From Selling Cars to Selling Services – OEMs’ Challenges in Securing Complex Data Environments

TEAM UPSTREAM

October 18, 2018

The automotive world is seeing a huge increase in data. Some of this stems from the front end, such as connected hardware, vehicle sensors and infotainment systems. Other data sources are operating behind the scenes, such as backend servers and cloud-based telematics for technical operations. On top of this, we need to consider data gleaned from the environment such as traffic or weather information. As vehicles are becoming increasingly autonomous and thus introducing even more data sources, it’s no surprise that some estimates suggest data usage will soon be as high as 4TB per day, the data equivalent of 3,000 people.

The rise of the connected car is changing car companies, opening opportunities for OEMs to move into new service models altogether. But connectivity also brings about new cyber risks. How can OEMs balance the two?

Opportunities for OEMs in an Increasingly Connected World

Where OEMs used to find the lion’s share of their profit through making and selling vehicles, they are now increasingly moving into related services and mobility solutions. This new business model supports them in taking advantage of the latest technology, meeting the rising expectations of customers, and keeping pace with the competition.

One great example is Amazon’s in-car delivery service, allowing customers to have their packages securely delivered to the trunk of their vehicle. For car manufacturers like Buick, GMC, Cadillac and Chevrolet – their cloud-connected vehicles sync with the Amazon Key App, allowing delivery drivers to securely obtain authorization to access your car.

Connected mobile apps are another area that OEMs are increasingly utilizing. BMW has three disparate smartphone applications. One has the power to lock/unlock the car, change the temperature, and locate the car remotely, as well as sync with your favorite apps and infotainment systems. The second provides technical information for electric vehicles, such as battery levels and range, while the Roadside Assistance app dispatches help to your location when it’s needed.

These exciting opportunities are opening doors for OEMs to do far more than ‘just’ sell cars. The future for car manufacturers shows their capabilities in a virtual marketplace of innovation, from providing car-related services like car wash and maintenance services, to integration with ride-sharing, mobility providers and leisure activities. We’re living in a reality where your connected vehicle could soon autonomously obtain a parking place for you in advance, or book a table at the restaurant you’re traveling to. It seems the future for electric vehicle OEMs is in services as much as products.

Challenges of Securing this Complex Environment

Being able to embrace this type of innovation means that security needs to be front and center of your business plan. Using mobile applications to control any functions within the connected car, as well as to access behind the scenes data means that you have an extra element to secure within the vehicle ecosystem.

Attackers can breach a user’s mobile app, and not only have access to that specific vehicle, but potentially to entire connected fleets. Theft of the cars themselves is one potential threat, as well as identity theft and fraud if hackers get hold of your data. Even if you manage to catch the breach before any physical harm is done, many businesses find their reputation does not recover, and that customers lose faith in their brand altogether. Mckinsey comments that when it comes to connected vehicles, this loss of trust would likely fall onto OEMs, even if it wasn’t their fault to begin with:

“OEMs as the sole customer interfaces and most often final system integrators are the ones to ultimately deal with the integration risk and would bear responsibility for ensuring that secure, stand-alone systems do not become vulnerable when connected.”

Limitations of Mobile Security

Mobile apps, in particular, are known for being vulnerable to hackers, in part due to flaws in the software itself, or in the phone’s operating system leading to unauthorized data leakage. Lack of binary protections can give attackers the chance to reverse engineer the code of your app and inject malware, while weaknesses with authentication when a mobile app is offline can allow bad actors to brute force their way into your system and make changes.

For many, the answer is to ensure that the mobile apps are secure. But even this may be a long way off. Kaspersky tested 9 connected car apps, and found that none were adequately protected against cyber-crime.

Security in Silos is Not Enough

While the lack of security around mobile apps clearly puts both the consumers and the OEMs themselves at unnecessary risk, securing the mobile app might well be missing the point if you consider the way we use data is increasing so exponentially.

Think about the sources of data in just one connected car using a simple service such as an app that allows you to find your vehicle. As well as the car itself and the mobile app, the areas that need security include the mobile phone, the mobile application servers, the telematics servers that communicate with the car, as well as the data centers and back-end architecture. Even if we get to a point where security solutions exist effectively for each of these in silos, it remains impossible to track and analyze this data from end to end without a full network perspective.

Focus on Visibility with a Single Source of Truth for Automotive Cybersecurity

The only way to understand your data flows in such a complex environment is to establish a single source of truth. Not only does this enable you to spot threats to your customers and your network, but it also gives you the tools you need to make smarter decisions and predict the patterns that will lead to business success.

By organizing the data from every stream into one aggregated dashboard, events can be correlated and tracked against one another, making it easy to see through the noise of all the information, and uncover actionable insights and causation that make a measurable difference to your bottom line.

Adapting your business model to take on new services and cloud-based solutions is the next step for many OEMs. As you expand your capabilities, it’s essential to ensure that your visibility remains granular, and you have the discovery you need to enter a marketplace of solutions without fear.

Newsletter Icon

Upstream’s 2024 Global Automotive Cybersecurity Report

Newsletter Icon

Subscribe
to our newsletter

Stay up-to-date on the latest trends, emerging risks, and updates

The GenAI Arms Race is Here

Listen to this blog Your browser does not support the audio element. The Automotive and Smart Mobility Ecosystem is entering a new era of GenAI,…

Read more

Upstream Participates in TISAX, Accelerating Customer Onboarding & Ensuring Data Protection

Listen to this blog Your browser does not support the audio element. In the fast-evolving landscape of the automotive industry, ensuring robust information security practices…

Read more

Revving Up Safety: UN Regulation R155 Now Covers Motorcycles

Listen to this blog Your browser does not support the audio element. On Jan. 26, the UNECE decided to include motorcycles, scooters, and electric bicycles…

Read more

NIS2 Directive’s Impact on the Smart Mobility Ecosystem

Listen to this blog Your browser does not support the audio element. The NIS2 Directive, expected to become mandatory in October 2024, aims to significantly…

Read more