Barely a day goes by without new developments regarding the Internet of Things (IoT) and, frankly, it’s exciting to imagine a world where we can control literally everything from a smartphone.
Yet there is a contrarian viewpoint that we may need to consider since it is all too easy to get swept along with today’s relentless advancements in connected devices. My major concern is where security sits within the grand scheme of IoT, particularly in the vehicle industry.
There are many uses for having full remote control over vehicles, and science fiction is becoming reality. Some of the applications include fleet management and control, location of stolen vehicles, pre-programming journey routes as well as emergency assistance in the case of accident. But since car manufacturers foresee vehicles becoming mobile ecommerce platforms (iPhone on wheels), we can soon expect location-based ads appearing on our car dashboards, such as where the nearest Starbucks is or where to buy fuel once the car realises that your tank is close to empty, perhaps with a voucher for a Whopper.
There are other concerns too, including the real possibility of distraction whilst driving. UX designers and safety campaigners are already getting worked up about how many accidents will result from the rapid deployment of these devices, however I am more worried about the first hack that sends you down a blind alley, or collects personal data about your driving habits.
There are several reasons why we need to take this seriously, mostly because connected cars are like an iPhone on wheels, and consequently susceptible to all of the same issues we face on a daily basis with computers. What’s more cars are big hunks of metal and when not in control, can do a lot of damage.
So where is this going to take us? More often than not, businesses are driven by profit and only invest in safety innovation when required to do so, either by governments, peer pressure or customer demand. We know this because safety studies in developing nations continue to show the dreadful outcome of not wearing seat belts or tolerating drinking and driving, so we should take this into consideration when thinking about how to avoid the consequences of insecure connected vehicles. And if we think even further ahead, what happens when driverless cars start to appear on our roads? Based on recent reports, serious trials are about to start on public roads. This also raises concerns about physical safety, since the systems, perhaps running in the cloud, controlling and coordinating the vehicles are all prone to intrusion and failure. If the US government can’t keep its personnel records secure, what hope is there for a car manufacturer?
Connected Cars are highly complex systems, not quite like but not dissimilar to aircraft. The vast majority of the components found in Connected Cars are designed and made by companies other than the car manufacturers. This represents an integration challenge, since history has shown us that highly integrated IT systems are prone to failure, which is something that cannot be tolerated in cars.
As is often the case, the other side of the challenge coin is a growing opportunity for the channel, from security services (designed, development, testing, compliance) to the development of secure code. We are at an early stage in the development of Connected Cars, with a long way to go, and entrepreneurs and innovators in the channel have a unique opportunity to create a niche in what is a high value market. As with mainstream IT, security professionals are in short supply, forcing companies to turn to trusted channel partners, and this will prove to be even more so in the Connected Car world.
Much of this is speculative, but what we do know is that the Internet of Things is here to stay and connected cars are becoming a common sight on our roads. We will see innovation occur much faster than ever thought possible as the ubiquity of fast networks collides with the availability of high-powered software. The hardware to support this already exists and is ready for use. I would subscribe to the view that the security industry has both obligations and huge opportunities in its midst. As usual it will not be the large companies that provide the innovation. It will be left to an entrepreneur with a world-saving vision.
Richard Kirk is SVP, telecom and service provider sales, AlienVault
