This week, BlackBerry announced Jarvis, targeting the growing security problems of connected and autonomous cars. For any comic book fan, Jarvis is Tony Stark’s (Iron Man) autonomous robotic assistant for his home, armor and the Avengers’ Mansion. Yep, I’m a closet comic book fan. The use of Jarvis is on point because Jarvis is what largely has Stark’s back; BlackBerry’s Jarvis is designed to have the back of car manufacturers. It is a security software development tool designed to drill into the complexity of a connected or autonomous car and identify security exposures and regulation violations before the software is ever installed in a car. Jaguar/Land Rover, was part of the announcement, indicated that it took their team 30 days to do what this program could do in seven minutes.
Let’s talk about the problem BlackBerry is attempting to resolve. The importance, given that Intel just had another security exposure identified in its processors, is obviously critical.
Cars Are a Bit of a Mess
Car companies have a history of lagging technology a lot. For instance, a typical sound system in a car line can remain unchanged for up to a decade, while the technology it must connect to, smartphones and tablets, tends to get updated every six months. In addition, the control systems in cars are largely regulated by many countries, are sourced from a variety of vendors, and then the result is a rather nasty mess of incompatible networks (both wired and wireless), a variety of ages of technology ranging from decades old to somewhat current, and a nightmare of software. And this is in the cars shipping today. With the move to connected cars and particularly autonomous cars, this will get much worse.
KISS: What Most Car Companies and Regulators Don’t Seem to Get
At the heart of this problem is something very similar to what caused the recent Intel security mess: a lack of focus on keeping things simple. IT has gone through this cycle itself more times than I’m willing to count. Basically, it comes down to layering technology into a solution that was never designed to work together, from unrelated shops and companies, exacerbated by a lack of time and funding to go back on a regular basis and rethink the solution and optimize it.
Car company software would give typical IT managers heart attacks. There are multiple levels of suppliers, little in the way of standards, many suppliers don’t share source code, and the approximate 100M lines of code in each car are unique.
This is one of the reasons Tesla was able to move on the traditional car companies so well, even though the firm’s leadership, initially, seemed to know little about the car market. The company started from a clean slate. Tesla cars are far simpler, far more modular, and far easier to update. Granted, they have proven far harder (and more expensive) to fix in an accident, more in line with an exotic than a typical sedan or SUV. This is because, while they are way ahead on the application of technology, they remain behind in terms of how to design and build inexpensively.
Regulations also tend to be layered, with each new requirement added to those that came before. This makes keeping up with the regulations, let alone complying with them, problematic. This is something that will get vastly worse once cars move from just being able to call home, to what effectively are wheeled, fully automated, horizontal elevators.
Jarvis is a cloud-based binary code scanning utility designed to specifically weed out software vulnerabilities and regulatory non-compliance. It is designed to address the massive complexity of software both in, and intended to be put in, the cars of today and tomorrow. The solution pulls heavily form BlackBerry’s unique understanding of the car industry. Its QNX platform has been the closest thing to a car operating system for years and BlackBerry’s connection to it allows the company a deep understanding of the problems the car companies have been dealing with. Its historic focus on security gives it unique insight into the problems it will be dealing with.
What makes this unusual is that it doesn’t need source code to do the scan which, given the concerns surrounding sharing source code, is critical. It works with existing development tools through their APIs, and BlackBerry has created relatively easy-to-use dashboards and related analytics so that the scans are as comprehensive as possible. Both Ford and Jaguar/Land Rover indicated they found this tool invaluable.
Wrapping Up: Critical Point for Autonomous Cars
We are reaching a critical stage for autonomous cars. They are going into broad trials and will soon start appearing in production. Should one or a group of these cars get hacked or fail catastrophically, causing death, it could set the related efforts back years and the related liability could cripple the affected car companies. Having a tool that better assures that this autonomous car apocalypse doesn’t happen will be critical to the success of the effort, making BlackBerry Jarvis the one tool a car company literally may not be able to live without.
Rob Enderle is President and Principal Analyst of the Enderle Group, a forward-looking emerging technology advisory firm. With over 30 years’ experience in emerging technologies, he has provided regional and global companies with guidance in how to better target customer needs; create new business opportunities; anticipate technology changes; select vendors and products; and present their products in the best possible light. Rob covers the technology industry broadly. Before founding the Enderle Group, Rob was the Senior Research Fellow for Forrester Research and the Giga Information Group, and held senior positions at IBM and ROLM. Follow Rob on Twitter @enderle, on Facebook and on Google+