Securing IoT With Automated Connectivity Management: Lessons Learned From the Connected Car

Over the next 6 years, the Internet of Things (IoT) market is expected to reach $883.55 billion, as connected devices continue to pour into just about every aspect of our lives. For enterprises, the IoT is helping to transform products into connected services, capable of creating recurring revenue streams, reducing costs, and enhancing customers’ experiences.

Despite these benefits, the IoT brings a flood of security risks. Vulnerability to hackers, privacy concerns, and sheer uncertainty of what these devices are capable of doing are just a few of the IoT’s inherent implications.

Organizations and their networks are unprepared for the tsunami of devices on the way. According to AT&T’s Cybersecurity Insights Report, 85% of enterprises are in the process of or intend to deploy IoT devices. Yet, just 10% are confident in their ability to secure devices against hackers. In order to reap the benefits of the IoT, securing these devices and streams of data that flow between them must be top-of-mind.

The Connected Car: The Epitome of IoT Hopes … And Fears

Looking at the wealth of devices entering the market, the connected car is the most talked about, and perhaps the most controversial. A “data center on wheels,” the connected car is emblematic of everyone’s best hopes and worst fears of the IoT.

On one hand, connected cars promise to promote safer and more efficient driving through technologies such as collision avoidance systems, remote diagnostics, predictive maintenance tools, and on-board GPS. Connected transportation systems and “vehicle-to-vehicle” (V2V) communication technologies tout further benefits, enabling cars and trucks to “talk” to one another to steer drivers clear of accidents and other hazards. In fact, the National Highway Traffic Safety Administration (NHTSA) estimates that V2V technology could prevent more than half a million accidents and save more than 1,000 lives each year in the U.S. And, while we are still a few years away from fully autonomous or driverless vehicles zipping down our highways, the possibilities of safer roads, less traffic, and reduced emissions are extremely enticing. Connected, highly automated cars also open up vistas for whole new experiences such as immersive entertainment and collaboration, adding to the value.

On the other hand, connected cars pose threats not only to privacy (given all the data they collect), but also to safety, when not properly secured. Case in point: 2 years ago, a pair of hackers demonstrated the potential dangers of a cybersecurity attack on a connected car by remotely hijacking and crashing a Jeep over the internet. The incident led to the recall of 1.4 million Chrysler vehicles. Considering this dramatic demonstration, it is no surprise that consumers have been hesitant to “turn on” the various connected devices in their connected cars. A 2016 Spireon survey revealed that despite interest in connected cars, 54% of participants said they have not actually used connected car features. Although their concerns are slowly but surely diminishing (willingness to pay for connected services went from 21% in 2014 to 32% in 2015), auto manufacturers are missing out on the opportunity to capitalize on a $155 billion market and the recurring revenue that stems from subscriptions to different connected services.

One of the keys to securing the connected car’s large, potential “attack surface” is enabling the right levels of connectivity at the right times throughout the vehicle’s lifecycle—from the manufacturing and testing facility, to the shipping container, to the dealership showroom, to the driver’s garage and beyond. When should connectivity be on or off? What should a vehicle be allowed to do with that connectivity? With 69 million vehicles built with internet connectivity expected to ship globally in 2020, addressing these questions is no easy task.

IoT Connectivity Management Platforms Pave the Way for End-to-End Security

Whether for a connected car, home, factory, or business—you name it—end-to-end security is crucial to thwarting cybersecurity threats and keeping users safe. Ultimately, the ability to secure data that these connections generate requires organizations to constantly identify and monitor how that data should be used. Here’s where IoT connectivity management platforms can help. These platforms are capable of automating how and when a device connects and what it is allowed to do with that connection.

Let’s go back to the connected car example. Automated connectivity management platforms allow manufacturers to identify exactly what vehicles are allowed to do with their connectivity at each phase of the car’s lifecycle. For instance, connectivity must be “on” during vehicle testing so that automakers can verify that connected services are properly functioning. Then, when the vehicle is in its shipping container, the manufacturer can automatically disable these services to prevent hackers from sabotaging the vehicle while it is en route to the dealership. All the while, some connectivity must remain on to enable real-time tracking of the vehicle during its journey. When the vehicle arrives at the dealership, an automated system allows OEMs to safely resume connections so that salespeople can demo the vehicle and its connected services to the buyer. If at any time the connections do anything else, the platform can detect that anomalous behavior and automatically shut off the connectivity, preventing illicit activity that could compromise the vehicle’s security and safety.

As networks evolve to accommodate the millions of connected devices entering the market, security must be front and center every step of the way. Although IoT connectivity platforms can help address many security concerns, there is an ecosystem of responsibility at play for IoT. For the connected car, it’s not only the auto manufacturers who have a hand in securing connections but also the dealership, developers of aftermarket services and subscriptions, and even the customer. But, no matter the device, security must be a priority from Day 1 so that everyone can work together to experience all the benefits IoT has to offer.


Subscribe to Big Data Quarterly E-Edition