2016 ended with retaliation for nation state cyber attacks to the elections, attempted infiltration of the VT power grid and Yahoo setting yet another sad "new record" for consumer data breach at over 1-billion accounts.
Last year saw the first fatality associated with automated vehicles but also promising milestones of AI winning against a human Go player and Google driving over 2 million automated miles.
With NHTSA statistics showing that 94% of vehicle accidents are due to human error, full vehicle automation (and the steps on the way to it) offers the promise of delivering more societal benefit than harm, especially for disadvantaged groups like the elderly and infirm, as well as transforming our roads, cities, the sharing economy and rebuilding Motor City into a modern Software & Services City.
However, pressing on the negative side of the scales are the potential for vehicle cyber attack, with consequences ranging from simple distraction, to ransomware based on detailed profiling, property damage, bodily injury, or death, even reaching national security impact given the potential for gridlock leveraging commercial vehicles.
Gating automation / AI deployment in vehicles and IoT infrastructure in general are increased cybersecurity needs around people, process and defense in depth layers of technology.
The commercial driver is one of legal liability and damages, with victims of crashes, outages and floods unlikely to be satisfied with remedies like a year's worth of credit reporting that were the weak market drivers for cloud, data center, PC and mobile security before the advent of IoT.
I live in the Washington, DC, Metro area. Every day, I drive roads choked with vehicles around the beltway. Arriving at weekday destinations, I run into IT staff choked with manual tasks like configuring mobile devices, or sifting thru masses of false positive data from app vetting, to security logs.
If it’s not possible to keep on widening roads to accommodate more and more cars, or to keep on hiring more and more expert staff and contractors to deal with more and more cybersecurity threats then what is the answer?
The answer is software automation. Software is smart and can be affordably and reliably scaled, hardware is powerful and ubiquitous. Peoples’ time is the most valuable commodity of all. Automation isn’t about replacing people it is about enabling people to act more productively, to focus on proactive priorities, not simply miring them in reactive or busy work.
Tuning up trucks & cars
The writing is on the wall for the future of motor vehicles, with each model year adding more connectivity, as well as advanced driver assist systems (ADAS) from automated braking to parking, to crowdsourced traffic routing with tools like Waze.
The promise of full or even partial automation is more time for everyone, with efficient traffic flows, shorter commutes, less accidents, and a new freedom for underserved groups like those with disabilities, the elderly, or just ordinary people whose passion isn’t driving but their family and work activities. Driving for pleasure will live on in rallies and race tracks, just like horse riding.
Catch 22 of auto automation
The catch for that automated future is that modern vehicles aren’t just tablets on wheels but data centers on wheels, with a lots of connectivity constituting large attack surfaces, as the FBI, DOT and NHTSA recently warned.
Cyberattacks whether individualized or generalized could put a severe dent in our commutes, or even be a threat to national security where Just in Time (JIT) deliveries for restaurants and grocery stores mean cities are just ‘9 meals from anarchy’. A modern vehicle has 100-300 million lines of code and around 50 processors, the elephant in the room of Internet of Things (IoT) systems.
The old way of addressing cybersecurity issue would be armies of experts to inspect and re-engineer the code, libraries and examine the network logs (CAN bus or J1939) … arriving back at the IT gridlock mentioned previously.
The answer for auto cybersecurity is again automation – machine learning of what are good and bad traffic on the CAN bus network and automated hardening of embedding systems, along with all the defense in depth systems described in NIST’s CsF and the SAE’s cyber auto recommendations (J3061).
Tuning up IT cybersecurity
The story of the automated car is the same for traditional IT.
Need to setup 10,000 tablets or smartphones? Automation is the key. Gartner found that 75% of mobile security breaches weren’t about ‘shiny squirrel’ new security technologies on mobile devices but plain old misconfiguration. This shouldn’t be surprising when the coolest, latest smart phones and tablets have 100s of settings and even the most basic enterprise rollouts integrate apps from half a dozen vendors.
Need to comb 1,000s of security logs? Need to vet 1,000s of lines of code? Once again automation and machine learning. Smart software automation products are all about doing more with less.
What are some automated solutions?
RunSafe Vehicle Guardian – Automated Intrusion Prevention System (IPS)/Firewall for cars (Runsafesecurity.com)
RunSafe App & OS Guardian – Automated hardening for apps & OSes (Runsafesecurity.com)
Kaprica Tachyon – Automated setup/updating for enterprise Samsung mobile devices (Kaprica.com)
Spectrum Comm Go-Box – Automated kiosk-based management of mobile devices (Go-box.com)
Exabeam – Automated user behavior analytics (UBA) for security (Exabeam.com)
Plurilock Pluripass - Automated interaction capture for unique biometric signatures (Plurilock.com)
MobiChord – Automated telecom expense management software (TEMS (MobiChord.com)
ViiMed - Automated healthcare tele-medicine workflows (Viimed.com)
About 202 Partners
202 is a boutique enterprise software sales consultancy for startups and mature IT companies, focusing on product launches and growth hacking. 202 was founded in late 2014 by industry veterans Peter Laitin and Simon Hartley, together with decades of expertise and successful experience in cybersecurity, mobility and IoT sales hunting, marketing and product management. 202 specializes in emerging technology and early markets such as government, healthcare, finance and automotive. Customers include RunSafe Security, Kaprica Security, Spectrum Comm and others. 202 is headquartered just outside Washington, DC, in North Bethesda, MD. Learn more at 202partnersllc.com.