MILAN – The risks and threats to information come from all sides. The malicious or involuntary disclosure of information, both by employees and third parties, is now part of everyday life. Almost everything and everyone is a potential target in today's connected world and the Internet of Things (IoT). Reducing risks and vulnerabilities is a corporate but also a legal imperative, as recent regulations (for example the GDPR) oblige organizations to protect certain types of information.
In this context, the automotive industry needs to exchange a series of critical data; the transmission of this information, between different networks, involves cyber security problems. Regardless of size, each organization has one thing in common: the information.
“Having information is a responsibility”, says Gabriele Zanoni, FireEye Consulting Systems Engineer. “Organizations must protect information, have visibility into where their confidential data resides on their networks, be aware of their destination and implement a policy for their management. A strategy that balances the legal and commercial needs of organizations is vital to adequately protect them “.
Most automotive organizations have made cyber security investments a defense of information within their networks in an attempt to protect their systems so that, both customer data and their data (such as those covered by intellectual property), are not compromised or altered by targeted attacks or even spread by mistake. The goal is to maintain business continuity. This means that the perimeter of information security is very wide and includes, for example, information leakage, confidentiality, integrity and validity of customer information and company information.
The goal of IT security is to rigorously protect all IT infrastructure: to ensure that hardware, software and data are secure both when they are transmitted and when they are saved for storage and are therefore not damaged, disclosed or modified. and that continuity of service for the company is always guaranteed. However, recent industry innovations have led to potential new risks.
IoT, connected vehicles, autonomous driving: the automotive industry has evolved rapidly to become more modern, flexible and automated. Cars and production lines, “vale chains” and logistics are changing radically.
“However, many changes that appear positive at first glance offer new possible entry points for cyber criminals as they widen the perimeter of the attack surface”, adds Zanoni. “In early 2015, some researchers showed, in fact, how vulnerabilities in vehicle control software may have been used to introduce malicious codes and to modify, for example, the functioning of the steering ».
FireEye experts have closely watched him state-sponsored attackers target theEuropean automotive industry. As technology in vehicles becomes more complex and increasingly connected to the internet, i vehicles will becomeprobably more vulnerable to compromise.
IoT applications for vehicles are creating added value for the automotive industry. From smart vehicle closure, to location systems and fleet maintenance services, the IoT is transforming the business models of the automotive industry into all vehicles, redefining the uses and customs for the consumer. For both commercial and end consumer use, IoT applications create completely new opportunities for vehicle manufacturers.
Every organization is at risk of losing confidential information. The automotive industry, in fact, also faces a series of growing risks. With the rapid development of the internet connection, there have been some incredible advancements in communications, sharing, economic benefits and growth, as well as convenience. However, these developments also entail new potential risks, as the remote access control, the block and lo unlocking the doors and the manipulation of vehicle equipment, ranging from lights to anti-lock brakes, to sensors designed to detect pedestrians or other cars.
Greater innovation in the automotive industry helps make life easier for users. However, keyless systems, for example, which can also be controlled by your smartphone or door unlocking systems based on proximity to the vehicle, while being very comfortable, open these systems to possible attacks. As early as 2015, researchers showed that vehicles can also be hacked remotely for for example, to handle heating systems. If we proceeded in this direction, the handling of vehicles once they were marching, it could result disastrous risks for drivers and pedestrians. And even worse, manipulate the sensors on autonomous vehicles (AutoPilot) poses an even higher level of risk.
With the major players in the auto industry competing to develop autonomous vehicles, it is likely that there will be increasing attention from cyber criminals to this sector.
«What could happen is that not only could we see an increase in the computer espionage with the aim of stealing for-profit research or sabotaging research and development, but now that state-sponsored attackers are looking for new ways to create political or economic unrest, including small-scale attacks on “connected” vehicles they could be useful for these objectives “, concludes Zanoni.
The connectivity of vehicles through navigation systems and IoT could increasingly be of interest to cyber criminals who may want to access these searches not only for espionage or for an economic return, but also for “destructive” attacks aimed at handling machines or of the related sensors. The industry must integrate and improve its security measures against this type of attacker (who use particularly sophisticated attack techniques) both during the production and post-production phases to protect all users from this type of threat.
The experience, the information of intelligence and the ability to manage cyber incidents, combined with innovative technology, are the best way for FireEye to protect customers from cyber threats.