by Phil Allen, Ping Identity 29 October 2019
Machines are getting smarter and more mobile. From smart drones to driverless cars, intelligent vehicles are a hot technology. Recent advances in Artificial Intelligence (AI) and Machine Learning (ML) have made mass market deployment of fully autonomous vehicles a likely occurrence within the next decade.
Whether it’s on land, sea or air, vehicles of all kinds are increasingly software-driven and like all compute platforms, offer a tempting target for cyber-attack. Just looking at the automotive market alone, several pioneering projects are examining how to balance the need for system accessibility for legitimate human and machine-to-machine (M2M) communication with the challenges of secure access.
access technologies that have been commonplace in the landscape for over a
decade are rapidly making their way into automobiles. The reasons are part of a
wider move for the car industry to begin to have an ongoing relationship with
consumers instead of just that of a distant original equipment manufacturer
(OEM). A key trend is around security which, in the age of keyless entry, has
been victim to relay attack using a device that can intercept the signal from the
key fob to allow a thief to steal vehicles. A recent test by What Car? Magazine
tested seven different car models fitted with keyless entry and start systems
and found that six of them could be stolen within 60 seconds.
counter this issue, several brands have adopted multi-factor authentication
(MFA) alongside short range geolocation beacons using devices such as
smartphones to provide an additional security control before a vehicle can be
driven. The system can support multiple drivers for fleet or shared vehicles
and the first models are likely to emerge within the next year.
This leads into identity access management (IAM) solutions that are being integrated for drivers and vehicles to allow not just security but also to enable new business models. One large German manufacturer is testing a system as part of a short term car rental service. In this model, a member of the service could go to any town and, with keyless entry, gain access to a short term rental of the same make and model as their own car. The smartcard login automatically manages authentication, payment, and vehicle customization – in the same way that a VDI login creates a user’s workspace irrespective of which device they connect from.
technologies feed into the overarching goal for many in the industry which is
the move to automation. Although still possibly five years away, a situation
where a vehicle can drive itself, along with passengers, poses a possible
security nightmare for many manufacturers and transportation service providers.
A hacked robo-taxi might be scammed of fares, stolen outright or worse still,
used to commit crimes. As such, securing how vehicles authenticate to their
control networks along with embedded security within the vehicle between
components such as the GPS and telemetry systems is a major project at several
future where cars are autonomous, there also needs to be smarter infrastructure
for tasks such as recharging, entering parking structures and using toll roads
and bridges. As such, vehicle identities including the use of digital
certificates are becoming part of the process.
driverless cars are still a way off, the more pressing issue is around drones,
both airborne and for tasks such as agricultural and construction. Increasingly,
these devices are running autonomously based on pre-programmed logic with
limited oversight. As recent issues with rogue drones closing airports and the
more worrying assassination attempt of Bolivia’s disputed President Maduro via
a drone packed with explosives, the ability to secure access to drones is a
Although the Civil Aviation Authority (CAA) has rules around their use including restrictions on flying above 400 feet in altitude or more than 500 meters away, the Authority has no way to check what drones are in the air at any point or who is at the controls. The challenge is not a security issue but a matter of law and as drones become more autonomous, a number of innovators such a DJI, a major drone manufacturer, that already requires users to log-on to a drone before they can fly, may well become part of a wider mandatory regulation that enforces drone flights more rigorously by sharing login details with aviation authorities.
The rise of the machines is inevitable, at least for drones; however, securing the impact will be a major requirement across a wide range of industries and one in which IAM will play an important role.
Phil Allen is VP EMEA at Ping Identity, a software company developing identity and access management solutions.