Articles, Automation, Cybersecurity, IIoT

How Secure Is the Auto IIOT, Really?

This post was guest-authored by Kayla Matthews, technology writer and the editor of Productivity Bytes.

Although the Internet of Things is proving relevant and even transformative in a range of industries, its implications for automaking and transportation are potentially some of the most exciting. When cars can communicate with one another, as well as with civic infrastructure and third-party digital services, the result is a more efficient and harmonious transportation system in general.

But along with all this exciting potential come worries over the proper stewardship and secure transmission of all the data that makes these autonomous electric cars, efficient roads and smart cities possible. Here’s a rundown that should help answer one of the most important questions as we watch this potential “revolution” unfold: How secure is the Automotive Industrial Internet of Things? What kind of price, if any, do we have to pay for this level of convenience?

How Is the Industrial Internet of Things Used in Automaking?

There are abundant ways to put the IIoT to work in the auto industry, from the factory floor all the way out to our nation’s roadways and our ever-smarter, ever-more-autonomous automobiles.

  • Factory floor: Factory floors throughout the world are relying on smarter manufacturing equipment that can help monitor the condition of its parts and how well it’s running compared with day-one benchmarks. The result is, in some cases, factories that can operate “with the lights out” for extended periods with minimal human intervention.
  • More advanced vehicle tracking: Advancements in wide-area networks are facilitating a considerable amount of innovation in the field of vehicle tracking. From keeping tabs on rebellious teens to commercial fleet management, the IoT supports location management, route planning and safe remote shutdown options using variations on existing Internet technologies, such as Wi-Fi, Bluetooth and NFC.
  • Exchanging data in real time: As autonomous vehicles enter our roadways in greater numbers and 5G connectivity comes of age, these automobiles will increasingly be able to communicate with each other (“V2V”) as well as with infrastructure (“V2I”). This technology should result in considerably smoother intersections and construction areas, plus more accurate and timely safety alerts for motorists, cyclists and pedestrians, with little or no “stop-and-go” traffic.
  • Infrastructure inspections: Bridges, airports, roadways and other complex pieces of infrastructure have historically relied on considerable human labor, much of it dangerous, to stay in good repair. Embedded sensors are a boon to infrastructure engineers and inspectors everywhere, who can conduct inspections from a safe distance and receive alerts when tolerances get exceeded somewhere.

There are many other opportunities to put the IoT to work in the modern automotive industry, too — including faster defect detection and better recall response for automobiles already out on the roads, but which can get called in for service when their smart hardware detects a fault or receives a signal from the manufacturer indicating critical service is necessary.

Why Might the Auto IIoT Not Be as Secure as It Seems?

The first and most obvious way the Internet of Things might get exploited in the automotive space concerns the idea of “hacking” cars with autonomous or semi-autonomous hardware and software installed. It’s not just plausible — it’s a reality, with remote hackers proving routinely over the last few years that extremely robust safeguards are necessary for ensuring this technology does not get misused.

Between 2015 and 2016, the number of cyberattacks on industrial control equipment and networks rose by 110 percent. And since the U.S. has more online industrial control systems than any other nation, it stands to reason that companies doing business here would find themselves targets. Ironically, another part of the problem may have been the public release on GitHub of a penetration testing tool, which might’ve led to an increase in malicious activity.

But why bother with trying to penetrate online industrial activities — including automaking plants? There could be many reasons:

  • Steal trade secrets and intellectual property
  • Bring production or research and development to a standstill to beat a competitor to a market
  • Seize valuable data to hold it for ransom
  • Seize valuable data to sell it to a competitor or on an open black-market data exchange

How can automakers as well as developers from the various IoT disciplines avoid data insecurity? According to experts, digital security needs to represent as serious an investment as any other. Professionals from the security world also advocate for the use of behavioral analytics to confirm the validity of any credentials or other information sent “over the air” — including between automaker servers for firmware updates, for example, or between a person’s car and a routing service. Such a tool can determine whether a set of credentials is getting deployed suspiciously and might have become compromised.

There’s another grave potential security threat in the smart automotive industry, and it concerns hidden back doors and surveillance apparatuses hidden within counterfeit electronic parts. Such stories have proven controversial, but they reveal another source of potential harm that deserves awareness.

The Other Kinds of Automotive "Security"

Security in an automobile can also refer to the peace of mind that comes with proper coverage. And when it comes to the “Pandora’s box” of insurance and liability implications for the automotive industry as driverless cars make their move, there’s artificial intelligence. Comprehensive automotive insurance today relies on a common source of risk — the use of motor vehicles in public — along with an uneven distribution of liability. To put it another way, some assets are more valuable, and more difficult to replace, than others. Just as AI is remaking driving itself, so will it reshape the process whereby insurance merchants and automakers anticipate, and fashion services based around, risk.

The point is, there are a lot of factors to consider as the automotive industry transforms before our eyes. Hackers and other troublemakers are determined, but talented engineers are earning unheralded patents practically around the clock in efforts to keep up. The roads ahead might look perilous, but they’re only going to get smoother.