Internet of Things raises many security issues for connected vehicles

Dec. 20, 2017
As you add items to the IoT, your attack surface becomes broader. In cybersecurity terms, the attack surface is the number of places and areas that are vulnerable to attack.

The Internet of Things (IoT) refers to internet connectivity to basic devices. This includes security cameras, entire security systems, city water control systems, large HVAC systems, (that is how hackers got into Target), common appliances and motor vehicles. All these items and more are becoming connected to the internet.

As you add items to the IoT, your attack surface becomes broader. In cybersecurity terms, the attack surface is the number of places and areas that are vulnerable to attack. Every time you add another system, your attack surface grows. Every time you add another person, your attack surface gets bigger and more complex. This makes the job of cybersecurity more challenging. So companies today need to be prepared for this increasing threat as a way of life.

Many industrial plants have large manufacturing systems that are now network connected. Cars have wireless networks and dozens of computers. In fact, the average car has between 25 and 50 computers.

But what is not being so heavily invested in and scrutinized is security for these devices. This can pose a problem moving forward for a few reasons.

Today’s vehicles

There is perhaps no part of the modern economy that has seen more change than today’s vehicles. You could say that the average new car is a rolling computer network. Not a rolling computer, but a rolling computer network. This was predicted by some futurists more than 20 years ago, and it’s coming true. In fact, as cars becomes more computerized, and the control systems move to electrical, they become computerized and then networked.

I remember when I was a kid and helped my dad work on our vehicle. He was a very talented mechanic, similar to others who grew up on a farm and needed to be able to fix mechanical things. Back then, the only things that were electrical were the ignition system, the charging system, and the accessories on his 1966 Chevy pickup truck. And nothing was electronic. I literally used to stand inside the engine compartment when we worked on it. Of course, I was very skinny back then. Today, you would never attempt to work on a vehicle without sophisticated electronic and diagnostic tools.

What’s the possibility?

Everybody in the aftermarket knows that today’s vehicles are covered with computers. But most people don’t know what can happen with an automated vehicle if proper security controls are not implemented.

When hackers look for a place to attack, they are opportunistic – like a shark in the water. The shark doesn’t attack the fastest, strongest fish. Instead, it goes after the weak, the slow, or the one that strays from the school. The same with hackers. They are looking for low-hanging fruit. So businesses need to be ever vigilant. But we can’t predict where every attack is going to come from. So here are a few suggestions.

Start at the beginning

If you are building any type of system that can be controlled by computer or will be networking into a computer network, you need to look at how that device is engineered from the ground up. There are going to be specifications, plans and many components involved. How protected are they? How hardened are they? Not “we will protect and build security as needed in the future.” But how protected is a product now before it is moved into the market. This is a key concept.

Look at what you are doing. Ask yourself and your staff, “What are the possibilities of a cybersecurity attack on this component, and how will that affect other components?” What is your plan for making all the people in your organization cybersecurity aware? This is a mindset shift, not just a discussion of technology. If you are the leader of your organization you need to lead on this critical issue. If you are an individual contributor, you should at least stay up to date and talk with your peers and leadership about your concerns. It’s better to get in front of the issue before it becomes a problem.

One final question. What would you do if your company is the next Target? Chances are you are not that big. Then think of what you would do if you were the HVAC company that let the cyber criminals into Target? We will be talking more about IoT in the future, because there is so much to discuss.

Subscribe to Aftermarket Business World and receive articles like this every month….absolutely free. Click here.

Sponsored Recommendations

ZEUS+: The Cutting-Edge Diagnostic Solution for Smart, Fast, and Efficient Auto Repairs

The new ZEUS+ simplifies your diagnostic process and guides you through the right repair, avoiding unnecessary steps along the way. It gives you the software coverage, processing...

Diagnostic Pre- and Post-scan Reports are Solid Gold for Profitability

The following article highlights the significance of pre-scans and post-scans, particularly with Snap-on scan tools, showcasing their efficiency in diagnosing issues and preventing...

Unlock Precision and Certainty: TRITON-D10 Webinar Training for Advanced Vehicle Diagnostics

The TRITON-D10 lets you dig deep into the systems of a vehicle and evaluate performance with comparative data, systematically eliminating the unnecessary to provide you with only...

APOLLO-D9: Trustworthy Diagnostics for Precision Repairs

The APOLLO-D9 provides the diagnostic information and resources you need to get the job done. No more hunting through forums or endlessly searching to find the right answers. ...

Voice Your Opinion!

To join the conversation, and become an exclusive member of Vehicle Service Pros, create an account today!