Cybersecurity and the connected car

Click here to download a pdf of this article.

We still refer to our mobiles as “phones” even though making phone calls is the very least of their functions. In the same way, we are likely to continue calling connected vehicles “cars,” even though driving as we understand it today will soon be eclipsed by a myriad other capabilities.

The connected car will be able to drive itself, performing tasks such as dropping you at the airport before taking your children to school and collecting your shopping. During the day, while you are at work, you may be able to rent it to a taxi service provider. At weekends, you might choose to take the wheel again — for purely recreational reasons. The rest of the time you can hand over responsibility to the car’s automated systems while you surf the net, watch a movie, work or sleep.

Living in networks

To take on all these new functions, the connected car has to “live” in multiple networks, interacting with systems including power grids, car manufacturers, traffic control, vehicle-to-vehicle communications, road tolls, home networks, technical services and government. “The connected car is a network of networks,” explained Tim Best, EY Director, Cyber Security, speaking at CODE_n. “That means it is only as secure as the networks in which it operates. All of these present possible ‘attack vectors’ for hackers.”

Like every other company, car manufacturers have to protect the cybersecurity of their whole ecosystem. But for other industries the stakes are not so high: if your mobile phone is compromised, it is inconvenient but not usually life threatening. However, if a car is traveling at high speed down a motorway, a security breach could easily endanger life.

Traditional security no longer enough

Traditional safety measures focus on protecting a car’s individual electronic components, which control all its functions, from central locking to braking. But EY’s recommended approach is to protect the entire network, including not just the technology but the people and the processes. “The only way you can address cyber threats is by monitoring, detecting and alerting,” said Best.

“You have to monitor networks, communications and transactions, and identify unexpected behavior. You have to understand potential attackers: who they are, what their motivations are and how they might attack you. Develop incident responses and procedures based on likelihood of attack. If a threat manifests, you then have an appropriate response to successfully deal with it.” Companies will also need to collaborate more with other organizations, for example, by sharing threat intelligence and creating joint audit processes, he added.

Legal and ethical questions

Connected cars raise multiple legal and ethical questions. Who is to blame when accidents occur, as they inevitably will? The software programmer, the car manufacturer, the dealer who sold you the car? And what about decision-making — when the automated car has to make a split-second choice between running over a child or endangering the lives of its passengers? There are no easy answers, concluded Best, and many issues remain to be explored. But there is no doubt that connected cars offer the most exciting revolution in driving since the invention of the internal combustion engine.

EY and CODE_n at CeBIT 2015

CeBIT is the world’s largest annual trade show covering issues relevant to IT in business, described as the “worldwide hotspot for innovation.” An important element of the CeBIT agenda is the CODE_n conference program and contest for 50 of the most promising digital start-ups from across the globe. This is an opportunity for pioneering young digital entrepreneurs, established businesses, investors and leading thinkers to discuss and showcase their ideas on how new technologies will transform the way we live.

“Into the Internet of Things” was the theme for the 2015 CODE_n contest, which was supported by EY. While contest finalists presented ideas based on four subthemes (smart city, industry 4.0, future mobility and digital life), panel discussions and keynote speakers deep dived into the issues. Topics ranged from the cybersecure city, smart factories, the future of automotive and living the digital life.

Read the full articlepdf166.42 kB

EY refers to one or more of the member firms of Ernst & Young Global Limited (EYG), a UK private company limited by guarantee. EYG is the principal governance entity of the global EY organization and does not provide any service to clients. Services are provided by EYG member firms. Each of EYG and its member firms is a separate legal entity and has no liability for another such entity's acts or omissions. Certain content on this site may have been prepared by one or more EYG member firms