Insurance against cyber threats

16 March 2017

Kent Eric Lång, project manager for the automotive network Vehicle ICT Arena in western Sweden, doesn’t mince words: “The automotive industry is on the verge of a fantastic transformation during the next five to ten years. As much will happen in ten years as during the previous hundred.”

 

What Eric Lång is referring to are the four parallel trends that together are changing the conditions for both the automotive industry and the suppliers and end-users of the products.

 

First of all, we are well on our way to new power trains in the form of electrical operation and fuel cells. We are also seeing that automation has already begun, with vehicles increasingly taking over certain tasks and even driving themselves. Connected vehicles is the third very clear trend and this is also a prerequisite for the fourth, namely car sharing.

 

 

On a higher level, it's about different types of mobility services. The basic concept is that you should be able to move from one place to another. It’s a waste of resources that cars are parked all day, waiting until they’re needed. Capital is unnecessarily tied up, but with connected vehicles, it's easier to optimise usage. Taken together, these four trends entail that our expectations for how cars should look and how cars should be used will evolve in the years to come.

Kent Eric Lång, project manager Vehicle ICT Arena in western Sweden

 

 

Lost customer trust slows development

The basis for the trends is in digitalisation. This is why cyber security also plays an important role for the future of the automotive industry. Customers’ trust in IT systems is essential; implementation will otherwise be significantly delayed. Here Kent Eric Lång is critical to the automotive industry’s unwillingness to take a leadership role.

 

 

It's like all forms of insurance and threats. Everyone is afraid of being the loser and ending up with the Old Maid, in other words funding the investments necessary for protecting against the threats. This is why we find ourselves in a situation where we basically don't see anything happening until an accident has occurred.

Kent Eric Lång, project manager Vehicle ICT Arena in western Sweden

 

 

What we need to get past this situation are new collaborative initiatives among the stakeholders, according to Kent Eric Lång.

 

 

Collaboration is necessary regarding investments in both technology and the methods and processes for securing the systems. No individual stakeholder wants to take on the costs for something that doesn't sell cars. The type of IT security we're talking about now should just be there; it's not a sales argument. With collaboration, we can create positive publicity about the new opportunities that improve both our lives and potentially the environment as well.

Kent Eric Lång, project manager Vehicle ICT Arena in western Sweden

 

 

At the same time, it can be difficult to know when security investments are at the right level. Security can be piled on to the degree that in the end, the car is no longer of practical use. When it comes to IT security however, there is a clear breakpoint.

 

 

When security is too low, hackers will be attacking you with continuous intrusion attempts. While all are affected now and then, when you have sufficient security, it won’t be worth the time to try to crack the systems. Security is not just a matter of setting up a firewall; it concerns the entire electrical architecture from the ground up and how the connection to the vehicle is configured.

Kent Eric Lång, project manager Vehicle ICT Arena in western Sweden

 

 

Insurance premium for protection against cybersecurity threats

An important step, according to Kent Eric Lång, is to agree on common terminology. This may sound like a matter of course but it is far from today's reality. Automakers, suppliers, other branches, hackers and the cyber security world all have different languages.

 

 

Much would be gained by just being able to describe the threats in the same way. At the same time, there are good sources of inspiration. A very applicable example concerns safety, with the focus on reliability and physical assurance. Here the stakeholders have joined together and there is now a consensus that facilitates collaboration and experience exchange. Why not create a counterpart in security?

Kent Eric Lång, project manager Vehicle ICT Arena in western Sweden

 


Collaboration and cluster interaction is needed both within the automotive industry and with other branches.

 

 

And why not collaborate with hackers? There are many skilled hackers, willing to collaborate. For many it is the challenge that attracts them; they're simply very competitive people. What I mean is that there are no absolute truths on the road ahead. What we do know however, is that the automotive industry will be changed from the ground up in the years to come and we must find forms for working together with IT security. This is the insurance premium we have pay as protection from cyber security threats.

Kent Eric Lång, project manager Vehicle ICT Arena in western Sweden

Hans Danielsson

Business Area Manager

hans.danielsson@combitech.com

+46 (0)13 18 00 17

Other news

29 October 2020

How do you know if your system is secure, if it has never been tested?

Combitech contributes to a safer and more secure society. An important part of this work is performed by our penetration testers. Their work is to simulate hacker attacks in order to find vulnerabilities and weaknesses in networks and systems. Three of Combitech’s sharpest pentesters, Christoffer Olsen at Combitech Denmark, Michael Johansson at Combitech Sweden and Olav Sortland Thoresen from Watchcom in Norway explain what they do, how they do it and why their work is vital to many companies.

3 April 2019

A Holistic Approach to Cybersecurity

The capabilities and motivations of attackers to go after operational systems in infrastructures critical to society’s resilience are omnipresent. But these sectors are traditionally not prepared to deal with such security threats. It is time to wake up!

21 November 2018

Your organization is “GDPR compliant”, but do you perform penetration tests?

Today’s organizations are facing an ever-expanding set of legal and regulatory compliance requirements regarding how they must handle sensitive information, how they must ensure the resilience of their digital processes, and how they must protect the privacy of individuals. Organizations must not only operate within legal and contractual boundaries but do so in a way that creates the business value that their stakeholders expect of them.

Want to know more?