Cybersecurity Smarts are an Integral Part of Project Arrow - The First All-Canadian Electric Vehicle

Computer mouse pointing to the word Security on a computer screen

Author:  Bill Klages, Vice President, QA Consultants
 

It is no secret to this audience that Canada is a global leader in emerging technologies such as autonomous vehicles and robots, artificial intelligence software, and Industry 4.0 or the digital revolution. So, you won’t be surprised to learn that Canada is now motoring towards producing an all-Canadian made electric automobile.  

The initiative called “Project Arrow” is organized and managed by Canada’s Automotive Parts Manufacturers Association (“APMA”).  According to Flavio Volpe, APMA’s president, this effort is “the biggest industrial collaboration project in Canadian automotive history” … likening the program to “Canada’s moonshot”.  

This article focuses on the vehicle’s cybersecurity aspects and challenges and the work that QA Consultants and its Canadian cybersecurity partners have invested in building an operational framework including an analyses of threats and mitigation strategies in conjunction with Project Arrow.
 
What is Project Arrow?
It is not just any vehicle… it is Canada’s first zero emissions concept electric vehicle and it was formally unveiled earlier this year at the Consumer Electronics show (“CES”) in Las Vegas.  

Organized by APMA, the initiative produces a fully electric, Level 3 autonomous (handles all aspects of driving, with human override), fully operational vehicle incorporating over 25 all new technologies.  The program is a collaboration of 50 different Canadian suppliers, insurance companies and various government and research/innovation institutes.  

The vehicle is built to model year 2025 motor vehicle safety specifications.  Although it is a seemingly crowded market led by Tesla, Ford, and General Motors, Project Arrow’s vehicle is differentiated by being completely designed, sourced, and produced in Canada.  

QA Consultants is proud to play a role as emphasized by Peter Watkins, Chief Operating Officer of QA Consultants… “We are delighted to be involved in Project Arrow which showcased the incredible capabilities of the Canadian automobile parts industry.” For more detailed information on Project Arrow, please visit https://projectarrow.ca/

Joining the Project Arrow Team
MAPLE® Business Council member and North America’s premier software quality engineering firm, QA Consultants, was awarded the role of onboarding and integration of the cybersecurity solutions for the Project Arrow concept vehicle.   

Toronto-based QA Consultants has a legacy in automotive systems and software quality engineering innovation including several patented test automation accelerators and its vehicle cybersecurity thought leadership.  

Colin Dhillon, Chief Technical Officer at the APMA summarizes why QA Consultants was asked to participate… “We have chosen to work with QA Consultants for many reasons.  They are cybersecurity software testing experts and have demonstrated their leadership with important roles as chair of the APMA cybersecurity V2X Task Force as well as a cybersecurity committee member.”  QA Consultants also hosts the Software Test Bay at Ontario Tech University’s Automotive Centre of Excellence, one of North America’s most advanced climatic wind tunnels.
 
Cybersecurity Considerations in Today’s Connected Vehicle
As I dug into the Project Arrow cybersecurity initiative, I became fascinated by the digitally driven concept of Vehicle-to-Everything or “V2X”.

V2X generally represents all the possible digital connections between hundreds of system components in a vehicle, but more importantly, to external data, signals, other vehicles (V2V), roadside infrastructure (V2I), and  pedestrians (V2P).  In the end, it’s all about securing the connectivity in order to protect human lives, property, and data privacy.  

Types of vulnerabilities range from simple communications disruptions and interruption of needed software updates, to more severe attacks including hijacking vehicles by taking over systems and destroying or stealing data.  

Experts interviewed for this article, described a case they referred to as “vehicle as a caregiver”, which as a boomer, struck me as an amazing consideration and concern for cybersecurity vulnerabilities over the next few decades. Vehicle systems might include telematics capabilities to share or receive data from personal wearables devices that help protect an individual’s health needs or communicate a sudden health incident that prevents the person from operating the vehicle or prompting for emergency response.  

Wow! How is all this connectivity going to be secured? 

How do you achieve ‘360-degree protection’ of all this connectivity over the operating life of a vehicle?  

That’s why the work of the Project Arrow cybersecurity committee plays such an important role in building security frameworks and identifying mitigation strategies.  Strategies that include encryption protections between communications systems and the cloud, security screening or audits of all onboard third-party software, data anomaly protections and self-healing mechanisms, and the use of AI to monitor, detect and respond to cyber threats.  

And finally, the committee has incorporated global security standards including European and ISO standards to ensure that it’s frameworks and recommendations aspire to the most strict safety and security standards.
 
Summary of Project Arrow Cybersecurity Accomplishments
QA Consultants led the Project Arrow cybersecurity providers, setting the foundations for a comprehensive model or framework.  According to Dr. Ahasanun Nessa, Senior Applied Scientist, QA Consultants, “we have developed a vehicle architecture from the perspective of security, and we explain how a complete shield must be created to protect the vehicle and its ecosystem.”

Dr. Nessa summarizes the cybersecurity scientific and technological advancements of the Project Arrow cybersecurity committee as follows: 

  • Developed a cybersecurity framework for integrating isolated security solutions. This framework presents how a full shield could be built to protect both the vehicle and its ecosystem. 

  • The proposed framework has been approved by APMA and many of Canada's well-known security companies. 

  • This approval confirms the framework can be implemented by any OEM building an autonomous vehicle to meet their security goal.

  • This is the first attempt to coordinate vehicle security solutions offered by renowned Canadian security providers.

  • A global market focus was also considered in the development of this framework. It has a greater chance of being accepted worldwide because it incorporated the requirements of WP29 regulations (worldwide regulatory forum).

  • This framework can be used as a model for designing an automotive testing framework.

QA consultants is extremely proud of its participation in Project Arrow and supporting the APMA in this historic all-Canadian program!

For more information on QA Consultants’ (an Alten Group Company) services, please visit their website: https://qaconsultants.com/

Bill Klages, Vice President, QA Consultants