Protecting security and privacy in the connected car

One very real sign that a new technology has gone mainstream is when news reports about its security risks - real, imagined or both - start to appear. Connected cars are one of the latest technologies tied to issues with cyber security and hacking, as evidenced by news headlines across the globe. It's clear that raising awareness is truly essential because it challenges industry players to work together to build better technology and solutions.

©My Make OU via 123RF
Ultimately, how we address security concerns in the present moment will have a significant impact on future innovation. Finding the right balance to ensure that we are protected is key, with the ability to still access all the potential benefits for productivity, efficiency and driver safety.

For example, some industry players have proposed to limit access to the on-board diagnostics (OBD) port to a few organisations, such as only automakers and their authorised partners rather than vehicle owners and the companies they choose to work with. The OBD port, which has been built into every U.S. vehicle manufactured since 1996, communicates information about the engine, drivetrain, instrument cluster and other relevant sub-systems, as well as how and where the vehicle is operated. For decades, repair shops have used the OBD port to gather and analyse information, but increasingly it’s also uploaded in real-time over cellular to the vehicle’s owner or a company that the owner authorises.

Don’t close the port


OBD-based telematics has played a key role in modern transportation and fleet management. With telematics data and intelligence, fleet owners and operators, drivers and society at large have benefited from reduced accidents, reduced emissions, improved fuel efficiency and greater productivity. Here are some further applications:

  • Insurance companies can offer usage-based premiums, which are based on each driver’s habits rather than traditional, overly broad metrics, such as age and gender.

  • Taxi operators and other fleet owners can monitor how hard drivers accelerate and brake, and remotely warn them that they’re speeding. These applications help reduce accidents, moving violations, worker’s comp claims and insurance premiums.

  • Trucking and delivery companies can determine when the engine or transmission needs to be serviced, avoiding extensive, expensive repairs. They also can identify places where their drivers often drive slower than the speed limit – a sign of traffic jams – and use those insights to develop alternative routes that save fuel, reduce emissions and speed deliveries.
This openness gives fleet owners competitive options for servicing their vehicles, as well as the diagnostic data necessary to service vehicles themselves. It also gives fleet owners the freedom to implement OBD-based telematics systems, which provide real-time and historic analytics to minimise fuel waste and identify unsafe driving habits. That information improves safety for everyone and saves fleet owners money by lowering insurance rates and avoiding lawsuits.

Layer of transparency


For consumers, business owners and government alike, allowing data collection by authorised and reliable third-parties adds a layer of transparency. It makes it possible to determine if vehicles are meeting promised benchmarks for fuel efficiency and reliability. It provides a way of ensuring drivers are complying with Hours of Service regulations – or vehicles are meeting emissions standards.

Limiting access to the OBD port is a form of 'protectionism', a strategy that limits innovation and increases cost. It is also questionable that any security protocol implemented would be essentially 'security through obscurity' with any device that was authorised having a secret encryption key. In their Guide to General Server Security, The National Institute of Standards and Technology warns, “System security should not depend on the secrecy of the implementation or its components.” The Department of Defense is among those urging more openness, not less. That’s because security flaws can be spotted and fixed faster when many companies are looking for them.

When cloud-connected devices interface with the OBD port, there needs to be thought and standards to protect safety and security while maintaining innovation. It’s time to engage in a broader global dialogue about best practices for security and privacy in connected vehicle technology.

About the author

Neil Cawse, CEO, Geotab Inc.
Comment

Related

Let's do Biz