and/or budget may end up far outspending those who do.” If a Denial of Service (DoS) attack hit Manufacturer ABC and they were unable to swiftly fix the breach (e.g. was Telsa’s server issue last week a DoS attack that left many owners unable to unlock cars?), imagine how many truck buyers would switch to XYZ, how much damage control would be required and how much ABC’s brand would suffer. There aren’t enough Supplier-Indemnification Clauses or Liability-Insurance Policies out there to clean-up that mess.
Scenarios That Will Improve Margins: The better strategies will have some mix of detection and protection built into the long-term plan with budgeting oversight costs upfront, thereby decreasing clean-up costs downstream. Unfortunately, prices cannot go up for “bulletproof cybersecurity” vehicles since that’s almost a written challenge to hackers, but having a long-term strategy on costs will help to minimize them. Additionally, pundits of Big Data will tell you that the volumes of information that are gathered from fleet monitoring can turn into warranty savings, targeted sales and a host of profitable analytics.
Early in the development of OnStar, General Motors began reaping the benefits of Over-The-Air (OTA) software changes within the OnStar module itself, which allowed for not only fixes to be inserted but, at times, new features to be realized. For instance, in 2011 OnStar used OTA updates to enable the first-ever phone app that allowed remote [Un]lock or Start by downloading software to already-manufactured vehicles. Conversely in 2016, it overwrote code to thwart within 43 days of origination the man-in-the-middle attack nicknamed “OwnStar” that involved a concealed electronic device near the GM vehicle and eventually the ability to replay substitute codes and unlock/start the car. With the exception of newer manufacturers like Tesla, most legacy systems have not had cross-vehicle reflash available since the networks and gateways have not been capable, but most will be online with that capability in the coming year.
Scenarios That Will Degrade Margins: As realized by FCA, software updates have not historically been successful and may induce further costs if not well managed. Additionally, rewrite capability is a wonderful enabler for hackers and could further compound clean-up or brand costs if not well managed.
Scenarios That Will Improve Margins: In 2015, FCA also realized a recall for a cybersecurity breach on vehicles without remote-reflash capability. The total bill was likely above $150M to fix given the costs of each jump drive that was snail-mailed to the 1.4M vehicle owners plus the resulting dealership costs for all of the owners who unaware of their vehicle’s USB drive. OTA updates avoid these costs and quietly update the vehicle while parked overnight.