In the 1990 Arnold Schwarzenegger film, Total Recall, there was a futuristic car, called a ‘Johnny Cab’. The Johnny cab was a sort of self-drive automobile, although driven by a robot. In one scene, Arnie was being chased by some baddies. He jumps into a Johnny cab and asks the cab to ‘drive, drive!’ but of course, the robot doesn’t know where to drive. The end result is Arnie, ripping out the robotics of the car and driving it himself. The Johnny cab was a prediction about the near future of the automotive industry, one of robotics, automation and the Internet of Things.
Only 16 years on from the film and we have found ourselves with our own self-driving cars, at least in prototype. BI Intelligence is predicting that by 2020 there will be around 10 million self-drive cars on our roads. Google has its own self-driving car project. Tesla has created the first semi-automated car that is in release, the Model S – although a recent crash by a test pilot has sent some shockwaves through the industry around the safely of the self-drive.
And then there are the changes happening within the industry due to the Internet of Things (IoT). IBM’s Watson, for example, is an IoT platform that is used across the automotive industry. It allows you to connect, collect, and analyze data associated with all aspects of transport. It is being used to manage vehicle fleets, improve car efficiency, and handle data across the extended supply chain of the automotive industry. With Gartner predicting that 250 million connected cars will be on the road by 2020, we can expect an enormous amount of Cloud bound data to be generated by this industry sector.
In terms of cyber security threats, the automotive industry feels the same cyber pain as other industries. They are threatened by phishing, extorted by ransomware, and breached by APT’s. In the 2016 IBM X-Force review of cyber attacks, automotive was one of the most targeted industries seeing 30% of the total attacks across manufacturing, which came in as the second most targeted industry sector.
However, it is the future that may hold the most concern for the automotive industry as it becomes ever more connected.
Future Fears – Cyber Crime and the Automotive Industry
Platforms, like Watson, which offer a way of creating highly connected networks, are creating greater opportunities by improving collaboration. In an IBM survey, 74% of executives rated collaboration outside of their key industry as being a positive change and bringing growth to their business. However, collaboration and connectivity require you to reach out and share data. The IoT allows the sharing of this data across fast Internet connections. In the automotive industry, this includes information used to keep us safe as we drive, and data that reveals company and product proprietary information to our partner suppliers. Once you begin to store and then transfer data, especially large amounts of sensitive data, the data radar of the cybercriminal begins to twitch.
The problem starting to unfold with the IoT is that in the rush to market to get IoT connectivity into products, and be ‘first to market’, security has taken a back seat. A Hewlett Packard report on the Internet of Things found that at least 70% of IoT devices had security flaws.
We are already seeing IoT focused cyber attacks. For example, the worm, Linux.Darlloz was specifically designed to target IoT devices. Last year a white hat hacker showed how easy it was to hack a self-drive car. The researcher used an off-the-shelf device, like a Raspberry Pi, to trick the car into thinking there was an obstacle in its way – potentially causing it to crash.
This insecurity of things has a greater impact when the ‘things’ are multiplied. One of the issues that the automotive industry has at a larger scale than most other sectors is that of its highly extended supply chain. Vehicles tend to be built from parts created by a myriad of specialist suppliers. As the IoT starts to pervade all aspects of the build, manufacturers will be put under pressure to ensure the security of each part is upheld – it is bad enough having a single point of failure, but multiple points of failure can place manufacturers in a difficult position.
The Supply Chain as a Point of Failure
Keeping the supply chain secure, as our automotive industry embraces the cutting edge of technology, is crucial to not only the protection of sensitive and proprietary data, but also the physical safety of anyone using this new technology. As digitization of the industry takes hold, each individual part that is manufactured is at risk of being compromised by a cyber attack. The software that is created to control engine emissions may end up infected with a worm, that then replicates itself across any digitized part of the vehicle, including IoT sensors. This has already happened to an Internet enabled security camera that had infected software installed during manufacture. The company ended up being fined for security violations by the FTC.
Vehicle manufacturing is an industry highly dependent on an ecosystem of players, utilizing parts from a variety of companies across the supply chain. This means the automotive industry has to have a clear and effective vendor risk management program. Making sure that each part of the whole is manufactured using security best practices, keeping watch on counterfeit parts entering the chain, and generally managing the changes across the security landscape as new automation enters the industry is more important than ever. It is vital to have a holistic approach to the security of our vehicles to retain consumer safety and trust in the industry.