Friday 24th September 2021

The cyber-risks of smart features: Safeguarding connected vehicles

Published on September 3rd, 2021

Cars have come a long way since Henry Ford created the Model T-a car that put the world on wheels. It was the perfect solution to the growing need to move people across vast distances in early 20th century America.

Now, says Jeff Davis, senior director of IVY Ecosystems Business Development of BlackBerry, technology and need have changed the way we will travel.

Technology is ceaselessly rewriting transportation rules. From the development of electric vehicles (EV) to reduce emissions and the smart features within these vehicles to make roads safer, automakers and innovators continue to advance the frontiers of vehicle innovation.

More than ever the need for EVs should be solidified in our minds, as evidenced by the UN’s latest climate change report. The continued rise in our planet’s global surface temperature has unequivocally been caused by human activity and greenhouse gas emissions electrical vehicle innovation and technology will be critical in the universal fight against climate change.

Tailpipe emissions are only one part of the carbon produced from operating a vehicle; however, they are an important part that is the first step in ensuring a zero-carbon future. As energy production becomes greener, the need for fossil fuel burning power plants will eliminate the carbon produced from energy generation and transfer.

Make no mistake, this first step of an all-electric fleet is a leap, not a hop into a very complicated future. Current employment structures, labour laws, infrastructure development, and power allocation all create challenges for automotive manufactures, law makers, regulators, and infrastructure owners. The one-year jump of nearly a million new EVs between 2019 and 2020 is a very small step considering there are 1.2 billion (yes billion with a b) automobiles on the road to be replaced worldwide, and there are expected to be over 2 billion by 2035.

To compound complexity, let’s look at the issues facing electrification technology. No, not the electric engine itself, although there have been many advances the concept is straightforward. I will avoid confusing myself by discussing battery technology, that’s a place where a lot of smart people are making some impressive discoveries.

No, I work for a software company, so let’s talk software. There are about 100 million lines of code (yes that number is right) in your current internal  combustion engine coming off the line right now. As we move into electric vehicles and towards edge computing on vehicles, that number can go up significantly.

Beyond the safety systems that are increased and improved every year, electric cars benefit from systems that can judge and improve energy output, battery usage, and charging functions. The software and technology challenge is achievable, thanks to some very innovative embedded engineers. Think for a second what all of this means for the car.

The vital function of the automobile the powertrain is regulated by software; the safety features are regulated by software; and even the source of power to the car is managed by software. This leaves every aspect of the automobile subject to cybersecurity vulnerabilities. The car that is more connected than ever, more reliant on technology than ever, the car that is more needed by the world than ever is a big open target for cyber predators.

Think beyond the car, to the fact that this, very necessary, very well-built car must connect to the electricity grid to get its power. Think of what that grid is connected to, think of the damage that could be done to an economy, to a country, to a people if you remove their source of energy. So, one of the most complicated aspects of our greener future, our connected future, our better future is… that’s right…cybersecurity.

Stumbling blocks of cyber communication

The more software in a car, the more cyber-attacks surface. Connected vehicles, which can contain over 100 independently developed components, are difficult to secure with multiple vendors involved in their assembly. The complex automotive supply chain makes enforcing common cybersecurity criteria onerous.

From simple data theft to advanced system hijacking, vehicles could be compromised through a paired smartphone. Hijacking any part of a vehicle can have severe consequences for passengers and pedestrians.

Securing vehicles from cyber threats becomes increasingly difficult with every additional connection, electronic component, and software-driven system. This industry can’t afford the same mistakes technology and software industries have made. It’s unacceptable to ship vehicle software riddled with vulnerabilities, requiring constant updates and security tools. Until effective cybersecurity protocols are incorporated in manufacturing vehicles and their components, modern automobiles are effectively insecure networks.

Shifting gears to stay ahead

Smart features do represent a paradigm shift in transportation. However, their features don’t make them valuable their connectivity does. Nevertheless, the terabytes of data generated daily can be analysed and applied on a larger scale to make smart cities safer and more efficient.

The downside is cybersecurity risks that can’t be overlooked. The average vehicle today has more lines of code than most fighter jets. Cars are connected, working off the cloud and segmented into specific architectures.

We cannot predict all the ways in which cybercriminals will attack, but we know privacy will be centric. Policy makers must ensure the system governing the next generation of transportation protects the lives and privacy of the people it serves. The UN created cybersecurity guidelines for automakers, laying the groundwork for increased vehicle security – all countries should follow suit.

The solution: Fortifying security with machine learning

Data and context are critical to effectively securing connected vehicles. Fortunately, vast data is generated from connected fleets, as well as from distributed directory and human resource systems indicating which user activities are permissible, and which are not. This data can provide contextual clues to reduce threats.

Machine learning (ML) excels in this environment. By broadly understanding activity surrounding assets under their control, ML-driven solutions allow analysts to discover the relationship between events over time and across disparate hosts, users, and networks. Properly applied, ML can provide contextual information to reduce risks and potential costs of a breach.

Mobility sector professionals must understand the capabilities and limitations of machine learning and become adept in determining what a suitable secure smart vehicle solution is.

With ransomware attacks rising globally there has been an increased focus on cybersecurity, particularly within national security. However, it is equally important for security to be looked at in depth when it comes to connected vehicles. Vehicles are smart machines, but machines nonetheless, interferences with a car’s function could be catastrophic. Only once security has been effectively addressed can smart connected vehicles roam without risk.

The author is Jeff Davis, senior director of IVY ecosystems business development of BlackBerry.

Comment on this article below or via Twitter: @IoTNow_OR @jcIoTnow