WHEN INTELLIGENCE COMES INTO PLAY, CYBER SECURITY IS IN DANGER OF BEING FORGOTTEN

Next Article

ENERGY SECTOR STRATEGIC REVIEW

text: JUKKA VIITASAARI Partner, Cyberwatch Finland

Even though the current viral epidemic has stopped the movement of the world; people, goods, information and capital will continue to have a need and atendency to move. In the face of motion induced blindness, we can easily be amazed by the new, great innovations, but we do not remember to make them safe for use. However, it would be worthwhile.

Smart mobility is one of the most profitable input-output targets for cybercriminals.

However, it is not a stand-alone factor, but is closely linked to larger systems, such as the smart city, or the whole digital lifestyle. In its simplest form, cybercrime does not have to be more complicated than rudimentary email phishing to cause huge financial losses.

In June 2019, an employee of the Riviera Beach police station in Florida opened an email attachment. The attachment unleashed a blackmail program that locked up the public transport ticketing system, the city payroll system, all municipal email servers, and even the emergency telephone system. The city council decided to pay for the $ 600,000 Bitcoin ransom demanded by the hacker for the decryption key to regain control of all the data in the systems and of course the system itself.

INTELLIGENCE INVOLVED IN ALL MOVEMENT

The size of the mobility market is globally estimated at approximately 6500 billion euro, or 6.5 trillion euro, in Finland alone around 30 billion euro. Mobility is undergoing a major breakthrough, with the most prominent manifestations in everyday life being the Mobility as a Service (MaaS), lift sharing, taxi market redistribution, an autonomous automotive, telematics, and digitalisation of traffic control systems.

However, smart mobility is not present only on land, but also on waterways and airways. Freight and passenger ships sailing the world’s seas are full of data-driven solutions, and all air traffic and their harbour and field operations increasingly incorporate automated and autonomous functions.

The whole paradigm of movement will change in the form of autonomous vehicles, new transport solutions, electrification of mobility, new services and the exit from the fossil economy.

Mobility is an integral part of present day life and is particularly deeply connected to the services and activities of an urban smart city. These include seamless transport chains for people, services and data, data-driven mobility services and traffic control systems, fuel-efficient solutions, and optimised logistics solutions for ports, airports, and railways. The latest forms of smart mobility are autonomous land, sea and air drones.

Intelligent solutions are based on data accumulated from different sensors in databases and utilised by software applications over data networks. On top of this, service processes that communicate with each other will be automated to the greatest extent.

As a result of this development, vehicles are becoming digital platforms that utilise pre-automated service processes in full measure. The current state of the art technology is considered to be the Connected Automated Vehicle (CAV). At the forefront of services development there are new service models that package existing services into easy-to-use packages, such as Mobility as a Service (MaaS).

CAV vehicles connect to the Internet via peer-to-peer or direct Internet access, sense their environment in real-time through various sensors, cameras and radars, and communi cate with each other and with the infrastructure of the environment.

EVERYTHING IS CONNECTED TO THE INTERNET

Researchers have developed a concept, the Internet of Vehicles (IoV), in which automated systems communicate with each other at four levels of telecommunication:

V2S - Vehicle to Sensor V2V - Vehicle to Vehicle V2R - Vehicle to Roadside V2I - Vehicle to Internet

V2S networks are short-range connections in which in-vehicle sensors communicate with the Electronic Control Unit (ECU) and, for example, adjust the brakes. V2R communication tracks the communication between the vehicle and the surrounding infrastructure, such as traffic lights and the speed of other traffic. In V2I the vehicle is directly connected to the Internet via a cellular base station, providing the driver with information, for example, on the traffic ahead, other services (restaurants, gas stations, etc), and information on the vehicle’s location. In V2V, vehicles communicate with each other, for example, about their speed and their relative position.

Smart mobility plays a key role - good and bad

- in information networks, not only on the Internet, but especially in mobile and satellite networks. 5G technology will build a significant amount of services that are not yet visible and many of them will be based on satellite positio ning information. In addition, terrestrial robots will be progressively controlled by satellites.

Google and Facebook, among others, are developing a new global Internet network based on low-orbit satellites, upper-atmosphere balloons and solar-powered airplanes.

Currently, almost all intelligent telecommunication devices are global, serial products that require a telecommunications connection to work. Smooth communications require global wired and wireless standards and interfaces that are considered in the product design. Cyber-criminals also know this.

In particular, LTE and 5G connections are planned to be used for communication between automobiles. Car manufacturers are agreeing on common protocols that will be taken into account in the development of 5G networks, as well as the rapid growth of IoT-enabled wireless sensors, audio-visual utility and entertainment content.

CYBER SECURITY IS IN DANGER OF BEING FORGOTTEN

Where money, people and innovation are in motion, there are also spies and criminals. It goes without saying that this also applies to smart mobility solutions.

Mobility machinery generates massive amounts of new data that is needed to improve mobility performance, user experience, and security.

Therefore, manufacturers monitor vehicle and driver behaviour, equipment utilisation, maintenance and upkeep, routing, etc. The data collected by the systems is the most valuable asset of intelligent telecommunication solutions.

The collected data is stored on multiple servers located in different locations, maintained by multiple subcontrac tors in the private and public sectors, and used as a raw material for machine learning in teaching new algorithms. This requires a large degree of unanimity and a tangled web of agreements between the different actors.

Data is collected mainly through wireless networks, which makes it easy to intercept and seize information. If successful, the system will be easily paralysed.

Particularly vulnerable are the smallest network-conne cted sensors, which have hardly any security enhancing components. MaaS systems are also vulnerable because the services they provide are based on open sensor data provided by service providers and the cyber security capabili ties of the weakest link in the service chain.

AUTOMOBILES ARE VULNERABLE

In practice, there are three break-in routes into cars: 1# Bluetooth, Wi-Fi and OBD2 channels near the car. 2# The public internet, that hackers can use to break into a service provider’s cloud service and into multiple cars at once 3# Through a service app to the cloud and then to the cars.

According to statistics compiled by American Upstream Security, the number of cyber attacks on smart mobility are growing rapidly. For example, the following cases have been reported in recent months - the list is endless:

1. Several false accounts were found in a Russian car-sharing service 2. A serious encryption algorithm programming error was found on a remote control used by major automakers 3. An open source app made by amateurs was able to paralyse the car manufacturer’s official app and take over the car 4. Hackers managed to hijack a car and change the readings on the dashboard 5. Hackers accelerated a hijacked car at high speed without the driver being able to do anything 6. A malicious program injected into a gas station meter captured users’ credit card information 7. A person who rented a car noticed after weeks that he could continue to monitor and control the movement of his rental car 8. A hacker tricked Google Maps navigation and built a virtual traffic jam 9. Hackers paralysed a German auto parts manufacturer with a denial of service attack 10. A hacker radar app was able to track the movement of a Tesla 11. A device installed on a car’s CAN channel dropped the odometer readings 12. Hackers offered a CAN channel burglary program for dozens of car brands online 13. Hackers broke into the car’s camera system and modified the image that is captured 14. Hackers broke into the satellite signal of autonomous cars and steered them into a ditch 15. A malware paralysed police cars’ laptops and dropped them off the net 16. Hacked Lime scooters began to make sexual suggestions to their users 17. A Chicago car-sharing app was collapsed and a hundred cars disappeared in one day.

Like other platform services, the data collected and owned by car manufacturers are in their own, unlimited use. In addition, the data generated by the use of the car can be linked to the registrar’s information about the owner or renter of the car. If the information falls into the hands of criminals, the damage could multiply.

The digital footprint of a person’s work and leisure is rapidly dispersed across databases and is exposed to identity theft, among other things. Information about renting a car, bike, or scooter is stored in the cloud, as well as ticket and other e-commerce purchases, a person’s mobile phone location and other location information.

All of this allows for smooth services and user experience, but also exposes users to high cyber risks. Numerous small data leaks accumulate information into mega-databases, which combined, offer extensive information on user-specific profiles.

CYBER SECURITY MUST BE MANAGED

Security awareness is now only making its way into digital services and solutions. We have started talking about the concept of “security by design”, where security has been taken into account right from the product’s development stage: in software development by following the best practices in programming, utilising authentication and certification solutions, and conducting regular stress tests on products and services. However, this procedure is still in its early stages.

Smart mobility, like many other parts of the data-driven society, is an ecosystem of many actors, including product design, production, maintenance and services. To be as watertight as possible, the entire ecosystem should take into account the same high-quality and meticulous cyber security culture. A holistic approach from component manufacturing to mobility services is required.

After all this, the question remains, how is all this orchestrated so that people’s mode of operation shifts permanently and a careful cyber security culture is ingrained in the organisation?

Without an up-to-date cyber security strategy based on the right situational awareness it will be impossible to achieve a good result. The operation of the whole depends on the technology, people and processes moving in the same direction.

The key question is how to enable secure digital services and a digital society, as it is, overall, what we are all trying to achieve.