The cyber security catch: the joys of connected cars comes with a caution

Once the security of connected vehicles is standardized, it opens the door to standardizing countless additional possibilities, writes Peter Virk

Cars were once just vehicles for transporting passengers from point A to point B. Now, traveling by car is an experience. Many are lucky enough to have heated/cooled seats, wireless in-car charging for phones or Wifi/Bluetooth connectivity that allows them to stream their favorite hits. Cars can now offer passengers luxury and optimal comfort.

Automakers are now challenged to create an exciting in-car experience that beats their competitors with every innovation. Connectivity is at the heart of this innovation. Cars can and will communicate with other cars, connect to local networks, connect to the cloud, and more. However, with all the joys of connectivity comes serious caution.

A recent article published by the Law Commission of England and Wales warned that terrorists could hijack remote vehicles to use as weapons – without needing to be involved in the crash themselves. For example, the 2015 Jeep Grand Cherokee hack is a clear warning of what can happen. This is particularly worrying as we see remote driving technology growing in popularity in controlled environments such as warehouses, farms and mines, and hear rumors of the technology entering roads and private vehicles in the next decade. The report raises the need to establish how such vehicles can be regulated on public roads. The more software, the increase in connectivity, the larger the cyber attack surface.

Hacking the 2015 Jeep Grand Cherokee is a clear warning of what can happen

Connected vehicles, which can contain over 100 independently developed software and hardware components, are difficult to protect because of the multiple vendors involved in assembling them. The complex automotive supply chain makes enforcing common cybersecurity criteria difficult.

Protecting vehicles from cyber threats becomes increasingly difficult with each additional connection, electronic component and software-controlled system. This industry cannot afford the same mistakes that the tech and software industries have made. Until effective, regulated cybersecurity protocols are built into the manufacturing of vehicles and their components, modern cars can be effectively unprotected networks.

Obstacles in the green car transition

Electric vehicles are becoming increasingly popular amid a global push for decarbonisation. While this is fantastic for the environment, it also creates new software security concerns. There are about 100 million lines of code in today’s internal combustion engine vehicle. There will be significantly more in electric cars and future autonomous vehicles.

In addition to safety systems that improve every year, electric cars benefit from systems that can assess and improve energy output, battery usage and charging functions. The drive is regulated by a software platform; safety features are controlled by software; and even the vehicle’s power source is controlled by software. This leaves every aspect of the car vulnerable to cyber security vulnerabilities. The car, which is more connected than ever, more dependent on technology than ever, with an internal network of components connected to the outside world, and more expected by the world than ever, is a big open target for cyber predators.

In looking at this problem, we need to think beyond the car. A very well put together car needs to connect to the electrical grid to get power. Think about what this grid is all about and the damage that can be done to the economy – to the population – if you remove their source of energy. That’s why cybersecurity in every part of the automotive ecosystem is so important.

Osprey EV charging
Electric cars open the door to additional cyber risks

How to stay ahead: Machine learning opens doors to the future of cars

So what should the automotive industry put in place to ensure safety, but also to gain consumer trust in the long run? A smart car or an electric car that is smart can generate terabytes of data daily. This can be analyzed and applied on a larger scale to make smart cities and their infrastructures safer and more efficient. Data is generated from connected fleets, as well as distributed directories and HR systems, showing which user activities are permissible and which are not, providing clues to reduce threats.

Machine learning (ML) also excels in this environment. Through a broad understanding of the activity around the assets under their control, ML-driven solutions enable analysts to discover the relationship between events over time and between different hosts, users and networks. ML can provide contextual information to reduce the risks and potential costs of a breach. Mobility professionals must fully understand machine learning and acquire skills in designing a suitable secure intelligent vehicle.

It’s impossible to predict all the ways cybercriminals will attack, but obviously privacy will be central. Policymakers must ensure that the system governing the next generation of transportation protects the lives and privacy of the people it serves. The UN created cybersecurity guidelines for car manufacturers, laying the groundwork for enhanced vehicle security; all countries should follow suit. In fact, once the security of connected vehicles is standardized, it opens the door to standardize countless additional capabilities in cars. This allows exciting innovation to become much easier and faster across the industry.

The complex automotive supply chain makes enforcing common cybersecurity criteria difficult

Smaller companies and startups may not have unlimited access to the data and equipment capable of supporting their new ideas for fantastic, futuristic automotive experiences. In these cases, there is an opportunity for larger industry players to share information about data and platforms equipped with flexible and secure technology to support such players. This will help startups and established players shorten and de-risk innovation by bringing great ideas to market faster. As they continue to build and leverage hardware platforms, OSS and cloud providers, the entire automotive industry is accelerating its capabilities.

Vehicles are smart machines, but machines nonetheless, and disruptions can be catastrophic. Likewise, when the right systems protect vehicles, a number of opportunities open up. When the security of connected vehicles is addressed effectively, smart vehicles can truly achieve their potential.

About the author: Peter Virk is VP, Product and Ecosystem at IVY, in BlackBerry