IoT Security and the Automotive Industry: Highway Heaven or Driver Hell?

At Mobile World Congress this year, the Internet of Things (IoT) theme rang out stronger and more clearly than ever before. Where it differed from 2015, however, was in the maturity of its message, the genuine user cases and the real-world examples on display.

The darling of the IoT discussion this year is undoubtedly the automotive industry. There were huge numbers of connected cars on show in Barcelona, sporting all manner of IoT functionality. From Mercedes and Audi to BMW and Honda, you could almost be forgiven for thinking you were at the International Motor Show in Geneva.

For more than a century now, the automobile has been an isolated machine of metal and motor, its single most important purpose the transportation of passengers from one place to another. The automotive industry has begun to evolve, however, and the last decade has seen the fastest acceleration of change since Henry Ford’s famous assembly line innovation back in 1913.

Automobiles in a Connected World

The rapid evolution of connectivity in industry, especially in the automotive space, has led to a fundamental shift in the way we see business and vehicles. Where once we had steel and pistons, we now have carbon fiber and computer chips.

Technology is providing manufacturers and companies with unique selling points to set themselves apart in increasingly crowded markets. At the same time, consumers want and almost expect their vehicles to become a personal node on a network of connected devices. This is creating a paradigm and enabling possibilities that only a few years ago would have been considered science fiction.

Some possibilities for future technology just seem amusing, such as a music streaming service suggesting tracks to accompany the roadway scenery based on the car’s geolocation. Other uses for the IoT are genuinely groundbreaking, offering enhanced efficiency and safety.

For example, automobile service centers are tracking sensor data to predict when routine or remedial maintenance is needed and automatically scheduling an appointment. Similarly, insurers can capture driving behaviors and track journeys to calculate more accurate policies, while car and road sensors could be combined to regulate the flow of traffic or alert drivers to dangerous conditions.

The Need for Security in the Automotive IoT

However, this functionality and the connected future comes with risks. Whether it’s the automotive industry or any other vertical, one of the clearest messages to ring out from the IoT advocates and skeptics alike is that security is the key to the continued maturity of the wider space.

Researchers at the Black Hat conference last year proved that modern vehicles with a CAN Bus (effectively a computer brain) could be hijacked with just a laptop computer and off-the-shelf software. The consequences range from the innocuous, such as displaying false telemetry on the dashboard, to the severe, such as wresting the steering away from the driver and even applying the brakes or switching off the engine remotely.

According to Ernst & Young’s February 2015 report “Imagining the Digital Future,” more than 100 million cars are expected to have some form of connectivity by 2025. The writing is on the wall for IoT in the automotive space: If it has an IP address, it can be hacked. Enterprises need to act now or face the risks.

As with all online and connected devices, manufacturers must consider how to prevent the serious types of hacks and cyberattacks that all devices with an IP address are susceptible to. For example, while driver safety will always be a core priority for automakers, the advent of the IoT and connected cars now means they must include protection against all sorts of digital and online incursions, too — a blueprint for industries the world over.

Connected Cars Drive Into the Future

The IoT is here to stay, as is the connected car. Information Age noted that in the same way we expect safety features to be standard rather than retrofitted, the consumers and businesses of the future want comprehensive security delivered directly into all aspects of their professional and personal lives.

The IoT is forcing automakers to evaluate driver safety from this new perspective. Given the advances in cybersecurity over the last few years, a future of connected vehicles is to be embraced rather than feared.

The security aspect of the IoT is clear for all to see. If we need a technology parable, we can learn a lot from the journey of cloud computing over the last decade. Endpoint proliferation, network and device authentication, data governance and trust were all areas where the cloud had to overcome challenges — and has. These areas will similarly need to be mastered if the wider potential of the IoT is to be recognized throughout global industry sectors.

Share this Article:
Erno Doorenspleet

Executive Security Advisor, IBM

Erno Doorenspleet has more than 20 years of experience in IT, spanning IT governance and operations, outsourcing and security risk and management. Currently, Erno is part of the worldwide IBM Security Business Unit. He is a member of the IBM Security Tiger Team as the Executive Security Advisor for the EMEA region. He is an international speaker on the relationship between business and information technology, cloud computing and security.