Ask any CSO about their biggest challenges and you’re likely to hear some variation on digital transformation. Things like multi-cloud, IoT, mobile workers and devices, escalating consumer expectations, and shadow IT are stretching their teams to the breaking point. You’ll also get an earful about the evolving threat landscape. Ransomware, botnets, IoT, and sophisticated attacks are testing the limits of their security, right when the industry is experiencing a massive security skills gap.
But all that pales against what’s coming around the corner. We’re on the verge of compounding all of these challenges with hyperconverged networks and systems.
We’re just seeing the tip of the iceberg now. Traditionally isolated OT systems are starting to be integrated with IT - tying manufacturing floors to global trading floors. While we’ll achieve increases in efficiency and profitability through things like just-in-time inventory and flexible, on-demand production, there is also a whole new set of risks and some with potentially devastating consequences.
Nowhere are the implications of convergence easier to understand than in smart cars. Everything from valves to tire pressure is actively monitored, and can be interacted with through a command console. That same console provides on-demand entertainment, connects to your phone for touchless communications, and to the Internet to create a wireless personal area network for your car. Satellite systems provide navigation, can track the car if it’s stolen, or connect to emergency systems in the event of an accident. Cars are increasingly connected to your financial data, allowing you to pay for your drive-thru meal or gas without digging for your wallet, as well as on-board entertainment, repairs, or even groceries ordered through the on-line interface.
On board radar systems track traffic and the lane you’re in, and can make immediate adjustments to things like speed and trajectory. Sensors monitor road conditions and the weather and make automatic adjustments to traction, visibility, or dynamically enable all-wheel drive. Self-driving cars will begin to share real-time information with the vehicles around them, and communicate with public systems about traffic, road conditions, construction, accidents, emergency vehicles, and more. That collective data will also allow traffic systems to modify lanes, adjust traffic signals, reroute traffic, and even adjust street lighting to accommodate things like rush hour traffic, construction, or everyone leaving the big game at the same time.
The car is quickly becoming a system of highly complex, converged networks consisting of the onboard internal network that operates the car, the external communications networks that provide a host of productivity, entertainment and commercial services, and lastly the extravehicular network that allows smart cars to interface with infrastructure and other cars. And that’s just the start. New business models will emerge. Rather than sit in a parking lot, cars could provide taxi services, or be owned by a collective rather than an individual. Which means they will need to automatically adjust to new passengers and their payment systems, subscriptions to services, and even the temperature and seat adjustments they prefer.
Oh, and all of this has to happen at 75 miles per hour.
Obviously, anyone with a networking background can begin to see the challenges, the biggest of which is that none of this falls into what we normally consider to be an auto manufacturer’s primary skill set. Security has to be an integral component of the entire transportation ecosystem, from vehicles, roads, and networks to safety standards. Car manufacturers are increasingly acting more like systems integrators rather than traditional assembly-line manufacturers. It’s going to require the transformation of an entire industry that includes an entirely new set of partners, service providers, and common standards.
While the problem seems new, from a security standpoint this and similar converged environments can be protected using a framework we are already familiar with.
Segmentation – it is imperative that critical services be separated as much as possible. In a smart car, the system that connects to the Internet, for example, needs to be isolated from the braking system.
Access control – Right now, anyone who gets in a car has access to all services. That’s a problem waiting to happen. Authentication, authorization, and accounting are still good ideas.
Encryption – This is a no-brainer. Encrypt financial data. Encrypt wireless and satellite communications. And encrypt and authenticate data passing between vehicles or with public systems.
Defense – Finally, wrap all of this in an embedded and fully integrated system of protection, detection, and response tools that can secure the vehicle and actively ferret out unauthorized users, applications, or malware.
Of course, things will need to change to make all of this happen. We will need new, open standards to facilitate compatibility between different manufacturers. We can’t afford to negotiate communications protocols while barreling towards another car at freeway speeds.
Likewise, security will need to adapt. Rather than individual, isolated security tools, converged systems require an integrated security fabric that can adapt to events in real time, make autonomous decisions, and then share that information with the larger environment, including alerting other systems in the event of a cyber incident. To realize the promise of connected cars and the fourth industrial revolution – and by extension, converged networks in general, security must be pervasive and operate at speed and scale – from the connected cars, homes, cities, and consumers to hyperconnected networks and clouds of all sizes.
Hyperconverged systems are on the horizon, connecting new and existing environments in ways we may have never imagined. But careful planning can ensure that we make this transition smoothly and securely. It starts with insisting on open standards and integrated and interactive security systems designed to talk to each other, share information, identify and adapt to changes, and respond to events in a coordinated and collaborative fashion.
Read more about how Fortinet is collaborating with Renesas on cutting-edge cybersecurity to secure connected car domains, including powertrain, telematics and infotainment systems.
This byline originally appeared in CSO.
For more information, download our paper and learn about the top threats that enterprise security leaders are being forced to address and the security approaches to evaluate to protect against them.