For the last couple of years I have taken a very active role in the world of Automated Driver Assistance Systems (ADAS). Call it telematics or connected cars and you would be right on both accounts.
In my view the single biggest issue in this area is the cybersecurity component. I recently had the pleasure of hosting a panel discussion on this topic for the National Automotive Service Task Force meeting in Las Vegas. The two panelists I interviewed were from IBM and Mahle.
The resounding concern that they had was with vehicles that are connected to the Internet being attacked and manipulated in bad ways. There are a number of ways that this can happen but I am going to limit my scope to the method or “attack surface” that hits closest to home for auto repair shops and technicians – your shop’s network and scan tools.
The idea of having an Internet connection in the shop is not that old. It started out as a means to look up information and evolved into part ordering, customer communication and loss of technician productivity, but I digress. It is likely that you have at least one PC in the shop that has a scan tool on it.
When we all began this whole new fangled Internet in the shop idea our biggest worry was somebody using our connection over our wireless access point. Frankly most of our networks have not evolved much past that except to have some anti-virus software installed that we hope is adequate.
The risk that we have not yet embraced collectively is that open networks with fairly easy to break firewall protection are a great way for bad people – our panelists went so far as to suggest terrorists – could create malware that has no direct effect on your PC but would allow access to the vehicle network when you connect to the data link.
Another cybersecurity expert I talked with at an event in San Diego says, “The Jeep hack that was in the news is child’s play compared to the things we can do.” With an issue this complex it is easy to get into a very long discussion, but let’s focus on what advice I have gathered from network experts who are working in the cybersecurity field.
First let’s focus on your shop. It’s very nice to offer connectivity to your customers but that area needs to be locked down from the technical functions network in your shop.
If you use wireless in your building consider that the SSID (network names) are not broadcast by your wireless routers, which should also be able to provide secure access to only the people who should have it.
You should consider the need to lock down what machines can come into the shop and go out of the shop. You could have an employee bring a machine into the shop that carries a virus or that is open to attack, exposing your entire closed network. Conversely, you could allow an employee to take a scan tool home for some reason and their home network could allow infection that comes back to your shop’s network.
An industrial grade firewall that is properly setup to access the services that you use is something you need today. There is going to be some pain because it will take an IT guy who is used to working with secure networks a little time to work with automotive sites that are shall we say, “more open” than what they are used to. Plus, some scan tools perform updates across some older and less secure protocols that are not state of the art. I would expect that these are going to be improving in the very near future.
The last consideration I will offer is the tool itself. There are several best practices to adopt. Don’t save passwords to websites in a file on the machine unless it is encrypted. It is very hard to hack a hard copy. Don’t share your passwords with anyone. Once you do you no longer know how they will be used.
Get in, do your diagnostics and disconnect from the vehicle. Leaving a machine with an Internet connection connected to the network of the vehicle is inviting problems. Make sure you keep all of the operating system updates current because security updates are frequent and critical to a secure network. Anti-virus software is important and I don’t have any specific suggestions except talk with a skilled IT person and consider their suggestions.
As the cybersecurity discussion continues, independent repair shops will be cited as a major risk for OEMs and vehicle owners if we are not proactive to demonstrate that we can keep our house locked down from bad people. It is a natural evolution that matches the direction vehicles are going, so go ahead and grumble about it but don’t ignore it. Ultimately, I believe we will be held responsible by our customers for cybersecurity just as much as we are now for the repair work we do.
Subscribe to Aftermarket Business World and receive articles like this every month….absolutely free. Click here.
