This week I attended the 2017 Automotive Cyber Security Summit in Detroit with my colleague Mike Schiebel (General Manager, Cyber Security, Hortonworks). Together, we were speakers in a session entitled “Securing the Connected Car in a Connected World”. Here are highlights of what we presented:
As the prospect of autonomous vehicles rocks the automotive world, cyber security has become one of the most talked about topics in connected car circles. To understand why, it is worthwhile to ponder just how dramatically the security landscape has evolved over the last century. Consider changes across three key dimensions:
Today’s “in-vehicle” experience is virtually unrecognizable from what it was in the past and is driving the need for next-generation security approaches. When the Ford Model T was introduced in 1933, the in-vehicle experience was defined simply by the driving controls of the vehicle itself. Notable advances throughout the decades include the AM radio (1933), the FM radio (1952), the CD player (1984), GPS navigation (1987) and Bluetooth connectivity (2004). However, by far the most consequential milestone occurred in 2014, when automakers introduced in-vehicle 4GLTE connections, followed by smart device manufacturer (Apple, Google, Samsung, etc.) efforts to integrate their devices into these newly connected vehicles.
Likewise, vehicle security has evolved over the decades. Early in the 20th century, vehicle security was essentially a matter of locking the car and hoping for the best. Eventual advances included the introduction of electronic car alarms (1970’s) and “chip-enabled” keys (1995). In a massive leap forward in 1996, GM introduced OnStar, the first telecommunications-based security and assistance solution, providing call center based assistance to drivers. As 4GLTE connected vehicles emerged post-2014, new IoT-enabled security solutions have begun to surface in the marketplace.
As vehicles have become more connected, so too has the security ecosystem. Early on, the security ecosystem involved only the car owner and law enforcement. The introduction of mobile phones instantly extended access to a far wider audience. However, with the emergence of 4GLTE connected cars, the security ecosystem has grown exponentially, creating essentially the CONNECTED WORLD.
The Challenge: From Securing a Car to Securing a Mobile Computer
So, congratulations, you’ve connected your car to the Internet. But, as we all know, internet connectivity introduces significant cyber security threats – daunting, given the specter of cars that are increasingly “self-driving”, with advanced driver assistance systems (ADAS) continuing their transition to fully autonomous vehicles in the future. Given highly-publicized vehicle hacking incidents in the news, it is not surprising that 75% of consumers are not ready to embrace self-driving cars (source: AAA). To address these concerns, vehicle developers must shift their mindsets from securing a car, to that of securing a mobile computer.
The Opportunity: Improve Security By Leveraging Connected World Ecosystem
While internet connectivity introduces cyber security threats, it can also serve to activate an extended security ecosystem, including local governments, law enforcement, smart city infrastructure, emergency services and insurance providers to significantly improve overall vehicle security. For example, imagine a world where drivers are warned when they are parking in high crime neighborhoods (based on law enforcement data) or the road ahead is slippery (courtesy of connected city infrastructure data). In short, leveraging Connected World data and services can redefine the narrative on vehicle security.
A Hardware and Software Lifecycle Concern
A chain is only as strong as its weakest link. Likewise, truly secure connected car systems can only be achieved through rigorous security principles applied at every stage of the hardware and software lifecycle: in design, Implementation, configuration and operation. While developers have historically focused much energy on the design, implementation and configuration phases of this process, advances in Big Data Analytics can dramatically improve the OPERATIONAL security of applications deployed in the Connected World.
According to the 2016 Verizon Data Breach Investigations Report, the average security breach exists 8 months before being detected and, even more shockingly, 70%-80% of these breaches are first detected by a 3rd party. So, clearly, DETECTION of cyber-security threats represents a major challenge. This is precisely where a Big Data Analytics approach can help. A Big Data analytics cyber security solution provides the following capabilities to optimize operational cyber security threat management:
Single View of All Relevant Data
With so much data coming from so many Connected World sources, it is difficult to collect and provide visibility to all of this data. By leveraging a Big Data cyber security data lake, all relevant information (from security data feeds, server logs, network metadata, connected vehicle data, location data, etc.) can be aggregated and viewed in a single location.
Dynamic Data Ingestion
As Connected World data is diverse and dynamic by nature, the ability to rapidly ingest, normalize and enrich (with geolocation, DNS, etc.) this data is critical.
Cost-Effective Storage of Logs and Telemetry Data
Efficient data storage provides the foundation for mining and analyzing long histories of data to understand both normal and non-normal security patterns. This, in turn provides the basis for real-time, operational detection of anomalies and threats.
Threat Detection and Response
Based on machine learning algorithms and anomaly detection, threats can be detected in real-time, as events occur. Furthermore, alerts can be provided to relevant people to take actions.
To learn more about about the the Big Data approach to Operational Cyber Security, visit HORTONWORKS CYBERSECURITY SOLUTION