Menu

SMART TRANSPORT FEATURE NEWS

Building a Trusted Connected World

By Special Guest
Juan Carlos Lazcano, Vice President of M2M for Gemalto, North America
August 13, 2015

Imagine driving down the road when suddenly your car goes haywire – the radio blares, the windshield wipers hit full speed, the steering wheel is controlled by an unseen force and the car starts pumping its own brakes. A ghost in the machine?  Nope, just another day at the office for professional hackers hired by Wired Magazine to demonstrate the vulnerabilities of unsecured connected vehicles. More than just a media stunt, connected car security is a very serious concern that has lead to newly proposed legislation that would curb the threat of car hacks by establishing new federal standards for digital security.

The benefits of adding IP connectivity to things and machines are enormous – expanded productivity, time and cost savings, enriched services plus overall conveniences simplify our lives. But in our race to add IP connectivity to cars, homes and cities, digital security has often been overlooked. A survey by VDC Research showed that almost 70% of OEMs said security is important to design but only 30% indicated that they made changes in people, processes or tools to improve security. Fortunately, this trend is changing.

No one would ever consider building a home on the beach without a foundation. In the same way, carmakers, developers and OEMs are realizing the significance of starting connected device designs with intelligent security architecture as a foundation to enable trust - in the device, the data, the network and the ecosystem. Security by design enables trust in our connected world, and trust underpins a secure, sustainable and successful Internet of Things ecosystem.

The auto industry and industrial IoT developers need to approach connectivity with the same intelligence as IT system integrators and realize that the software running cars and devices is a source of potential threat just like hardware components. Fortunately, they can learn from sensitive industries such as banking and healthcare that have used digital security technologies successfully for decades. Proven best practices include:

Security by design

Security must be considered at the beginning of the development phase. It is fundamental to ongoing success and trust and has to be integrated in the hardware and software layers from the onset of design rather than as an afterthought.

Risk Evaluation

Developers need to know and understand all potential system vulnerabilities. An early comprehensive risk evaluation is critical to implement security architecture across the entire connected device ecosystem – from the hardware components that enable connectivity, to the software running the device, and out to the communication channels it uses. This helps to protect the device, the network and the data at rest and in motion.

End-to-End Trust Points and Countermeasures

Developers should follow a few guiding principles for implementing end-to-end trust points and countermeasure to mitigate threats:

  1. Protect the device with tamper-proof hardware and software. For example, embedded Secure Elements are implemented to add a layer of physical and digital protection against intrusion and to store credentials and data in a dedicated, secure platform
  2. Encrypt and sign the operating software to protect against attack. Encrypted software is useless without the keys and an electronic signature will ensure that only validated software is running on the IOT device!
  3. Implement strong authentication and encryption solutions to ensure only authorized people and applications are granted access to the IOT solution infrastructure.
  4. Securely manage encryption keys to protect data and manage access to connected systems

Lifecycle Management

Like laptops and PCs, connected car systems and IoT devices need to be protected from attack over the long life of cars and devices – that can be 10-15 years! Carmakers and developers need to design in an interoperable, dedicated platform to deploy security updates and launch new applications over the air without impacting other embedded software.

In an age where everything is connected and where cyber attacks are inevitable, trust is essential. The key to success is designing security architecture at the beginning of development projects and managing the entire trust ecosystem, from the edge to the core, protecting what matters, where it matters and when it matters. 




Edited by Ken Briodagh
Get stories like this delivered straight to your inbox. [Free eNews Subscription]


SHARE THIS ARTICLE
Related Articles

Zipline Announces 'Zip' Drones for Precise, Autonomous Deliveries

By: Alex Passett    3/31/2023

Zipline's "Zip" delivery drones are next-gen, virtually silent machines that are expected to deliver up to seven times faster than traditional automob…

Read More

Modeshift Partners with LTCA for Smart Ticketing

By: Stefania Viscusi    11/17/2022

Modeshift's smart transit solution has been adopted by Luzerne County Transportation Authority (LCTA) in the Wilkes-Barre, PA.

Read More

Video-Based Safety and AI Technology Can Reduce Truck Accidents

By: Tracey E. Schelmetic    11/15/2022

IoT solutions with video-based safety and AI technology can help reduce the likelihood of accidents by identifying distracted and aggressive driving.

Read More

Upward Mobility: Urban Movement Labs Joins Smart City Venture Studios as New Agency Partner

By: Matthew Vulpis    2/24/2022

The technology developed to create "smart cities" can make communities more effective and efficient in the use of resources, a necessity given the pro…

Read More

Up, Up, and Away - With Your IoT Data?

By: Special Guest    2/4/2021

Times have changed in the amazing world of the Internet of things (IoT). What once was a new and compelling idea has quickly worked its way into the h…

Read More