Will PLM and ALM prevent a car from being hacked?

Will PLM and ALM prevent a car from being hacked?

wired-jeep-hack-plm-alm-integration

Integration of hardware and software is a topic in mind of many manufacturing companies these days. PLM was traditionally focused on mechanical and lately on electronic topics cannot ignore more software. Software developers are using a different set of tools for configuration management. For long time ALM (Application Lifecycle Management) tools took a separate stand from PLM tools. All these things in the past. Software vendors and manufacturing companies cannot ignore complexity of modern product literally powered by software in every part. I’ve been blogging about it long time ago – PLM and ALM: How to blend disparate systems and lately – How to combine engineering and software BOMs.

In one of my last posts – The importance of software BOM for hardware security, I pointed out how important to get an access to right information about software and electronic running in your products. For many manufacturing companies the information about mechanical, electronic and software components is siloed in different data management systems.The importance of new tools capable to manage multidisciplinary product information is raising. Software BOM security is just one example of the trend. The demand to provide systems able to handle all aspect of product BOM is increasing.

The article in WIRED magazine few days ago brings an interesting perspective on the importance of software security in automotive products. Navigate to the following article – Hackers remotely killed a Jeep on the highway – with me in it. The story is fascinating and gives a lot of “food to think about”. Here is my favorite passage:

All of this is possible only because Chrysler, like practically all carmakers, is doing its best to turn the modern automobile into a smartphone. Uconnect, an Internet-connected computer feature in hundreds of thousands of Fiat Chrysler cars, SUVs, and trucks, controls the vehicle’s entertainment and navigation, enables phone calls, and even offers a Wi-Fi hot spot. And thanks to one vulnerable element, which Miller and Valasek won’t identify until their Black Hat talk, Uconnect’s cellular connection also lets anyone who knows the car’s IP address gain access from anywhere in the country. “From an attacker’s perspective, it’s a super nice vulnerability,” Miller says.

From that entry point, Miller and Valasek’s attack pivots to an adjacent chip in the car’s head unit—the hardware for its entertainment system—silently rewriting the chip’s firmware to plant their code. That rewritten firmware is capable of sending commands through the car’s internal computer network, known as a CAN bus, to its physical components like the engine and wheels. Miller and Valasek say the attack on the entertainment system seems to work on any Chrysler vehicle with Uconnect from late 2013, all of 2014, and early 2015. They’ve only tested their full set of physical hacks, including ones targeting transmission and braking systems, on a Jeep Cherokee, though they believe that most of their attacks could be tweaked to work on any Chrysler vehicle with the vulnerable Uconnect head unit.

While story is still under development, it is already raised many questions. Some of them led to discussion about standards for cars’ defense against hackers. I’m expecting an increased demand for software capable to manage traceability and tests of mechanical, electronic and software systems together to insure car is not vulnerable to potential hacks.

Manufacturing business technology article echoed the same topic –Software Integration With Hardware Crucial For Manufacturing. It confirms that hardware – software integration is complex and very few companies are doing it in a right way. It gives interesting recommendations how to improve that – common data model, integrated requirement and change management tools and a framework independent from software tools. A common data model is my favorite. Here is a quote:

A common data model. Unified ALM-PLM defines a common data model and change management processes for managing an entire system, both hardware and software data, without duplicating data management or business processes across those systems. The two primary integration points are, first, tying back the requirements to the software and hardware bill of materials and, second, linking defects back to change requests and change orders so PLM can reflect them.

While all recommendations make sense to me, I have a concern about their implementations in real life. How feasible to create a common data model using existing PLM and ALM software tools? A dream data and lifecycle management system should be flexible enough to handle all system definitions from mechanical, electronic and software as well as system behavior related to that.

What is my conclusion? The complexity of modern products is creating demand for new capabilities to support by PLM and ALM software. While integration is usually hardest part of PLM implementation, not all PLM system are flexible enough to maintain demanded “common data model” to handle all bill of materials and related information. Just my thoughts…

Best, Oleg

picture credit WIRED article

Share

Share This Post

  • David Ewing Jr.

    I generally agree with your points relative to the importance of PLM-ALM integration. However the ability to hack into a vehicle is a design flaw – NOT a flaw of the PLM system.
    PLM and ALM are simply tools to make design easier by automating tasks/workflows, etc. The product team still needs to document Requirements, define Functional and Logical structures and finally the Product structure. Each step along the way needs to be developing solutions to meet the product Requirements – one of which needs to be security.

    I would not blame Visual Studio or Eclipse for the data breach at Target. The problem was the solution that was developed did not have or meet security requirements. VS or Eclipse cant fix bad design…no more than PLM, ALM, or CAD can.

    David Ewing Jr.
    Product Manager
    Aras Corp.

  • beyondplm

    David,thanks for comments and sharing your insight! I think, you nailed the problem down – PLM / ALM tools perceived as “documentation” tools at the best. In order to prevent security hacks, improve design quality and optimize product cost and manufacturability, we need a new type of engineering tools. These tools must have a capability to support engineers with decisions and not just “document” what engineer does. Just one example – simulation tools embedded into CAD tools can significantly improve design. Without that, in many cases, engineers will just assume a solution that seems right to them based on their previous practices, which can be sub optimal. What if another simulation tool will allow to check product design for potential security hacks? Impossible? Maybe today…. Just my opinion.

  • Pingback: Beyond PLM (Product Lifecycle Management) Blog » How to simulate a potential hardware hack?()

  • Pingback: How PLM can simulate a potential hardware hack | Daily PLM Think Tank Blog()