As the connected world extends its tentacles into every corner of the wireless world, with that comes the specter of compromise. So it begins with the connected car.
Even though vehicle-to-everything (V2X) communication is still in its infancy, the emerging cellular V2X (C-V2X) platform becomes just one more cybersecurity vector that needs to be addressed. And, just because vehicles are now autonomous and connected, that does not mean they are any safer from the same nefarious threats that other types of networks face. After all, is not the connected car space just another version of a connected device network? As soon as the car becomes externally connected, you can bet hackers will be at the starting gate as well.
Hackers are adding connected cars to their target database because they are no different than any other connected network. Hacking them offers the same incentives as hacking a computer or smartphone. But cars add a critical element – life safety. That changes the game.
Why? Because the business of malevolence is both ubiquities and significant. Ransomware, for example, has become a multi-billion-dollar industry alone. And can you imagine if you are driving and someone takes over your vehicle, threatening to run you off a bridge unless you pay a ransom? I suspect just about everybody would cave at that point.
Given that vector, I just hope that the connected car industry places a significant value on lives and that
cybersecurity is not an afterthought. They must be secured from the moment they leave the assembly line. As well, cars must be a non-issue when it comes to keeping their security current. That means the hardware and software must be agile and top-shelf; that updating is secure, constant and exacting. That becomes a challenge for devices that can have a 20-year lifespan.
And what about when the car is de-commissioned, or stolen, or abandoned? Or even turned over to a valet? All of these become major hooks in the design of vehicular security.
There is, however, a silver lining with this that does not scale across other segments: life safety. Connected cars, more than, probably, any other industry segment, raise the level of awareness about security. Most people are now becoming aware that security is something to be cognizant of and vehicles top that concern list. With vehicles there is also the cost factor. If one is going to spend upwards of $30,000 for something they may keep for a decade or two, they want to know it is secure. But, even if it is just a two-year turnover, a car is different from an appliance, or media device – the investment is still sizeable.
And, it is not just about individual cars. The other vector in this segment is fleet and commercial use. Here is where teleoperation enters the picture. Uber, Lyft, trucking, taxis, delivery services, and any number of other applications that require higher-level control than just a driver. It is an interesting theory that a hacker, or worse, a terrorist, would be able to take control of an entire fleet of vehicles.
Looking ahead, the connected car space has many more variables than fixed connected devices. The V2X platform includes sub-platforms such as vehicle-to-infrastructure (V2I) and vehicle-to-vehicle (V2V). if properly addressed, these sub-platforms can be an asset to cybersecurity as layers of security.
For example, say a vehicle were hijacked. If the network and security is properly designed and deployed, communications between it and the infrastructure and other vehicles is monitored (which should be the standard). If the hijacked vehicle’s actions, or communications are outside of the norm, these other platforms can alert whomever, or whatever, needs to be advised. It is quite possible that the hijacked vehicle can be remotely disabled or sequestered. Of course, this all assumes that security is a primary consideration and is properly implemented. On the other hand, such a platform can be utilized by the dark side as well. It is a complex issue.
The connected car is not the only risk factor. When cars are connected to other things, city infrastructures for example, it brings up the specter of additional vulnerabilities. If an individual can hack the car and use it to infiltrate other networks or nodes, it is not that unrealistic that they can dominate the city and create all kinds of elevated risks. It is possible that vehicles are infecting other computers related to the infrastructure, such as becoming a gateway to hacking traffic lights, for example.
Finally, let us not forget that connected cars will act much like personal mobile devices storing private information. Visa, for example, has experimented with a credit card solution that would transform vehicles into the ultimate mobile payment devices. Herein lies another security consideration.
In the end, V2X security will need to be built-in from the ground up, maintained and monitored 24/7/365. OEMs need to insure all connection points within a vehicle are properly authenticated so only trusted services are allowed to conduct communications. Encryption of sensitive data or packages going to or from the vehicle is a requirement. And there are many more considerations.
It is too early to know how this is all going to shake out. There are just so many factors that need to be part of the final solution. Regardless, however, security needs to be in the driver’s seat.
Executive Editor/Applied Wireless Technology
His 20-plus years of editorial experience includes being the Editorial Director of Wireless Design and Development and Fiber Optic Technology, the Editor of RF Design, the Technical Editor of Communications Magazine, Cellular Business, Global Communications and a Contributing Technical Editor to Mobile Radio Technology, Satellite Communications, as well as computer-related periodicals such as Windows NT. His technical writing practice client list includes RF Industries, GLOBALFOUNDRIES, Agilent Technologies, Advanced Linear Devices, Ceitec, SA, and others. Before becoming exclusive to publishing, he was a computer consultant and regularly taught courses and seminars in applications software, hardware technology, operating systems, and electronics. Ernest’s client list has included Lucent Technologies, Jones Intercable, Qwest, City and County of Denver, TCI, Sandia National Labs, Goldman Sachs, and other businesses. His credentials include a BS, Electronic Engineering Technology; A.A.S, Electronic Digital Technology. He has held a Colorado Post-Secondary/Adult teaching credential, member of IBM’s Software Developers Assistance Program and Independent Vendor League, a Microsoft Solutions Provider Partner, and a life member of the IEEE. He has been certified as an IBM Certified OS2 consultant and trainer; WordPerfect Corporation Developer/Consultant and Lotus Development Corporation Developer/Consultant. He was also a first-class FCC technician in the early days of radio. Ernest Worthman may be contacted at: [email protected].