Top insights for IT pros
From cybersecurity and big data to cloud computing, IT Brew covers the latest trends shaping business tech in our 4x weekly newsletter, virtual events with industry experts, and digital guides.
Smarter car, smarter city…bigger threat surface?
With increased application of the internet of things (IoT), the common name for software-connected physical devices, comes a corresponding rise in vulnerabilities. For cybersecurity experts, that means investing in solutions that acknowledge the rapid pace of technological change.
Car software has evolved quickly over the past decade, Block Harbor Cybersecurity CEO Brandon Barry told IT Brew.
But that change hasn’t made things easier—in many ways, it has added more challenges. Software in your vehicle tends to come from sub-suppliers, not the manufacturer itself, Barry explained, making secure software updates somewhat hard to implement (a notable exception is Tesla, which owns the software in its vehicles and allows the company to update more quickly).
“It is extraordinarily difficult for a company like Ford or General Motors to secure a vehicle when they are not even fully in control of the software within it,” Barry said. “So, you’re seeing a lot of the tier-one, tier-two suppliers at lower layers really being forced to take the cyber issue very seriously as the standards and regulations flow through the supply chain.”
As Tech Brew reported a year ago, smart city technology is evolving fast and residents largely support those efforts. But with that change and innovation come challenges and an expanded threat surface. Streetlights, for example, have become the “backbone of the modern smart city;” the poles have Lidar, 5G, EV charging, and surveillance cameras installed in them.
Barry assesses the IoT threat landscape by the relative threats at play in how different devices talk to one another and on the networks they use. That broadens the threat landscape; in the future, your car could be talking to aspects of the smart city that have been corrupted. Protecting the car, then, only goes so far.
“You can secure the car—okay, great,” Barry said. “But what if someone hacks the city, and then is able to pivot onto the car? Because it turns out the car trusts the city. None of this exists in isolation.”
BlackBerry CTO Charles Eagan told IT Brew that “wherever there’s software, there’s potential threats that come with software.” He suggested best practices to manage those threats, starting with manufacturers and continuing to the data footprint cars send to the cloud.
“We’re going to have to follow the software; where we see the high volume of software change, these software systems will be partitioned because the car is architected so malicious code isn’t going to impact it,” Eagan said.