Skip to content

The cyber security catch: the joys of connected cars comes with a caution

Once the security of connected vehicles is standardised, doors are opened for the standardisation of a myriad of additional capabilities, writes Peter Virk

Cars were once simply a vehicle to get passengers from point A to point B. Now, a car ride is an experience. Many are lucky enough to have heated/cooled seats, in-car wireless charging for phones, or Wifi/Bluetooth connectivity allowing them to stream their favourite hits. Cars can now offer passengers luxury and optimum comfort.

Special report: WP.29 and the future of automotive cyber security

Automakers are now challenged with creating an exciting in-car experience that beats their competitors with each innovation. Connectivity is at the heart of this innovation. Cars can and will communicate with other cars, tap into local networks, connect to the cloud  and more. However, with all the joys of connectivity comes a serious caution.

A recent paper published by the Law Commission of England and Wales warns that terrorists could hijack remote vehicles to use them as weapons—without ever needing to be involved in the crash themselves. For instance, the  2015 hack of a Jeep Grand Cherokee is a stark caution of what could come. This is particularly concerning as we see remote driving technology increase in popularity in controlled environments such as warehouses, farms and mines, and hear rumours about the technology coming to roads and private vehicles in the next decade or so. The report raises the need to establish how such vehicles could be regulated on public roads. The more software, increasing connectivity, the greater cyber-attack surface.

The  2015 hack of a Jeep Grand Cherokee is a stark caution of what could come

Connected vehicles, which can contain over 100 independently developed software and hardware components, are difficult to secure, due to the multiple vendors involved in their assembly. The complex automotive supply chain makes enforcing common cyber security criteria onerous.

Securing vehicles from cyber threats becomes increasingly difficult with every additional connection, electronic component, and software-driven system. This industry can’t afford the same mistakes technology and software industries have made. Until effective, regulated cyber security protocols are incorporated in manufacturing vehicles and their components, modern automobiles could be effectively unsecured networks.

Hurdles in the green automotive transition

Electric vehicles are becoming more and more popular amid a worldwide push for decarbonisation. While this is fantastic for the environment, it also poses new concerns for software security. There are about 100 million lines of code in today’s internal combustion engine vehicle. In electric cars and future autonomous vehicles, there will be significantly more.

Beyond the safety systems that are improving year on year, electric cars benefit from systems that can judge and improve energy output, battery usage, and charging functions. The powertrain is regulated by a software platform; the safety features are regulated by software; and even the source of power to the car is managed by software. This leaves every aspect of the automobile subject to cyber security vulnerabilities. The car that is more connected than ever, more reliant on technology than ever, with an internal network of components connected to the external world, and more anticipated by the world than ever, is a big open target for cyber predators.

Addressing this issue, we need to think beyond the car.  A very well-built car must connect to the electricity grid to get its power. Think of what that grid is connected to and the damage that could be done to an economy—to a population—if you remove their source of energy. This is why cyber security in every part of the car ecosystem is so important.

Osprey EV charging
EVs open the door to additional cyber risks

How to stay ahead: machine learning opens doors to the future of auto

So, what does the automotive industry need to put in place to ensure safety, but also gain user trust in the long term? A smart car or an electric car that is smart could generates terabytes of data daily. This can be analysed and applied on a larger scale to make smart cities and their infrastructures safer and more efficient. Data is generated by connected fleets, as well as by distributed directory and human resource systems indicating which user activities are permissible and which are not, providing clues to reduce threats.

Machine learning (ML) also excels in this environment. By broadly understanding the activity surrounding assets under their control, ML-driven solutions allow analysts to discover the relationship between events over time and across disparate hosts, users, and networks. ML can provide contextual information to reduce risks and potential costs of a breach. Mobility professionals must wholly understand machine learning and become adept in designing a suitable secure smart vehicle solution.

It is impossible to predict all the ways in which cyber criminals will attack, but clearly privacy will be central. Policy makers must ensure the system governing the next generation of transportation protects the lives and privacy of the people it serves. The UN created cyber security guidelines for automakers, laying the groundwork for increased vehicle security; all countries should follow suit. In fact, once the security of connected vehicles is standardised, doors are opened for the standardisation of a myriad of additional capabilities in automobiles. This enables exciting innovation to become far easier and quicker across the entire industry.

The complex automotive supply chain makes enforcing common cyber security criteria onerous

Smaller companies and start-ups may not have infinite access to data and equipment capable of supporting their new ideas for fantastic, futuristic automotive experiences. In these cases, there is an opportunity for bigger industry players to share data insights and platforms equipped with the flexible, secure technology to support such players. This will help start-ups and established players to shorten and de-risk innovation, bringing great ideas to market faster. As they continue building and using the hardware platforms, OSS, and cloud providers, the entire automotive industry accelerates its capabilities.

Vehicles are smart machines, but machines nonetheless, and interference could be catastrophic. Equally, when the right systems protect vehicles, an array of opportunities becomes available. When the security of connected vehicles has been effectively addressed, smart vehicles can truly achieve their potential.

About the author: Peter Virk is Vice President, IVY product and ecosystem, at BlackBerry

Welcome back , to continue browsing the site, please click here