The promise of a smart cars connected to smart cities is certainly exciting – traffic lights that respond to real-time fluctuations in road congestion, streamlined navigation, time and cost savings, enriched services, new business opportunities plus overall conveniences that simplify our lives. But, it’s been a rough ride lately as fear of hacking hit an all-time high following several attacks such as Wired Magazine’s demonstration of the vulnerabilities of unsecured connected vehicles.
If the frequent attacks tell us anything, it’s that there isn’t a digitally connected technology that is completely safe from hackers. And while it might be a hassle to change credit cards and account numbers after an event like the Target or Sony hacks, it’s a completely different experience to be trapped in a speeding car or zipping thought a traffic light when the crippling intrusion occurs. The risk of threat has even captured Washington’s attention motivating newly proposed legislation to help curb the danger of car hacks with new federal standards for digital security.
Although connected cars have been topping the headlines recently, our attention is likely to turn toward smart cities soon enough. India Prime Minister Narendra Modi has promised to build 100 smart cities in the near future. The world will be watching as this ambitious project unfolds – watching and learning which pitfalls to avoid and what best practices to adopt for future smart city rollouts around the world.
In our race to add Internet connectivity to cars, cities and everything else, digital security has often been overlooked. A survey by VDC Research showed that almost 70% of OEMs said security is important to design, but only 30% indicated that they made changes in people, processes or tools to improve security. And make no mistake; there is no shortage of hackers that will exploit any weakness they discover. Driven by a wide range of motivations including fame, fortune and the simple joy of a challenge, hackers grow more sophisticated everyday.
Just as one would never build a home without a foundation, connected device design must begin with intelligent security architecture as the foundation of trust – in the device, the data, the network and the ecosystem. “Internet of Things” developers need to approach connectivity with the same intelligence as IT system integrators and realize that the software running cars and devices is a source of potential threat just like hardware components. Fortunately, connected car, smart city and smart grid OEMs are learning from sensitive industries such as banking, government and healthcare that have preceded them in implementing the following security best practices that have proved successful for decades:
Security by design – Security must be considered at the start of the development phase, and never be treated as an afterthought.
Risk evaluation – Developers need to know and understand all potential system vulnerabilities. An early comprehensive risk evaluation is critical to implement security architecture across the entire connected device ecosystem.
End-to-end countermeasures and trust points – Developers need to implement end-to-end countermeasures and trust points to mitigate potential threats. Tamper-proof hardware known as secure elements should be deployed to protect the device. Strong authentication and encryption solutions are needed to ensure only authorized users and applications are granted access to devices. Software and data must be encrypted so that it is useless if hacks occur. And finally, encryption keys need to be securely and dynamically managed so that they never fall into the wrong hands.
Lifecycle management – Car makers and IoT developers need to implement interoperable, dedicated platforms that can deploy and manage security updates over the lifetime cars, smart meters and traffic lights – which could be as long as 10 to 15 years. Developers need to be able to securely launch new applications and updates over the air without impacting other embedded software, just like with computers and smartphones.
As more of our world goes online and cyber-attacks become more common, trust has never been more important. By planning ahead, evaluating threats at every level and designing security architecture that defends across the entire lifespan, carmakers, OEMs, drivers and citizens can “keep calm and connect on.” By leveraging the security best practices of industries that preceded connected cars and cities, we can enable trust in our increasingly connected world.
Editor’s Note: In an attempt to broaden our interaction with our readers we have created this Reader Forum for those with something meaningful to say to the wireless industry. We want to keep this as open as possible, but we maintain some editorial control to keep it free of commercials or attacks. Please send along submissions for this section to our editors at: dmeyer@rcrwireless.com.
