[By Yoav Levy, Co-Founder and CEO]
Between SpaceX, Tesla, the Boring Company and many other initiatives, Elon Musk is, to say the least, busy. Despite working up to 100 hours a week, he still has time to worry about a fleet-wide hack on Tesla. And rightly so.
All large vehicle manufacturers and many Tier 1 suppliers are making big investments in connected and autonomous vehicle technology and, like Musk, they understand the need to build-out new security infrastructures for their fleets to ensure they are safe from cyber-attacks.
Protect the fleet and not just the car
KPMG recently released their report, ‘Protecting the fleet – and the car business’. It highlights the need for car manufacturers (OEMs) and businesses which manage vehicle fleets to adopt a completely fresh security framework.
Today, the average car contains more than 150 million lines of code written by dozens of different vendors, multiple computers and vast quantities of wireless connections to internal and external communication channels. This, together with the data-hungry nature of cars and their users (according to the report during 2017, North American users consumed an average of 6.9 gigabytes each month) and the impending 5G roll out, is expected to create an explosion of in-car technology innovation and confirms we are firmly in the age of ‘the Internet of Cars’ (IoC).
Although this technology revolution has extraordinary benefits for car users and indeed businesses with fleets of cars, there is also a major sticking point – the issue of electric vehicle cyber security. The report notes that ‘many manufacturers have made huge strides in addressing cyber security issues within their vehicles, taking various approaches to the challenge even as the threat landscape continues to evolve, and solutions continue to emerge and mature’.
The next disruptive threat: fleet-wide cyber-attacks
Crucially, these developments do not address the far more frightening possibility of a fleet-wide cyberattack or hack, and that has Elon Musk worried. This, according to KPMG, represents the next disruptive threat to the automotive industry. The threat comes in many shapes and sizes, including vehicle consumer data breaches, DoS attacks, malicious exploit attempts, intellectual property theft and the safety of drivers and passengers. A fleet wide cyber-attack has the potential to cause cataclysmic damage.
Today, a car can be forced to swerve across lanes and travel over 120 miles per hour while the driver is totally powerless to stop it from happening. That’s a frightening image on its own, let alone the scenario where a fleet of hundreds of vehicles in different locations can be simultaneously controlled. We’ve seen the use of vehicles in terrorist attacks rise significantly in recent years, but we are yet to witness a remotely controlled vehicle army. To prevent this from becoming a reality, it is essential that fleet-wide security is taken seriously, and automotive network protection is prioritized.
According to KMPG (and I agree), ‘cyber security can no longer be seen as a corporate challenge. It is a much broader and more complex engineering, production and operational task – and it requires a new approach’. With 65 million connected cars on the road today without security, multidimensional systems that cover the individual vehicle, the connected fleet, the automotive business and the supply chain will be essential – particularly as this figure is expected to rise to 250 million by 2020.
“Analyzing the entire fleet-level data offers full visibility into the fleet’s security posture. By understanding the complete picture, normal car and driver behavior can be monitored effectively and attacks can be prevented before they reach the network and cause harm.”
Yoav Levy, Co founder and CEO, Upstream
Monitor, analyze and protect: from within the data center
So, what can you do to protect your fleet? That’s where we come in. Our centralized cloud platform sits in the data center and permits the entire fleet to be monitored and protected with a combination of big data analytics and advanced cyber and fraud security technology.
Upstream’s Fleet Cybersecurity Platform enables access to automatic protection through the use of health dashboards (offering alerts on cyber threats, policy violations and additional infrastructure indicators) for the fleet. Additionally, analytics captured from all levels of the fleet architecture – car, driver, mobile app and server – help fleet operators investigate an incident and determine the cause so that similar situations can be prevented in the future. This centralized, automated and insightful approach is the key to securing fleets of connected cars in the future.
Analyzing the entire fleet-level data offers full visibility into the fleet’s security posture. By understanding the complete picture, normal car and driver behavior can be monitored effectively and attacks can be prevented before they reach the network and cause harm.
UPSTREAM’S DASHBOARD – AUTOMOTIVE FLEET SECURITY HEALTH AT A GLANCE
And by making use of a secure boundary in the demarcation point between the operational network and the IT network, users can ensure protection of the communication data between the vehicles and command and control servers. Upstream leverages deep protocol understanding of the communications between data centers and fleets to detect, interpret and alert in real-time of any threats to the fleet.
As the world we live in rapidly changes, it’s clear that automotive cybersecurity must keep up with the pace of technology, sociological and environmental development. The risk of a fleet cyber security attack is grossly underestimated and there are very few solutions that sit above proprietary protocol. Businesses must start to take this risk seriously and protect their fleet efficiently so that they can be prepared for the next generation of automotive security breaches – which are just around the corner.
Upstream’s 2023 Global Automotive Cybersecurity Report
API Security Needs to be Integral in Automotive Threat Analysis and Risk Assesment
APIs enable the opportunity to innovate and improve services in the connected vehicle and smart mobility ecosystem. APIs are widely used in advanced features, services…Read more
NHTSA Updates US Cybersecurity Guidelines for Vehicles
Connected and software-defined vehicles technologies are on the rise, offering customers a better user experience, and introducing new monetization strategies for OEMs. Given the rising…Read more
Upstream Partners with Salesforce, Putting Connected Vehicle Data in Motion
The automotive industry is undergoing a massive transformation, building new revenue streams and business opportunities. Connected vehicle and smart mobility data are at the core…Read more
Securing Smart Mobility Requires a Fresh Approach to API Security
Connected vehicles and smart mobility services use numerous APIs. Everything from OEM-driven companion apps, infotainment systems, OTA servers, telematics servers, and EV charging management or…Read more