Upstream & Capgemini Discuss Approaches to Monitoring the Connected Vehicle


In this “Tech Talk” video series, Upstream Security hosts diverse partners who are all top industry leaders and experts to have a casual fireside chat about various hot-topics within the automotive ecosystem.

In this session with Capgemini, Upstream’s Fay Goldstein sat down with Didier Appell, Capgemini’s OT/IoT cybersecurity leader, to discuss the multiple approaches to monitoring the connected vehicle based on an OEM’s business need.


– Well, Hi Didier and welcome to Upstream’s tech talk series. I’m Fay from Upstream, and we unlock the value of mobility data through a purpose-built cloud-based cybersecurity and data analytics platform and I’ll be the host of this Upstream tech talk. I’ll quickly hand it over to you to introduce yourself.

– Yeah, so I’m Didier Appell, based in France and working in Capgemini for 20 years now and now I’m leading the cyber security for industrial system and a connected object for the group. And so we are focusing on how protecting and securing critical infrastructure and connected vehicle, aircraft, train and all of that.

– You said you’ve been in it for 20 years and back, you know, I’d say back then cybersecurity used to be a set of products that you could buy. How over time has that changed and, you know, today, especially as it relates to connected mobility, and even now the cybersecurity regulations that are being adopted within all industries.

– Yeah. As you said, 20 years ago, we are not speaking too much about cybersecurity for those products like your connected car, but yes, it becomes more and more needs because to sell more services and to have a better smart car, if I can say we introduced connectivity and then we introduced for cyber security. So the protection of a car, if you want to protect your car, you really need to have a, really understand, good understanding, sorry, of the the level of cyber security you want. And then you have to, to have a kind of global program with the business and with the technology. It’s not only about technology. You need to have a risk analysis to really know what you want to protect, regarding your risk you are accepting or not. And what we saw also, because it is critical, we have safety issue. There is more and more regulation like the VP 29 in the automotive that is coming. And even if you accept a risk and you don’t want to secure this regulation will oblige you to do it.

– Now, you know, both because of the regulations and again, this increase in the need for cybersecurity, with connected cars because of the connectivity, there’s been an increase of OEMs focusing on building enhanced SOC, SOC teams, or even V SOC’s. What do you think OEMs, when they are building those vehicle security operation centers, or just security operation centers, what do you think they need to keep in mind when approaching the process to monitor or secure the connected vehicles? What are your biggest things that you say, okay, you gotta focus on this.

– Yeah, first you are right. Protecting your car, it’s not only doing, putting protection inside the car. After you have to monitor, in terms of when you have an attack and you have to react, to detect and react, and here we see two way of doing it. Approaching, if I can say. One way, if the security monitoring is lead by the CISO let’s say, so the IT guys, he may want to have a leveraged SOC, with the IT circle, the enterprise, the factory SOC’s, and the vehicle SOC, because it’s a way of reducing cost, if I can say, because we are leverage everything. But on the other way, you can say, you can say I’d like to have a dedicated SOC for my vehicle because there is safety issues. And I should be able to have the business view to be able to do the right remediation action. And sometime you can go a bit further and say, why not having the vehicle SOC inside the global, let’s say, vehicle operations centers that you combine, because at the end, the guy that will decide what to do on the car, if it’s a cyber attack, or if it’s a failure, or if it’s something else, he will take a remediation action regarding the safety.

– So, you know, you had mentioned that it could even potentially be part of a global vehicle operation center taking even security out of it, and you also mentioned remediation with IT. You know, there’s many different ways of remediation, but when it comes to connected vehicles, you know, there’s real human lives in there. There are lives in balance. And obviously in some broader, broader industrial spaces, they have this in this case as well. But what would be a difference in approach when it comes to the connected vehicles that is specifically impacted by the fact that there are real lives at stake when it comes to the security and the cybersecurity?

– Yeah, you’re right. The main point is that there is life behind that. And when you have to remediate, so you have to decide for an action on the car, this decision, it’s not an IT decision. Because, okay, you have a software attack, but after you know there is a problem in the car, the deciding what to do with the car. It’s more someone that know the behavior of the car. That know if we can brake immediately and stop the car. If you stop the car on the middle of the highway, you can take a high risk. It’s really here that doing the detection, it can be leveraged with IT because it’s kind of IT work, but doing the remediation, so the react remediation, for me the key point is to have in the loop, someone understanding the car behavior, the context of the car, like my example, the middle of the highway, or just going at very slow speeds. So you have to know all of that. And if I can compare, for example, with train and aircraft. For a train, a train that is safe is a train that is not, that is stopped. So you can stop the train immediately. And as you are on the highways, there is no risk when you stop the train. But for an aircraft, for example, you cannot stop an aircraft when it’s flying. You cannot just say stop that. So you see, it depends the, the usage, if I can say, on the behavior of the connected vehicle, train, car. So really we have, it’s key to have someone knowing the behavior of the car to take this action of remediation.

– And it’s interesting because this even gets more intense, I would say, when it comes to autonomous vehicles. You know, so we have even the shift to that. We have connected vehicles and it becomes even more important to understand the context of the vehicle and the context of the behavior of the vehicle when it comes even to autonomous. I’m not going to jump into that right now because that’s an entire new discussion, but it’s interesting to think about that. And I just wanted to jump in.

– Yeah, the context Sorry. The context is very important because, okay, you can put a lot of technology, cybersecurity technology in the car, collecting logs, collecting a lot of events from the cars that will tell you there is something, a behavior, but you have to know the context what the car is doing. For example, if you have an alert saying you, someone is opening the car, but if it’s in the night, maybe you say someone is trying to steal the car. But if it’s during the days, maybe you will say that someone, that’s the driver. You see, so that’s why it’s important to have solution that correlate those information coming from the car, with all the information from context. Can say offline, that we know that the car is in the parking or the car is going to somewhere, the driver is inside, or the driver is not inside. That will help to detect if the event that you received earlier is a normal or abnormal behavior.

– Yeah. And that, you know, that’s something that we at Upstream really focus on, is this contextual understanding and visibility over the data. And we do that through digital twins, not only the vehicle itself, but also of the entire surrounding area with those vehicles. You know, again, with the drivers, with the usage, with all of the data that is possible, we are able to understand that context. Can you elaborate a little bit more on that concept of contextualizing data and then highlight a little bit about you you know, at Capgemini, that you do also find this really the importance in this contextualization and we at Upstream, how do we work together on that?

– Yeah. So in Capgemini we decided to to use this solution of Upstream because it’s not only detecting what is coming from the car. So it’s providing a lot of information on the data. And usually for those type of monitoring, we have a classic circle. IT team that is doing the but we try to have a dedicated team. So connected vehicle team, like, so people that has the engineering knowledge, that has the knowledge of the car, and that can understand what is happening in the car first. What we can do in terms of remediation that it’s a car, it’s not a computer, so what we can do. And also that can be able to analyze all the data provided by Upstream in terms of all this context. But you need people business oriented that can understand those data. Upstream is very powerful in trying to sort the data, to present you the data in a way that it is easily understandable, understandable, sorry, and business oriented. But on top of that, the guy should be also business oriented and that’s very key for us. So we pushed this solution because it’s, let’s say, all inclusive, if I can say. That means you have the data offline, you have the detection, so it’s easy to roll out. And it’s important as an integrator for Capgemini, to have a solution that is easy to install, easy to configure, that can learn the system, and detect what we can call abnormal behavior.

– Beautiful. And I think, you know, we’re running out of time here. So is there anything that, you know, we didn’t get a chance to discuss that you think is important and you wanna add to the conversation.

– Yeah, but we say, when you are in this, let’s say OT world, so managing vehicle, cars, train or critical infrastructure, don’t try to do it like IT. The two things that are important that you should have in mind, is that you need to have and correlate with the data that are more offline, so the context. You need to take into account the context, and the second point is for the remediation you need to have in the loop of the decision maker. At the end it’s an operational guy. A guy that is knowing the behavior of the connected car that you are sure to respect all the safety issue.

– Beautiful. Well, thank you very much for joining me here today. I enjoyed this conversation and I think that we’ve touched on a lot of hot and important topics that will definitely be showing up more and more often within the space that we’re both working in. So again, thank you so much for joining me today.


– Thank you too.

Newsletter Icon

to our newsletter

Sign up to receive updates delivered to your inbox

The high-impact automotive cyber security trends and incidents of H1-2022

This webinar will discuss three emerging cyber threats and their potential impact on end users, OEMs, and the entire smart mobility ecosystem.

More Details

H1’2022 Automotive Cyber Trend Report

This report offers extensive coverage and analysis of automotive-specific cyber incidents across all attack vectors and their impact on the wide ecosystem.

More Details

EV 充電所 拡大に向けて: EV充電所インフラ安全確保への課題

Delivering driver confidence with robust charging networks has created new opportunities for hackers to penetrate OEM and Tier-1 networks by tampering with charging station data.

More Details

The Leading Managed Vehicle SOC: Actively Protecting Millions of Vehicles for OEMs Worldwide

Protect automotive cybersecurity with an automotive-specific Vehicle Security Operations Center (VSOCs) to address the complexity of cyberattacks targeting OT networks, such as connected vehicles and&

More Details

Beyond Cyber: Upstream Puts Data in Motion

Automotive data in the cloud breaks silos, allowing teams to analyze information in the pursuit of identifying exciting new revenue opportunities.

More Details

2022 グローバルモビリティ サイバーセキュリティ報告書

2022 グローバルモビリティ サイバーセキュリティ報告書2022年版のサイバーセキュリティ報告書では過去10年に実際に 起こったサイバー攻撃の脅威を

More Details