As we move to the increasing use of autonomous vehicles (Amazon just announced a 1K autonomous truck deal with NVIDIA) and robots, the concerns surrounding malware are only increasing. In order to mitigate the related problem and assure the integrity of the code going into the creation of these autonomous machines, a tool was needed to validate the complex code, often coming from various sources, that create the machine’s control structure. To address that need, BlackBerry has Jarvis, a software composition analysis tool that lets companies detect and list software elements assuring the variety of the components and the legal rights to use them. In addition, it looks explicitly for cybersecurity vulnerabilities and exposures.
The Unmentioned Threat
We’ll get to malware in a moment, but the often-unmentioned threat as we move to our autonomous future is assuring ownership of the code being used to create one of these very complex offerings. If ownership rights aren’t clear, code that belongs to someone else can compromise the entire project opening the sales entity up to expensive litigation, fines, and unplanned royalty payments that could eliminate a reasonable profit for the eventual solution.
There is a massive amount of protected intellectual property in this emerging segment, and patent trolls have likely been buying up much of the related IP over time. These patent troll-owned properties are on top of the existing automotive companies, cars, and parts, which also own a massive portfolio of patents and copyrights in the segment.
While Jarvis 2.0 could likely be used to identify where another vendor compromised a company’s intellectual property by using it to scan that vendor’s offering, its primary use is to identify this exposure internally. This practice is so the firm can either remove the conflicting code or contact the IP owner and begin a discussion on licensing to see if that path would be more economically beneficial.
Having to yank a critical software component and replace it quickly can often open the entire platform to a cyber threat, not to mention making it far less reliable, which could make the result dangerous. So doing this right and early could significantly impact the quality and viability of the resulting offering.
When we talk about large robotic objects that can move autonomously, we have to discuss the damage that could be caused should a hostile entity compromise them on manufacturing lines machines like this will and operate near relatively squishy humans and each other. A takeover by a hostile entity could cause significant injury if not death in compromised factories. A rogue autonomous vehicle could not only do substantial harm but could scare buyers away from autonomous technology altogether.
Buyers are already very nervous and have not bought into the autonomous car concept, let alone the switch to electricity over gas. Large, powerful governments and petrochemical entities would like the automotive electrification mandates to fail and are motivated to compromise electric cars at scale to make them appear unacceptably dangerous.
The car’s autonomous and battery management areas are the most likely to be targeted to create the impression that these cars are relatively and unacceptably unsafe against ICE (Internal Combustion Engine) cars.
This motivation makes the use of something like Jarvis 2.0 in creating the software that could be compromised in these vehicles so that the likely effort to harm them is mitigated before that harm emerges, doing damage to the effort.
Autonomous robots, particularly cars, have a high potential exposure for IP theft and cyber vulnerabilities. The IP threat could catastrophically damage the viability of the manufacturing company building the product by destroying its profit potential. If executed sharply, the Cyber Threat could destroy the market potential for the related solutions before they can hit critical mass.
Thus a tool like Javis 2.0 is critical to any entity playing in the autonomous space to both assure that entity’s revenue and profit and to protect it against a catastrophic attack that could destroy the financial viability of the emerging autonomous automobiles and robots.