Instrumented Interconnecteds Intelligent

Source: U.S. Department of Transportation

Artist’s rendering of the U.S. Department of Transportation’s Vehicle-to-Vehicle Communication System. (Source: USDOT)

By Chris Poulin

Cars are headed to the cloud. The hottest trend right now in the auto industry is the connected car. And the cloud, with its massive storage, processing, and analytical heft, will power this shift to wired cars. In fact, the auto industry is one of many industries that are working on making their business secure in the cloud.

The momentum behind the connected car is unstoppable. We’ve already seen how cars networked to auto makers’ safety and assistance services help to save lives. In addition to linking with smart devices, we are now seeing cars that can swap signals from sensors in traffic lights, buses, and signs along the road to warn of accidents and cut congestion.

In fact, the U.S. Department of Transportation sees such potential that it’s enabling vehicle-to-vehicle, or V2V communication, ushering in a future where cars on the road will automatically swap data such as speed and direction, sending alerts to avoid crashes or traffic snarls. And with all the time we spend in our cars, it makes sense that they should become personalized digital assistants, offering up more than just maps.

And all of this functionality is enabled by the cloud. Vehicles send telemetry to — and accept control commands from — the manufacturer, maintenance services, and to each other. Cars can even link up with smart devices in our homes and offices. The cloud is the medium through which this interconnection is mediated and secured.

Our cars will continue to become smarter. But the flip side of these new capabilities is that they’ll also be open to a new host of security and privacy threats. The connected car could make our cloud services, e-mail, text messages, contacts, and other personal, financial, and work data vulnerable to hackers. Burglars could determine vehicle location provided by the vehicle’s GPS to monitor when a home’s occupants are miles away. Hackers can gain access to vehicle networks and wreak havoc on traffic and even threaten the safety of a vehicles’ occupants.

At the Consumer Electronics Show (CES) this week, I will be on a panel that discusses the need to secure connected cars well before they become the target of cyber attacks and the initiatives that automotive OEM’s and options suppliers are taking to keep vehicles and passengers safe.

It’s crucial that we design security into the connected car from the ground up. In a recent IBM Institute for Business Value study, “Driving Security: Cyber Assurance for Next-Generation Vehicle,” we found three areas for automakers and partners to focus on when creating connected car features:

1. Design Secure Cars: Security starts with the car. The design process should be laser focused on security from get go. Which means outlining and testing the risks and threats each component, subsystem, and network that the connected vehicle will be exposed to once it leaves the car marker’s production line. Every software and hardware component and system has to be designed with security as a first order of business.

2. Create Safe Networks: In a system as far flung as connected cars will create, security has to be designed especially for and built into every component. Communications should be encrypted. All the organizations providing services that connect roadways, cars, and devices need to protect their networks and monitor transactions to detect suspicious activity.

For instance, automakers’ networks should uniquely identify and authenticate users and control access to remote services. Just as crucially, the equipment on the road that will connect cars together, such as traffic lights and toll lanes, has to be secured from tampering. For example, someone could wreak havoc by falsifying traffic conditions and rerouting all vehicles to a surface road when there is, in fact, no traffic jam on the main artery. As you could imagine, this could be used maliciously by cyber criminals that are after more than just sensitive data, ensuing chaos in a major city.

3. Harden the vehicle: In the 1950s and ‘60s, it took a mechanical engineer to design vehicle control systems; now it takes a computer scientist. A typical luxury car contains around 100 million lines of software code, which are managed by between 70 to 100 electronic control units, or ECUs. These used to be closed systems that required a toolbox and mechanic’s creeper dolly to be tampered with. But by opening them up through mobile networks, Bluetooth, USB ports, and even near-field communications (NFC) sensors, cars are now at risk of remote hacking.

Chris Poulin, X-Force Security Systems Research Strategist, IBM

Chris Poulin, X-Force Security Systems Research Strategist, IBM

To protect the connected car, a technology redesign is necessary from the electronic control unit (ECU) level up. Car makers need to assess whether these ECUs are tamper-proof and decide which controls and messages they should be allowed to send. Car makers also need to analyze the patterns of data being sent to, from, and within vehicles to pinpoint changes that may be a sign of malicious activity.

In-vehicle infotainment (IVI) units need to be hardened against tampering and to protect the privacy of the driver’s and occupants’ data. And automakers and partners need to enable ECUs and IVIs to be updated over the air as soon as software patches are available and with a guarantee that the image hasn’t been tampered with by hackers.

The car as we know will never be the same. But for the connected car to be a success, we have to be able to trust it. And that trust has to be built into tomorrow’s cars from the inside out.
_______________________________________________

This story originally appeared in Forbes.

Bookmark and Share

Previous post

Next post

21 Comments
 
December 2, 2015
4:15 am

Excellent article. I absolutely love this website.
Keep writing!


Posted by: Porsche Cayenne S
 
November 23, 2015
5:11 am

Thanks on your marvelous posting! I seriously enjoyed reading it,
you could be a great author.I will make certain to bookmark your blog and will come back at some point.

I want to encourage that you continue your great job, have a nice holiday
weekend!


Posted by: hire a ferrari or A porsche australia
 
June 17, 2015
8:35 am

Very creative way to secure our drivers and both the pedestrians along the road.


Posted by: festus
 
June 17, 2015
2:44 am

De uitrusting met grote uitbetalingskansen zijn die natuurlijk iedereen wil om te presteren op .


Posted by: roulettespelersonline
 
June 10, 2015
6:37 am

Met het huidige economische klimaat verkennen somber en krediet
ratings rubriek neer veel mensen op zoek zijn naar minder moeilijk mogelijkheden proberen om aanzienlijk meer geld te verdienen .


Posted by: gerelateerde website
 
May 27, 2015
3:48 am

Traditioneel , Costa Rica gewaardeerd hoger sereniteit en betrouwbaarder politieke veiligheid afgewogen tegen veel van zijn collega- LatinDutch plaatsen .


Posted by: www.ironsound.co.uk
 
May 22, 2015
9:47 pm

Therefore ensure that you choose the right pair yourself since
this may create a true positive difference that you experienced.
It can help keep carefully the eye wet so that the individual doesn’t expertise dry
eyes.


Posted by: Natalie
 
March 25, 2015
1:42 am

As we know that today lots of car accidents are occurred and I think this concept really good for security purpose.


Posted by: Braking system
 
January 19, 2015
3:20 pm

While the technology and the hype are certainly here, the reliability is still years away.


Posted by: Barrett W.
 
January 9, 2015
12:59 am

If the ECU and IVI networks are kept separate and Telemetric data is sent out through a firewall to a trusted manufacturer’s server, wouldn’t that drastically reduce the security risks? What’s wrong in not allowing remote (wireless) access to ECU network? I can’t think of any benefits that are worth the risk.


Posted by: Hari Madduri
 
January 8, 2015
12:24 pm

100 Million lines of code in a car? I would be very interested to see which reliable source they pulled that from considering Windows 7 and the Space Shuttle only have 40 Million.


Posted by: Johnny
 
January 8, 2015
7:22 am

Hi Chris,
this is a very interessting article and I totally agree with you. Does IBM has a security solution especially for the development for a connected car?


Posted by: Barbara
 
January 7, 2015
10:05 am

At the bottom of this connected network there is some kind of telecommunications system carrying all this data back and forth. Who is paying for this network? As an example in my house I have connected devices that communicate with a broadband router to allow them access to the internet. The router is connected to the telephone line and I pay both line rental and data usage charges. Who pays for this in the world of the connected car?


Posted by: Allan Blair
 
January 7, 2015
9:12 am

Automotive analysts are already reviewing the security standards of today’s ‘connected cars’ – several makes have been flagged as vulnerable because the ECU and IVI systems share the same physical network. There are risks both ways – an ECU hack could be immediately life-threatening, and an IVI hack certainly represents a financial and privacy risk. There is a strong case to be made for limiting ECU access to hard-wired depot maintenance. Upgrading engine or braking controls while the car is in motion just seems like a really bad idea.


Posted by: Mark Johnson
 
January 7, 2015
6:06 am

Christian Thon, I’m with you all the way. That is a big messy area that needs to be tackled, especially as stakes are high, interests diverge extremely and regulations differ regionally. I can’t wait to see how this will evolve.


Posted by: SyStr
 
January 6, 2015
2:35 pm

Caution should be utilized when thinking there are no negative consequences of bundling all personal, corporate, private, and sensitive data into a single source that an entity (whether an individual or body)can abuse. We see it already too frequently. I would strongly urge extreme caution.


Posted by: Bill
 
January 6, 2015
9:16 am

I had a Nissan LEAF for three years and noted one interesting difference between it and Tesla – Nissan doesn’t have OTA updates, and apparently the systems are more siloed. At one point I had a SW update for the grabby brake problem, and my understanding is the brake controller itself was reprogrammed, not the main system.

Of course there are disadvantages in that I needed to go to the dealer to have my braking system reprogrammed whereas Tesla could have done it OTA, but I’m not sure the Nissan approach is all bad.


Posted by: Steve Hancock
 
January 6, 2015
9:03 am

Why stop at cars though? All equipment is connected, and part of multiple systems. So we need to secure electricity transmission, road, air and rail navigation and everything in between. The next Y2K?


Posted by: Udayan Bandyopadhyay
 
January 6, 2015
7:40 am

Looks very promising and cars could also serve as barometers of passengers’ health (through sensors in steering or arm rests)through connectivity to health care cloud. Possibilities are end less, so is security… Legal and other controls framework too needs to be enhanced in parallel to cope with the outcomes of such connectivity… Let this not purely pan out as a tech innovation, society needs safeguards too


Posted by: SESHA SAI
 
January 6, 2015
4:34 am

First question that needs to be answered is:
Who owns the data provided by a vehicle? Is it the owner of the car or the manufacuturer or maybe the insurance company? Who has access to it? Who has access to this data for review? Is there a possibility to delete data when a vehicle changes the owner? Who is allowed to request deletion?

Is it planned to provide transparency to the enduser (driver, car owner), which information are collected and stored about her/his habits (area of movement, respect of speed limits, style of driving)? Will the enduser have a chance to suppress information she/he does not want to be collected?

From my point of view all above are critical topics regarding “data privacy”. Data privacy also includes these “meta information” and is essential regarding acceptance of cloud based services and therefore needs to be watched and respected closely.


Posted by: christian thon
 
January 6, 2015
4:17 am

“Tomorrow’s cars”? A Nissan Leaf you buy today is “connected” – the CarWings system has its own data connection to communicate battery usage etc. But the point about trust is key – as car owners, we need to trust that today’s cars have been robustly designed with security foremost, not an afterthought.


Posted by: John Haslam
 
1 Trackback
 
January 12, 2015
7:31 pm

[…] a more in depth look at vehicle to vehicle communications, including the itinerate security concerns,check out this brief primer from Chris […]


Posted by: IP Systems Blog Review – Monday January 12, 2015 • JB Systems Tech
 
Post a Comment