The Internet of Things (IoT) isn't a new term. Businesses are getting more comfortable with connecting Internet-enabled devices up to a network in order to intelligently share and analyse the data captured. In fact, by 2020, Cisco predicts that a whopping 37 billion intelligent things will be connected to the Internet. What is new however, is the application of the IoT. Take the automotive sector for example. This industry is making great strides in the IoT space, and recently, we've seen the use and associated threats of the connected car hit the headlines.
Advancements in technology and the app revolution are providing car manufacturers with the opportunity to create a personalised driving experience. They can now integrate mobile apps into vehicles, which allow users to control functions such as air conditioning, track maintenance times, manage navigation, and even update their social media profiles with their location.
The move to the connected vehicle is already in full swing with manufacturers such as Ford, Audi, Toyota and BMW offering systems that enable their vehicles to hook up to the web through mobile phone networks. But the connected car isn't just about keeping up with the competition; consumers are driving it too. According to Gartner, 47% of consumers want to be able to access wireless apps in their future vehicles and by 2016 the connected car is expected to be a common desire for drivers and their passengers.
Given the upward trend in demand, the possibilities are limitless. But how is this journey going to be played out? And how can manufacturers ensure that they take the right steps at the start to ensure the next wave of mobile innovation is a success?
Welcome to a brand new driving experience
Before we take a look at how the way we interact with our cars is being transformed, let's briefly explore application programming interfaces (APIs) and their role in enabling the connected vehicle. APIs, or more specifically REST APIs, are key for connecting devices to the Internet. An easy way to think of an API is as the messenger between an app and the device. In the context of the connected vehicle, the car becomes the device.
Mobile apps for the connected car are built for use both within and outside the vehicle. Whether it's to play music stored on your smartphone, provide Facebook updates to your dashboard, find a parking spot or remotely lock and unlock your car, the age of the connected vehicle is creating a driving experience we never imagined possible. And this is only the beginning. For example, Google is currently working on developing self-driving cars; Ford is anticipating wearable sensors that communicate with a vehicle to let it know if the driver is suffering from a medical condition, and Apple wants to replace the dashboard with a system of voice-activated commands.
The market opportunity has the potential to be huge: according to research firm SBD and the GSMA, the global connected car industry will be worth €39 billion in 2018, up from €13 billion in 2012. In fact, the QNX operating system may turn out to be one of the most valuable parts of Blackberry. But in order for manufacturers to truly cash in, they need to consider the potential challenges that arise from this new era of smart mobility.
The (security) potholes in the road ahead
When it comes to the intelligent automobile, smarter doesn't automatically mean secure. Although the concept of the connected car is partly driven by the need for safer roads, it also raises some very serious security issues. Not only will drivers be susceptible to hacking attacks, but their personal data is at risk of being exposed to unauthorised parties.
As the sophistication, frequency and targets of cyber-attacks continue to broaden their scope, anything that connects to the Internet has the potential to become the next target. Consequently, this new breed of car has a much broader attack surface than traditional cars. A recent demonstration revealed that it is possible for a hacker to take control of a vehicle while it's being driven by someone else. Evidently, the ramifications of car hacking have the potential to be extremely dangerous. Imagine the results of a hacker replaying a request to unlock a car remotely or to turn off a driver's engine whilst they were in motion.
Car hacking is becoming more of recognised threat, but it needs to be addressed now, before a major attack makes its way into the public domain. Safety is the number one priority for both drivers and their passengers, and just a fragment of doubt has the potential to jeopardise the future of the connected car.
In addition to cybercrime, the connected car evokes concerns around data privacy. Just think about the plethora of personal information it will generate. There is increasing debate around who owns this data - the driver or the manufacturer? For instance, these web connected cars will hold the secrets to our driving habits. So if you regularly break speed limits or text whilst driving, will your car tattle on you? If you drive safely, will you be offered insurance discounts? From a safety perspective, perhaps your car should alert the police, but on the other hand, wouldn't this be an invasion of our privacy? Indeed, in the case of maintenance purposes and to ensure good service, the data undoubtedly belongs to the manufacturer. But what about the rest of the data that is collected?
There is no clear-cut answer to who owns the data when it comes to the connected car. At present, there are very few regulations around privacy. It's a highly complex issue and will only be resolved over time, once there has been greater adoption. But whilst this is being worked out, manufacturers need to be able to manage and secure the exchange and processing of data that takes place in their vehicles.
The motor industry faces a tough road ahead in containing and preventing these threats and it must act quickly to make both data access and security a priority in the production of connected cars. Getting to grips with the APIs that connect their cars to the Internet will help automakers tackle these challenges and speed ahead of the competition.
Why API management?
API management encompasses a range of solutions designed to manage and govern the APIs that enable collaboration between a vehicle and an app, such as the registration of developers and apps, API key distribution and revocation, and API version management. Without effective API management, a car manufacturer's APIs may be compromised or attacked. For example, if a hacker gets access to an API, they may acquire the ability to take command of a car, without the owner's permission.
Security is hollow without visibility. Automakers need to create clear authentication and authorisation policies early on in production so they can control exactly who has access. In addition, they need to constantly monitor API usage, so they can instantly detect and respond to unusual patterns.
Car technology is accelerating at an exciting pace, so much so that the automobile is positioned to become the ultimate mobile device. In fact, car makers now view vehicles as mobile entertainment platforms. But in order to successfully deliver the next generation of mobile, automakers need to wake up to the potential risks that stem from the connected car and take action to future-proof their vehicles. Putting into place an API management strategy should be the first and most effective step in ensuring the virtual safety of tomorrow's cars.
The race is on to deliver the connected car of the future. The manufacturers that take the smart steps now will be miles closer to the finish line than those that don't.
About the Author
John Thielens is Axway's Chief Security Officer, focusing on the secure development and deployment of Axway products and evangelizing security for Axway. With more than 30 years in software development and two decades in the security industry, he has deep hands-on experience with technology, but spends equal energy now blogging and speaking on security and technology topics.
About Axway
Axway (NYSE Euronext: AXW.PA), a market leader in governing the flow of data, is a global software company with more than 11,000 public- and private-sector customers in 100 countries. For more than a decade, Axway has empowered leading organisations around the world with proven solutions that help manage business-critical interactions through the exchange of data flowing across the enterprise, among B2B communities, cloud and mobile devices. Our award-winning solutions span business-to-business integration, managed file transfer, API and identity management, and email security- offered on premise and in the Cloud with professional and managed services.