(This post, “John Wall: The Importance of Safety within Software-Defined Vehicles,” is a Nicole Lumley interview featuring BlackBerry Senior Vice President and Head of BlackBerry QNX, John Wall, originally published in the May 4, 2023 edition of MOVEmnt. Excerpted with permission – access the interview video and related content here).
For over the past 35 years, BlackBerry’s QNX software has become a big part of everyday life. People encounter BlackBerry QNX-controlled systems whenever they drive a car, watch TV, or use the Internet. The ultra-reliable nature of the software makes it the preferred choice for mission-critical systems such as cars, air traffic control systems, surgical robots, and nuclear power plants.
BlackBerry QNX automotive-grade software platforms are deployed in In-Vehicle Infotainment, Cluster, Telematics, Acoustics, and Advanced Driver Assistance Systems (ADAS). This mission-critical software has ISO 26262 and ASIL-D certifications.
BlackBerry technologies including QNX’s mission-critical software, Certicom’s elliptical curve cryptography and its Over the Air software update solution provides complete life cycle management capability for embedded software deployments. Global leaders like Cisco, Delphi, General Electric, Siemens, and Thales have discovered BlackBerry QNX and Certicom’s security solutions give them the only software platform upon which to build reliable, scalable, secure, and high-performance applications for markets such as automotive, medical, industrial automation, power generation, and data networking.
BlackBerry QNX is a subsidiary of BlackBerry Ltd., a mobile-native company software and services company dedicated to securing the Enterprise of Things. BlackBerry QNX is headquartered in Ottawa, Canada, with its products distributed in over 100 countries worldwide.
MOVE caught up with John Wall, Senior Vice President and Head of BlackBerry QNX. Within this interview, John touches on the importance of cybersecurity within vehicles and how safety within software-defined vehicles is critical as the automotive industry evolves.
Nicole Lumley: Thank you so much for taking the time to join us today. Tell us a little bit about BlackBerry and what you do.
John Wall: Hello, my name is John Wall. I’m responsible for the QNX business unit within BlackBerry. BlackBerry is a very well-known name, largely responsible for driving the smartphone revolution back in the day, however under John Chen’s leadership (our CEO), BlackBerry has pivoted to a software and security company. We are divided into two business units: we have the BlackBerry IoT division and the BlackBerry cybersecurity division.
The cybersecurity division is focused on securing enterprise IT systems. So, think about banks, government, and other highly regulated Industries, while the IoT division is focused on providing safe and secure foundational software, middleware to mission-critical applications such as automotive, industrial automation, medical cooperative robots, and more. We like to think of it as high-complexity applications requiring the highest levels of safety and security.
I come from QNX. I started there in 1993 working in tech support and largely did every development job within the engineering team. We’ve gone through two acquisitions. We were owned by Harman International in 2004; that’s where we really cut our teeth on automotive and then in 2010, we landed at BlackBerry. We were acquired by BlackBerry to be the foundational software of the BB10 phone and the Playbook tablet. At that time, BlackBerry had a sterling reputation for innovation and the highest level of security and privacy, so this was a really good match to the QNX business and our automotive business.
The Importance of Cybersecurity within Vehicles
Nicole: Brilliant, and in a recent article you did for MOVEmnt, which was brilliant by the way, you mentioned the importance of cybersecurity within vehicles. How concerned should EV owners be about this issue, and what can the industry do to “bake cybersecurity in,” as you suggested?
John: As we think about the next generation software-defined vehicles, it’s led by the innovations happening with EVs, but it’s also those same innovations that are happening in the traditional ICE (Internal Combustion Engine) vehicles. Software is becoming a critical component for car makers and for very good reason — when you start to think about a software-defined vehicle you start to think about how the vehicle is going to be defined by software features. This is going to differentiate brands just like styling, horsepower, and handling. However, as the car becomes more software-defined, safety and security in the software process is going to become very critical.
Functional safety within the automotive industry is very well understood. Car makers know how to do safety — they’ve been doing safety forever, whether it’s physical safety with seat belts or safety around accu-lock brakes but the concern is that safety is something that does not contemplate somebody interfering with that safety. We have a saying in the automotive industry and other industries that “There is no safety without security,” and this is especially true when you talk about software. The car companies know there was an epic event in automotive in 2015 referred to as the GPAK and these were white hat hacker-researchers Charlie Miller and Chris Valasek that were able to hack a vehicle remotely through a cellular connection and control some features of the vehicle. This was a real wake-up call to the industry. Security had to be considered in the same vein as safety.
We often talk about safety being a culture, a mindset, very prescriptive engineering processes defined by ISO 26262. Security needs to be thought of exactly the same way — it’s a culture, a mindset, and needs to be part of the entire development life cycle of the software. Fortunately, the industry is rapidly evolving to adopt security processes defined by a new standard called ISO 21434, which specifically addresses the security processes for automotive software. We also have WP-29 UN regulation 155 that addresses cybersecurity and cybersecurity management systems within vehicles.
I think the consumer can rest easily that the automotive industry is taking this very seriously and that it is going to be part of the development of the vehicles and of the software-defined vehicle moving forward. The industry is taking it very seriously and making really good progress.
The Challenges of Safety Within Software-Defined Vehicles
Nicole: Lovely, and you also highlighted the importance of safety within software-defined vehicles, and we’ve heard recently of automakers recalling vehicles over safety issues. What are some of the challenges that the industry faces when trying to maintain, or even improve, functional safety in vehicles that are software-led?
John: I think as vehicles become more connected and automated, the amount of software code in the vehicle is increasing, of that there’s no doubt. The car is going to become more complex with more software. This is especially true as more aspects of the vehicle become software-defined. For me, it’s really not that surprising to see a rise in the volume of software-related recalls. I think the last statistic I saw from the National Highway Traffic Safety Administration (NHTSA) in the U.S. is that software-based recalls have tripled from 2009 to 2019. This has likely been exacerbated over the last four years as the cars have more software.
While functional safety and security are critical to the safe operation of the software-defined vehicle, I think it’s important to note that software quality and robustness are just as critical to create a good experience for the end customer, even if those software components are not safety-impacting. As an example, the infotainment system does not have a safety requirement, however, a poor experience directly leads to dissatisfaction from the customer and can impact sales. Car makers are motivated to create high-quality software both on the functional safety side, and on the security side, but also on the capabilities of the vehicle.
Software is becoming critically important to the car brand. As I mentioned earlier, as important as styling, as important as chassis. Car companies are shifting and actually becoming IT companies and wanting to own a portion of that software, especially the software that they feel is differentiating for their brand. But one of the saving graces for software recalls is cars are becoming ubiquitously connected and we have technology, over-the-air software updates, that are allowing the car makers to push fixes to the cars without the owner actually having to bring the car back to the dealership. I think this is going to be a very important aspect moving forward especially when you consider that the vehicle is an extremely complex endpoint, much more complex than when we think about a smartphone, for instance.
How BlackBerry Helps Customers Tackle Issues of Safety
Nicole: Brilliant, and so, how is BlackBerry helping its customers tackle the issues of safety, and what type of solutions do you offer?
John: BlackBerry, specifically, through the group I head, offers a number of products and services to support the evolution of a software-defined vehicle. At its core, BlackBerry QNX develops what we call foundational software for the car. And not just the car. A lot of the evolution that we’re seeing in the car we’re seeing that in other industries. We’re seeing it in agriculture, trucking, mining, and medical robotics. This is a trend; everything is becoming more software-defined. So what does that mean? We are as a company what I would like to call an ingredient to the whole software stack, a software-defined vehicle in particular. We offer a real-time safety-certified operating system and a real-time safety-certified hypervisor. Hypervisor is technology that allows you to run multiple operating systems on one piece of silicon and we offer a variety of middleware.
We like to refer to ourselves as plumbers, electricians. We are what’s behind the walls; under the floor — you don’t necessarily see us, but we are the foundation that allows our customers to build their applications in a safe and secure manner. Our customers typically license these technologies from us. So, those are the kinds of products we offer in this area, but we also offer services to our customers to help with integration, functional safety, and security.
Security, in particular, is becoming more and more critical to cars as we mentioned earlier, because the cars are ubiquitously connected, software-defined, and automated. This is an area where we start to pull in the entire breadth of the BlackBerry portfolio both from the cyber side and from the IoT side. BlackBerry has decades of software security experience both at the enterprise level and at the device level, so this is a very good match for the entire BlackBerry portfolio.
Nicole: BlackBerry has made some really big strides in the EV world, but what can we expect to see from them in the next 12 to 18 months?
John: I think we have a very exciting lineup of product releases and initiatives. I won’t reveal all the details, but we have our next-generation operating system which will launch toward the end of the calendar year. This technology is designed to maximize and extract the maximum performance of the next-generation multi-core processors. Safety and security are paramount to the software-defined vehicle but so is performance, and what we see in the industry is more cloud-like compute capabilities moving into the edge and in this case, the car, and you need to have a real-time operating system (rtos), and real-time hypervisor that can extract all that performance. Really excited about that technology — we feel it’ll be revolutionary for the industry.
We also have a technology called BlackBerry Ivy®. This is something we are co-developing with AWS. It is a scalable, cloud-connected software platform that will allow automakers to provide a consistent and secure way to read vehicle sensor data, normalize it, and create actionable insights from the data, both locally within the vehicle and in the cloud. IVY™ has been launched and is generally available.
We feel the cloud is becoming especially important to the evolution of the software-defined vehicle. The cloud is how the software-defined vehicle is going to evolve over the next few years. You’re going to see that moving workloads from the cloud to the car or from the car to the cloud will become very important. We have a number of initiatives on the QNX side related to our products that we’re going to cloudify over the next year and a half, so we have our operating system running in the AWS cloud and it’s available to customers through the AWS Marketplace today.
We expect to have our hypervisor technology running in the cloud later this year as well, and then to reduce developer friction, we’re moving our development tools into the cloud to allow easy integration with our customers’ development environment and we believe this is going to be very important as you start to look at distributed development environments, people in different locations in the world, people working remotely to have an easy way to leverage the power of CICD in the cloud. This is the way of the future.
We’re also looking at developing OCI-compliant safe, secure container technology for our QNX operating system. And of course, one of the very important initiatives we have is adopting all of the new cybersecurity processes especially, ISO 21434 which is defining the software process for security which BlackBerry had a hand in developing, so very important as well. We’re looking forward to it!
Nicole: Brilliant. Well, thank you so much for taking the time to talk to us today!
John: Thank you very much, it was my pleasure.
Join BlackBerry for a day of inspiring keynotes, presentations, and discussions at the BlackBerry Summit, Tuesday, October 17, 2023, in New York.
For similar articles and news delivered straight to your inbox, subscribe to the BlackBerry Blog.