{"id":3902,"date":"2019-12-21T17:42:49","date_gmt":"2019-12-21T16:42:49","guid":{"rendered":"http:\/\/en.advancedfleetmanagementconsulting.com\/?p=3902"},"modified":"2019-12-21T17:42:49","modified_gmt":"2019-12-21T16:42:49","slug":"connect-with-safety-secure-data-explained","status":"publish","type":"post","link":"https:\/\/advancedfleetmanagementconsulting.com\/eng\/2019\/12\/21\/connect-with-safety-secure-data-explained\/","title":{"rendered":"Connect with safety \u2013 secure data explained"},"content":{"rendered":"

Connect with safety \u2013 secure data explained<\/strong><\/h3>\n

With the amount of data carried in today\u2019s cars \u2013 much of it travelling outside the vehicle \u2013 it\u2019s imperative to ensure secure connections are maintained. Dave Moss reports.<\/p>\n

ccording to predictions from business information provider IHS Markit, by 2022, 87% of all US vehicles will be telematics-equipped, along with 91% in Germany and 92% in the UK. The following year, worldwide connected car sales will reach 72.5 million units, when around 70% of all new light vehicles will include some form of factory-installed telematics.<\/p>\n

Hybrid telematic systems with a dongle or mobile phone internet link are expected to be the biggest growth driver, though in-car use of smartphones, tablets and laptops connected via everything from car wi-fi to USB ports will play a big part.<\/p>\n

\u201cA large proportion of vehicles already feature multiple connections, especially in the luxury segment,\u201d says Anna Buettner, automotive infotainment manager at IHS Markit. \u201cThis trend is expected to spread to lower segments in coming years, as strong market demand brings connectivity to vehicles and regions that have traditionally lagged behind.\u201d<\/p>\n

The move towards telematics is being driven by demand for flexible phone and infotainment facilities \u2013 part of an electronic revolution as numbers of largely hidden computers controlling internal car systems have soared. Cars and computers have existed happily together for many years, but Ron Plesco, a principal in KPMG\u2019s cyber security practice, believes car internet connections bring ever-growing risks.<\/p>\n

\u201cA car fitted with vehicle-to-vehicle, vehicle-to-infrastructure, cellular, Bluetooth and wi-fi connections, for example, has a much greater attack surface than one with only a single, isolated computer system,\u201d he says.<\/p>\n

\u201cIn fact, recently, a malware attack\u00a0was identified that could put 5.3 billion devices with Bluetooth signals at risk.\u201d<\/p>\n

Hack-proof hopes<\/strong><\/h5>\n

The importance of securing company and personal computers from hacking and virus infection is widely known. For years, similar risks to car computer systems were hardly mentioned, but as cars have moved on from single wired diagnostic ports, hacker access has become easier and problems more intense.<\/p>\n

\u201cI do think there was a certain lack of awareness of the security implications of, say, using wireless connection to communicate Tyre Pressure Monitoring System (TPMS) data,\u201d says Intertrust Secure Systems\u2019 vice president and general manager, Bill Horne. \u201cIt\u2019s a general problem with security that often the functionality and cost savings are so compelling that little thought goes into possible security implications, especially in industries where it\u2019s never been a problem before. Who would have thought that TPMS would be a vector for attack?<\/p>\n

\u201cHackers are incredibly talented at finding clever ways to exploit vulnerabilities and finding paths through multiple components to achieve an end goal,\u201d adds Horne. \u201cSafety is naturally the biggest concern \u2013 anything putting lives at risk needs to be taken very seriously. From a security perspective, you have to think of the entire threat model. What are the threats, to confidentiality, integrity and availability? Getting into a low-risk component can be a stepping stone to attacking more safety-critical components \u2013 or other computers \u2013 even your mobile phone.\u201d<\/p>\n

George de Boer, leader of connected car initiatives at TomTom Telematics, agrees, while pointing to wider issues. \u201cIf you want to secure the connectivity of vehicles, regardless of aftermarket or line-fitted connectivity, you have to look at the complete chain and all the different vectors,\u201d he says. \u201cA vector could be the wireless connection, but also includes the interfaces of devices in the car \u2013 and how access codes are given to employees that maintain systems in the cloud.\u201d<\/p>\n

The threat of infiltration<\/strong><\/h5>\n

\"\"<\/a>Fleet telematics systems could also be a security risk, especially where internet connection is via a dongle or mobile phone and GPS-based vehicle tracking is incorporated, or there\u2019s a link to other connected car functions. The implications of hacking into fleet vehicles are wide-ranging and with more and more connected cars entering service, there are big questions about how serious the security issues actually are. De Boer has no doubt \u2013 and sees some related problems.<\/p>\n

\u201cThe threat is real \u2013 plenty of cases from the recent past demonstrate that,\u201d he says. \u201cAnd these problems will only become more frequent as more cars become connected. Related security topics are also growing, not only for aftermarket telematics systems \u2013 but also for car manufacturers. But next to security, there are also risks associated with data privacy, and negative PR.\u201d<\/p>\n

Plesco believes security issues shouldn\u2019t be underestimated: \u201cSimply stated, the threats are very current, and present a clear and present danger,\u201d he says. \u201cBut consider \u2013 from a hacker\u2019s perspective \u2013 the potential payoff of cyber-attacking not one car, but a hundred, or a million. With the connectivity that\u2019s out there today, and the broadcast reach of the internet, the same attack technique that works on a single car can be applied to all internet-connected cars \u2013 with relative ease.\u201d<\/p>\n

Reducing risk means being constantly on guard, according to Horne: \u201cEssentially, you have to maintain good security hygiene, as you would for home and business computers.\u201d he advises. \u201cPatch and update systems regularly, by keeping vehicles on regular service schedules. Only connect wi-fi or Bluetooth to trusted devices and, as things such as installable apps become more popular, only download from reputable sources.\u201d<\/p>\n

Control your data<\/strong><\/h5>\n

Unauthorised access to fleet telematics systems could mean leakage of confidential driver, client or company data \u2013 and possible interference with internal company networks. De Boer believes these risks deserve special thought. \u201cNo system will be 100% secure, just as no bank is impossible to break into,\u201d he says. \u201cThe questions should be how much is being done to secure the solution and how is data being kept private? Fleet and mobility managers should ask suppliers how they ensure security is part of their design process, their fabrication and their lifecycle management. Those concerned about data privacy should ask suppliers if it\u2019s possible to limit data collection to particular pre-defined goals, and about ways to limit accessibility to certain data. Secure and private systems are possible, but take significant effort. Ensuring they remain so is an ongoing process, which also means the right systems don\u2019t come at the lowest price.\u201d<\/p>\n

\"\"<\/a>In recent years enough evidence has surfaced to suggest that many early connected vehicle systems \u2013 including fleet telematics \u2013 were less than ideally secure, but lessons are being learned. Around the world, governments, manufacturers and certification organisations are leading efforts to address the challenge. Stricter manufacturing guidelines are emerging, increasingly built on security best practices from other branches of electronics. In 2015 the US auto industry recognised the issues by establishing an \u2018Information Sharing and Analysis Center\u2019, to share intelligence on car electronics and vehicle data network vulnerabilities. The Association of Global Automakers has also recently introduced \u2018Privacy Principles for Vehicle Technologies and Services\u2019 documentation.<\/p>\n

Plesco expects a very different approach to connected vehicle security in future: \u201cOEMs and the supply chain have begun taking the threat more seriously and are even considering cybersecurity as a market differentiator,\u201d he says. \u201cWe\u2019ve entered a new era in the automotive industry, propelled by massive technological and business model change. Protecting the fleet will require carmakers to actively maintain connectivity and provide real-time security support to embedded software \u2013 on millions of vehicles. That\u2019s a significant shift in the traditional operating model, where problems are dealt with using recalls and dealer networks do most of the work.\u201d<\/p>\n

De-fleeting needs data deleting<\/strong><\/h5>\n

Connected car security issues can spread well beyond one vehicle, with stories continuing to surface over difficulties in permanently releasing external equipment connections. Full memory clearance before computer, tablet and smartphone disposal is an established routine in most companies, and similar procedures should be followed on disposal of vehicles, including removal of phone pairing, and ensuring all \u2018connected car\u2019 external links are broken.<\/p>\n

However this may not always be straightforward, varying widely depending on the vehicle manufacturer. Reports have emerged \u2013 seemingly mostly involving premium marques \u2013 of partial links remaining, allowing first owners to remotely operate functions and track their previous vehicle\u2019s location, sometimes long after sale. In some cases it\u2019s been claimed manufacturer intervention has been required to complete the process.<\/p>\n

When vehicles are being de-fleeted, a master data clearance is recommended before vehicle handover \u2013 to avoid any future data privacy and vehicle security issues.<\/p>\n

Connected cars demand new solutions for new threats<\/strong><\/h5>\n

With the coming of the \u2018connected car,\u2019 the risk of personal, company or vehicle data being stolen or compromised is higher than ever before. Any internet-connected device may provide vehicle system access for hackers, and it\u2019s not just one car at risk \u2013 it could be many of the same make or model.<\/p>\n

Ron Plesco believes manufacturers must deal with these new problems and new threats in entirely new ways: \u201cManaging the risk of a fleet-wide cyber attack will demand that companies throughout the automotive ecosystem take a new approach, especially with regulators, customers, and suppliers expecting car brands to maintain responsibility for both quality and safety, as has historically been the case,\u201d he says. \u201cThe industry will need to transform many aspects of the business, including how companies develop, service, and support vehicle networks \u2013 and the assets, capabilities, people, and the relationships they prioritise.\u201d<\/p>\n

Source: https:\/\/internationalfleetworld.com<\/a><\/p>\n

FLEET MANAGEMENT AUDIT<\/h3>\n

Fleet management is the use of a set of vehicles in order to provide services to a third-party, or to perform a task for our organization, in the most efficient and productive manner with a determined level of service and cost.<\/p>\n

Fleet management activities are shown in the following graph 1:<\/p>\n

\"fleet<\/p>\n

Graph 1: fleet management activities<\/p>\n

The proposal audit analyses and assesses all fleet management activities shown in the graph 1, and its main goals are:<\/p>\n