Clearing the road: Intelligent mobility needs advanced cybersecurity

Transport safety is a vital asset for our society. Public discussion has turned to intelligent mobility, as automated vehicles promise to eliminate much of the human element connected with car crashes. As with every new technology, it provokes curiosity as well as suspicion. The latter can only be overcome if every part of our mobility system builds safety and therefore also cybersecurity into their DNA.

From a socio-political perspective, intelligent mobility is the solution for a looming issue in urban landscapes. Even if we see a discussion in the society about “who needs to own a car”, sooner or later, traditional traffic systems will fundamentally change especially in the growing markets and urban areas. We need methods of controlling and channeling the rising flood of vehicles. At the same time, drivers need to be convinced that automated communication between their car and other traffic objects is not only effective and stress-free, but also safe and secure.

We should also remember that self-driving cars are only one part of the Vehicle to Everything (V2X) universe. This universe also contains connections between vehicles and the vendors’ service centers, control of traffic flow through traffic lights and every other form of communication between the non-human participants of a traffic system.

Trust and communication are key

From our perspective as a digital company, intelligent mobility is a huge example of IoT infrastructure, consisting of numerous components that communicate with one another. In Germany, some newly registered vehicles are already Car2X ready, meaning they can smartly exchange data with other cars or control systems.

But here’s the catch: Automated sharing of data poses a great challenge for the security of these systems. Every transaction must be trustworthy and verifiable. For this reason, a fast, secure and flexible Public Key Infrastructure (PKI) has to be established. This security measure ensures that all communication between sender and recipient is confirmed through two different kinds of certificates.

The first certificate is comparable to a passport – a long-term identity (ID) that will have to be acquired by every registered V2X station willing to participate. The second one, pseudonymized, is a short-term authorization ticket (AT) – valid only for a few acts of communication. The bulk of messages will be exchanged in a pseudonymized form. This way cars can anonymously exchange emergency warnings, and traffic lights are able to prioritize and give way to defined groups of vehicles for urgency or traffic flow purposes. Only a registered V2X station can get a long-term ID. Depending on its authorizations, this ID will allow it to get pseudonymized ATs. Only V2X messages signed with valid authorization tickets can be trusted by the V2X stations. Trust is therefore extended to the whole system as no messages from unauthorized external entities can be taken into account.

Thinking security by design

Heavy data traffic between cars, trucks, trains and other devices unfortunately means huge opportunities for data theft and fraud. Between 2016 and 2019, hacking attacks on mobile traffic devices have increased sevenfold. And when it comes to machine to machine communication, cybersecurity is essential – here, external manipulation can cost lives.

For digital mobility to succeed, it is necessary that security and integrity of data are planned and integrated in the infrastructure from scratch. Each member of the V2X supply chain must make cybersecurity part of their DNA. That requires concepts like security by design and security by default, combined with constant testing and continuous control of vulnerabilities and security flaws.

Continuous control through security operations

The importance of data is growing continually on the way from hardware to software-based product development. The supply network and the software platforms are becoming ever more complex. Furthermore, the specifics of car software have to be considered, because part of it resides inside the vehicle, other parts are based in the cloud. We need the ability to detect and react on cyber security attacks – an automotive security operations center.

We all know that 100 percent security is an illusion. But that does not mean we should not struggle to get close. Cybersecurity is pivotal for digital mobility. Therefore, it must become a vital issue for vendors and governments alike – including the European Union.

What are your thoughts on cybersecurity in mobility? Please feel free to share and discuss in the comments below!