From Steel to Software

The pictures are courtesy of CYMOTIVE, ltd.
The pictures are courtesy of CYMOTIVE, ltd.

Cars are already communicating with the cloud – so what about cyber security?

מרץ 2020

Vehicles are becoming smarter, with high connectivity capabilities – but the higher the level of connectivity, the greater the risk of a remote attack on vehicles. One of the pioneers in the field of cyber security for smart vehicles is the Israeli company CYMOTIVE, established in cooperation with the global Volkswagen Group.

Today's vehicles, and certainly those that are destined to hit the road in the future, rely more and more on technology that requires internet connection. In fact, the car of the future will be "a server farm on wheels", says Nadav Hos, Automotive Cloud team lead at CYMOTIVE.

According to him, the increasing connectivity to the internet exposes vehicles to new risks. "Just as computers and servers that are connected to the internet are exposed to attacks by malicious actors, so too are the vehicles that are now being driven and will be driven in the future. But if in the IT world the danger is information theft or shutting down the organization’s activity – with vehicles, the danger is completely different. We have not yet fully reached autonomous driving, but when this stage is reached – then sending remote commands to vehicles will have implications on human lives.”

While the automotive industry is going towards an era of smart mobility, auto makers are also changing – from manufacturers that focus on steel, screws and wheels, to software companies that provide services – which the drivers and passengers will consume through the vehicle.

"These companies no longer only provide the “physical” vehicle, but they also provide the experience while driving it,” Hos.

Nadav Hos, Automotive Cloud team lead at CYMOTIVE.

How does CYMOTIVE fit into this revolution?

"As a strategic partner of the Volkswagen Group, we are involved in almost everything related to cyber-security issues that are beginning to arise from this new world, where cars constantly communicate with servers in the cloud and, therefore, are exposed to attacks. We define ourselves as a ‘purple’ company. We have a ‘red’ side, the offensive side, which identifies current and future threats, and we also have a ‘blue’ side, the defensive side, which examines how one can protect the systems from these threats, when there is a close cooperation between both sides.

"CYMOTIVE is a global company, with about 120 employees most of them in Tel Aviv, but we have sites and activities around the world: we have a sister company in Germany, an activity inside a Swedish software company owned by Volkswagen, we’re working with an Italian luxury brand and there’s also a big project in the U.S. that is in its early stages. This means that on a regular day, many of the company’s employees are on business travels to any of these destinations.

"In the U.S., we have taken a large role in the partnership that Volkswagen has established with Microsoft, in order to lead the security of the cloud platform for Volkswagen's future vehicles. " This partnership created a new software organization under the Volkswagen company, which will be located near the Microsoft offices in Redmond. We are expected to integrate into many aspects of the work in it and to guide the teams on how to develop software according to the security needs, from the requirements stage, through architecture, design and development – to the tests and monitoring".

Which activity is your team responsible for?

"We take Volkswagen’s requirements for various functionalities in the vehicle – and examine how they can best be implemented in terms of cyber security. For example, if Volkswagen wants to allow a car owner to unlock his car’s doors using a mobile application, it requires involving a cloud service. The request is sent from the phone to the cloud, undergoes processing and is then sent back to the vehicle with the command to unlock the doors. My team does risk assessment and architecture review for Volkswagen’s requirements architecture.

"The team now has five people, but in the coming year it is expected to double or even triple in size. We constantly deal with new areas that have not been touched yet. After all, the field of ‘connected vehicles’ is a relatively new technological area, so we deal with a lot of research on future technologies, and we find ourselves more than once being the first to explore a new technology in the automotive world.”

What is the background of the team members?

"The team comes from diverse backgrounds. We have people who come from enterprise companies, startups, and the military and security services. Others come from private companies or even from similar industries, such as the aviation industry. Almost everyone in the team has a different specialization – such as cryptography, cloud technologies, or embedded systems. I myself, before getting into the cyber security, was a developer, and because of this background it is important for me to lead the team also in the direction of secure development.

"We see ourselves as a kind of a commando unit – each one brings his own expertise, and together we form a whole that is greater than the sum of its parts. Each contributes their insights and understandings from their different worlds, and together we tackle cyber security issues”.

What does the daily routine of a CYMOTIVE employee look like?

"In the company, as part of our training, we learn how the vehicle is built, the different computing units within it and how they communicate with each other – and outside of the vehicle, to the cloud servers.

We work very close with the customer, by phone conversations and emails on a daily basis and are in contact with senior stakeholders from Volkswagen. As mentioned before, there is also a lot of face-to-face interaction involved – and about once every month to a month and a half we are in Germany, Sweden or Italy, wherever necessary”.

What kind of people are you looking for?

"We are looking for highly talented people in their field with technical skills and of a high caliber, with a passion for cyber-security. While we are looking for highly experienced people, we are also open to recruit ‘juniors’, as long as they have strong technical skills and are eager to enter into a new and evolving field, with much to do and learn.

We are in an accelerated growth phase, and we are expanding, with an emphasis on the activity in the United States. It's a project that's going to be very interesting, since we're entering new areas of everything related to the cloud. The automotive industry as we know it has its own pace, but now that the auto companies are becoming software companies, and cyber security considerations guide the development at every stage, the pace is rapidly increasing, with Agile development and short iterations that enable us to adapt solutions to requirements quickly”.  

Looking for highly talented people in their field with a passion for security. CYMOTIVE company offices.The pictures are courtesy of CYMOTIVE, ltd.

Please Meet: Cymotive

CYMOTIVE was founded 3.5 years ago, by three alumni of the Israel Security Agency (Shin Bet): Yuval Diskin, who was the former head of the Shin Bet, including Tamir Bechor and Tzafrir Katz, who were in senior technological positions and served as Shin Bet division chiefs. The company operates in a strategic partnership with the Volkswagen Group, which holds a 40% minority stake in CYMOTIVE, and works with some of the group’s leading brands – including Volkswagen, Audi and Porsche.

Interested in working at CYMOTIVE? Please send an email to

The pictures are courtesy of CYMOTIVE, ltd.

יש לכם רעיון למגזין משלכם? צרו קשר