Cybellum Receives Frost & Sullivan’s Competitive Strategy Award for its Innovative Product Security Solutions
Cybellum Receives Frost & Sullivan’s Competitive Strategy Award for its Innovative Product Security Solutions

#47: Joachim Fox: Safety, Security and Innovation at ZF

We were joined by the Director of Safety & Cybersecurity at ZF for a fascinating conversation about innovation in automotive cybersecurity, and ZF’s uncompromising approach to both safety and security.

About Joachim Fox

Joachim Fox is the Director of Safety and Cybersecurity at ZF Group, based in Koblenz, Germany. Joachim leads ZF-wide processes and assessments for Functional Safety, SOTIF (Safety of the Intended Functionality), and Cybersecurity of their products. Joachim is an expert in ensuring the secure and reliable performance of ZF’s technology, keeping safety at the forefront of everything they do. Prior to ZF, Joachim was Engineering Manager at TRW – which was acquired by ZF and Manager of Control Engineering at Siemens.

Summary of the Conversation with Joachim Fox

Joachim Fox, the Director of Safety and Security at ZF, joins the show to discuss his extensive experience and current role at ZF Active Safety, based in Koblenz, Germany. Joachim oversees functional safety, SOTIF (Safety of the Intended Functionality), and cybersecurity processes and assessments across ZF’s product portfolio.

Introduction

  • Joachim has a robust background in engineering and management roles in software development for braking and steering systems.
  • He transitioned from TRW, which was acquired by ZF, and has taken on various roles leading to his current position.

Career Journey

  • Early Career: Joachim started as a control engineer in brake-by-wire development at Siemens, then moved to TRW and ZF, working on software development for braking and steering systems.
  • Current Role: Since 2021, he has been in a corporate role overseeing cybersecurity and safety for ZF’s products, focusing on governance and process compliance.

Key Insights and Highlights

  • Importance of Field Experience: Joachim emphasizes the necessity of practical development experience for making informed risk-based decisions in safety and cybersecurity.
  • Governance System: ZF has established a comprehensive governance system with a web platform for continuous monitoring and scoring of projects in terms of safety and cybersecurity compliance.

Challenges and Solutions

  • Cybersecurity vs. Safety:
    • Risk-Based Processes: Both cybersecurity and safety require risk-based approaches, but cybersecurity lacks the mathematical precision of safety risk assessments.
    • Long-Term Support: A significant challenge in deeply embedded systems is ensuring long-term support and timely response to threats, given the extensive validation required for safety-critical systems.
  • Technological Constraints:
    • Embedded systems in the automotive industry face resource constraints, such as memory and CPU load, making the implementation of security measures more challenging.
    • Solutions include cryptographic signing, secure boot, and secure communications, but these must be adapted to the automotive context.

Specific Insights on Automotive Security

  • Friendly Hacks: There are concerns about unauthorized modifications, such as tuning e-bikes to exceed regulated speed limits, which need to be defended against.
  • Autonomous Systems: Autonomous driving and assistance functions require continuous learning and monitoring to adapt to changing environments and new regulations.

Functional Safety and SOTIF

  • No Compromise on Safety: Safety is always prioritized, and the automotive industry has long accepted the overhead required to support safety systems.
  • SOTIF: This newer standard addresses the safety of autonomous functions and requires continuous monitoring and adaptation to unknown risks in dynamic environments.

Personal and Professional Advice

  • Get Hands Dirty: Joachim advises aspiring professionals to gain practical development experience to make effective risk-based decisions.
  • Educational Background: A sound knowledge of cybersecurity or functional safety is essential, with pathways either through academic study or hands-on product development experience.

Conclusion

Joachim Fox’s insights emphasize the critical intersection of safety and cybersecurity in the automotive industry. His experience underscores the importance of practical development knowledge and robust governance systems to ensure the secure and reliable performance of automotive products. The conversation highlights the evolving challenges and solutions in the field, providing valuable guidance for professionals and organizations alike.