Before autonomous cars become available for the masses, there are key security measures that manufacturers need to consider
The Internet of Things (IoT) is going to completely revolutionise transportation in our cities, with intelligent buses, smart trains, high-tech tubes and connected cars all set to transform urban commuting and moving around cities from a high power, high emission task to an economically and environmentally friendly experience. That, at least, is the tantalising promise from vehicle manufacturers, IoT travel app developers and transportation technologists: and the end result of adding Internet Protocol connectivity to millions of vehicles, roads, railways and urban metro systems.
With the Queen pledging in her most recent speech that autonomous vehicles will hit UK roads by 2020, Volvo planning public testing on London’s roads in the next year, and the likes of Google already testing self-driving cars on public roads in California, this connected transport infrastructure is much closer than we think. But before autonomous cars become available for the masses, there are key security measures that manufacturers need to consider.
As safety has been at the heart of the car industry for more than a century, when it comes to the connected car this is no different, and security needs to be addressed as a primary component. This means that for any and every manufacturer that is looking to develop smart cars and smart transport networks, security must be front of mind.
Imagine what could happen if a cybercriminal gains unwanted access to a connected car or (even worse) to an entire smart city’s IoT transport ecosystem control centre. For connected car manufacturers, a compromise in security could result in a compromise in safety for its passengers.
In the race to add connectivity to cars and to develop intelligent IoT-driven transport networks, there is often the danger that manufacturers, developers and public transportation executives could be overlooking digital security, at the point at which it’s most important.
A recent survey by VDC Research for example, showed that almost 70 per cent of original equipment manufacturers (OEMs) said security is important to design but only 30 per cent indicated that they made changes in people, processes or tools to improve security.
This worrying trend must change when it comes to developing connected cars and IoT transport systems. Fortunately, forward-thinking carmakers, developers and OEMs already realise that they need to start connected vehicle and transport device designs with intelligent security architecture in mind as a foundation, to enable complete trust – within the wider ecosystem.
No car or transport system is ever going to be unhackable of course, as vulnerabilities will always exist somewhere in such complex networks. Across IoT innovations – from connected cars to transport infrastructure network innovation – we’ll see new forms of security threat. In fact, a recent report referring to the cybersecurity of connected vehicles as "one of the biggest issues facing manufacturers today."
That report, Cyber Security in the Connected Vehicle, also warned manufacturers of a "massive future security problem just around the corner" which it attributed to complexity, connectivity and content issues with connected cars.
Complexity is seen as “the worst enemy of security” and in-vehicle internet connectivity to IoT as a “double-edged sword” with new connected services potentially opening up new attack vectors via which cybercrooks could steal valuable personal information via car networks.
With all this in mind, the US Federal Bureau of Investigation (FBI) has recently published its own advisory on car hacking, warning drivers of the dangers of remotely hackable cars, referring to the well-publicised hack of a Jeep in 2014. In that instance, hackers used a laptop to send commands through a Jeep’s entertainment system to take remote control of the stereo, air conditioning, brakes and transmission.
As connected cars and smart transport systems develop, these and other new types of cyberattacks are inevitable. Which is exactly why we shouldn’t underestimate the need for security architecture and corresponding products and solutions to protect the entire IoT transport ecosystem – devices, data, their applications and the network.
At Gemalto, the key point that we always stress to the car manufacturers and smart transport system developers we work with is that security has to be baked into the DNA of a product or software solution, and it needs to be implemented across the entire connected car ecosystem to effectively prevent hacks, defend against fraud and keep data private.
If tamper-proof hardware and software is incorporated, operating software is encrypted and signed, strong authentication and encryption solutions are used, and encryption keys are securely managed, manufacturers can ensure the safety of drivers, passengers and the millions of commuters and travellers that will be using connected cars and smart city transportation networks on a daily basis.
Conducting regular risk evaluations across the entire connected transport ecosystem means that the developers will be able to build reliable and effective security architecture across every stage of the network, from the hardware components allowing connectivity through to the software running the devices.
Security has been at the heart of the car for more than a century, and security has to be at the heart of the connected car, too. Manufacturers must embrace end-to-end security by design, and it should never be a bolted-on afterthought.
Christine Caviglioli is Vice President Automotive in Gemalto’s M2M/IOT organisation. She is in charge of the automotive business worldwide, responsible for global automotive strategy and leading the marketing and sales teams.
During her 20-year career with Gemalto, Christine has held a number of positions in marketing, product management and innovative solutions sales, with a worldwide footprint and experience across a number of segments. Since the acquisition of Cinterion in 2010, she has led and developed M2M activities within Gemalto.
Prior to working with Gemalto, Christine was a Consultant at Oracle. She graduated with a Master’s degree in Computing Science and Business Administration from Skema Business School in France. She has two children.