How cybersecurity is putting the connected car in reverse
It’s official – the automotive industry is being disrupted by new business models and technologies. The frontiers have undoubtedly been shifted, as manufacturers compete to produce driverless and connected cars. Whilst this engineering revolution shows no signs of abating, with the government pledging £20 million to the development of autonomous vehicles only last month, cybersecurity concerns are likely to remain a primary inhibitor to widespread delivery of and consumer adoption of the technology.
Although the concept of the connected car is by no means new, recent research showed that almost half of British drivers are still concerned about the security of driver-aid applications such as cruise control and self-parking. It seems as though this caution is warranted – automotive manufacturers admitted in the same research that there could be a security lag of up to three years before driverless car systems catch up with cyber threats. Given the evidence of flaws in the basic technology itself (Google recently admitted blame for a crash involving its self-driving car), in addition to cyber-security issues, it’s easy to understand the sustained consumer scepticism around autonomous vehicles.
IoT: giving hackers the green light
A significant reason for these cyber-threats plaguing the minds of consumers is the proliferation of the Internet of Things. This is a phenomenon which has facilitated opportunities for monetisation in a wide range of industries and automotive manufacturing is no different. In fact, McKinsey predicts that a movement towards connectivity in the automotive industry could result in up to $1.5 trillion in extra revenue by 2030.
Gartner predicts that 6.4 billion connected devices will be in use this year, an increasing portion of which will be cars, which are also set to dominate the early stages of 5G rollouts. However, the growing number of connected vehicles equals additional access points to a network potentially giving control of another person’s vehicle and containing an abundance of valuable data, creating more and more opportunities for hackers.
Cyber-threats are putting the brakes on adoption
Consequences of a breach could be wide ranging, from compromising the controls of a single vehicle to bringing entire cities to a standstill. Whilst taking physical control of a car will not bring financial reward, it could cause chaos in major locations. As vehicles increasingly become connected to the critical transport infrastructure, the potential for hostile groups to cause damage is ever-more viable. Undoubtedly, the importance of implementing effective security protocols takes on additional significance when human life is endangered.
The importance of cyber-security in connected and autonomous vehicles is demonstrated by the speed at which hackers formulate new methods, matching innovations developed by manufacturers. For example, some thieves are exploiting keyless entry systems with 'amplification attacks', which use a device to 'amplify' the signal generated by a key-less remote to open a car's doors. Alternatively, thieves intercept a door code using a device planted nearby, that is then used to break into the car later.
Whilst driver safety has to be the biggest consideration, data security cannot be ignored, given the rise in wireless communications between cars and manufacturers (for simple things such as traffic updates). As connected vehicles become more advanced and integrated with other devices and systems, the amount of data travelling throughout the supply chain is set to rocket. Therefore, if a hacker is able to infiltrate any of these potential access points, they would have access to all this data, which could include personal and financial details.
Can manufacturers accelerate past the hackers?
Due to threats to consumer safety, manufacturers have been investing heavily in security and conducting extensive testing to prove new-age vehicles can cope. The difficulty for manufacturers is that there will be technologies from multiple vendors that need integrating for the driverless car to function – such as cameras, navigation systems and ‘infotainment’ systems. Although some measures are being taken to separate vehicle control networks from other systems, manufacturers will need to impose stringent controls across vendors to ensure that integration areas do not become points of weakness.
Some manufacturers, such as Tesla and more recently General Motors, have implemented ‘bug bounty’ programmes, which can offer financial rewards for hackers to reveal flaws and bugs in company software code, although these schemes have not yet extended to flaw finding in the infrastructure of the actual vehicles. Whether this represents a move in the right direction or a sign that car manufacturers are struggling to keep up remains to be seen.
Despite major automotive organisations having some of the best technologies for defending against cyberattacks in place, many still succumb to attacks due to the constantly evolving nature of the threats. Existing technologies will likely provide sufficient protection for the driverless car, however, new methods of attack will inevitably be developed. The real challenge will be ensuring security technology keeps up.
Although the UK government is investing heavily in smart car technology, scepticism is likely to remain for the time being. Ultimately, consumer confidence in the security and safety of the driverless car will determine adoption. To prepare for the arrival of autonomous vehicles, companies need to enforce standards across vendors and establish partnerships with experts to stay ahead of evolving threats and keep consumers and their data safe.
Gary Newe is the Technical Director at F5 Networks
Follow @ManufacturingGL and @NellWalkerMG
Siemens: Providing the First Industrial 5G Router
Across a number of industry sectors, there’s a growing need for both local wireless connectivity and remote access to machines and plants. In both of these cases, communication is, more often than not, over a long distance. Public wireless data networks can be used to enable this connectivity, both nationally and internationally, which makes the new 5G network mainframe an absolutely vital element of remote access and remote servicing solutions as we move into the interconnected age.
Siemens Enables 5G IIoT
The eagerly awaited Scalance MUM856-1, Siemens’ very first industrial 5G router, is officially available to organisations. The device has the ability to connect all local industrial applications to the public 5G, 4G (LTE), and 3G (UMTS) mobile wireless networks ─ allowing companies to embrace the long-awaited Industrial Internet of Things (IIoT).
The router can be used to remotely monitor and service plants, machines, as well as control elements and other industrial devices via a public 5G network ─ flexibly and with high data rates. Something that has been in incredibly high demand after being teased by the leading network providers for years.
Scalance MUM856-1 at a Glance
- Scalance MUM856-1 connects local industrial applications to public 5G, 4G, and 3G mobile wireless networks
- The router supports future-oriented applications such as remote access via public 5G networks or the connection of mobile devices such as automated guided vehicles in industry
- A robust version in IP65 housing for use outside the control cabinet
- Prototypes of Siemens 5G infrastructure for private networks already in use at several sites
“To ensure the powerful connection of Ethernet-based subnetworks and automation devices, the Scalance MUM856-1 supports Release 15 of the 5G standard. The device offers high bandwidths of up to 1000 Mbps for the downlink and up to 500 Mbps for the uplink – providing high data rates for data-intensive applications such as the remote implementation of firmware updates. Thanks to IPv6 support, the devices can also be implemented in modern communication networks.
Various security functions are included to monitor data traffic and protect against unauthorised access: for example, an integrated firewall and authentication of communication devices and encryption of data transmission via VPN. If there is no available 5G network, the device switches automatically to 4G or 3G networks. The first release version of the router has an EU radio license; other versions with different licenses are in preparation. With the Sinema Remote Connect management platform for VPN connections, users can access remote plants or machines easily and securely – even if they are integrated in other networks. The software also offers easy management and autoconfiguration of the devices,” Siemens said.
Preparing for a 5G-oriented Future
Siemens has announced that the new router can also be integrated into private 5G networks. This means that the Scalance MUM856-1 is, essentially, future-proofed when it comes to 5G adaptability; it supports future-oriented applications, including ‘mobile robots in manufacturing, autonomous vehicles in logistics or augmented reality applications for service technicians.’
And, for use on sites where conditions are a little harsher, Siemens has given the router robust IP65 housing ─ it’s “dust tight”, waterproof, and immersion-proofed.
The first release version of the router has an EU radio license; other versions with different licenses are in preparation. “With the Sinema Remote Connect management platform for VPN connections, users can access remote plants or machines easily and securely – even if they are integrated in other networks. The software also offers easy management and auto-configuration of the devices,” Siemens added.