Tesla’s recent lawsuit against a former employee for stealing confidential information has given many OEMs a much-needed wake-up call: Attacks can come from anywhere.
On top of remote attacks or ransomware, OEMs are at risk of data center breaches, intellectual property theft, or DDoS attacks. They are exposed to both individual vehicle and fleet-wide hacks, and not just from strangers. Insiders with a grudge to bear could cause even more damage than clever external hackers, especially as they could have privileges that allow them access to sensitive information and controls.
OEMs are under an increasing amount of pressure to be one step ahead. As the impact of security begins to take its toll on the way the public view businesses, and regulation races to catch up with reality, what changes should manufacturers be making to stay protected?
Last May, the Financial Services Committee in the US held its third Congressional hearing in less than a year on the safety and security of connected and autonomous vehicles. There are four separate bills currently going through Congress attempting to legislate this sector more stringently, one of which hopes to create a Driving System Cybersecurity Advisory Council. If successful, they will sit directly in the Department of Transportation and establish the standards and controls that car manufacturers must adhere to when they deploy connected vehicles of all kinds.
Whichever regulation becomes law, one can assume that it will have a considerable amount of control to act in the interests of consumer safety. The National Highway Traffic Safety Administration already has almost carte blanche control over taking vehicles off the road in cases of safety risks. The infamous Jeep Cherokee hack, where 1.4 million vehicles had to be recalled, is a good example of this.
The threat of industry liability is a real one, yet regulatory compliance is one area that fleets and OEMs can get ahead of. Whatever rules are put into place, having visibility into your entire data stream is going to be essential.
A recent example of the importance of data is a proposed rule put forward by the San Francisco Municipal Transportation Authority which states that police can access the logs of any autonomous vehicle without a warrant if it has been involved in an accident. t the data center is vital, as you can have end-to-end fleet visibility of any connected entity. This puts you ahead of the curve when it comes to finding answers and meeting regulatory guidelines.
As IoT becomes all-pervasive, consumers are increasingly worried about the ability of hackers to access vital controls on their vehicles such as brakes and headlights, or break into mobile applications that allow them to steal vehicles or misuse them. Perhaps unfairly, the make up 98% of new cars sold by 2020, we anticipate this lawsuit being far from the last of its kind. It’s becoming increasingly important to protect OEMs and create the tools they need to keep their 5-star public image, as well as to respond quickly and proactively to any security issues.
This reality makes one thing crystal clear- An increasingly complex automotive landscape that includes dozens of third-party data streams, cars in varied stages of production both on the road and off, and attackers who come from external and internal sources- needs a new type of security. In the case of a cyber-attack, accurate facts and analysis about its root cause and effects can be a strong foundation for regulatory compliance, as well as the difference between a devastating blow to your public image and a swift recovery.
This visibility can only be found by utilizing a single source of truth that shows you every part of the smart mobility ecosystem. This includes partners that are higher up in the value chain such as TSPs, cloud-computing solutions and mobile apps, and aftermarket integrations too. Real-time alerts can give you a heads-up to any anomalies or breaches, so that you can provide evidence for compliance, and where necessary, both educate and reassure consumers.