Security within your fleet: Why the neutral car platform is the future
Glenn Atkinson, vice president of product safety at Geotab, argues why the telematics industry should advance the concept of the ‘neutral vehicle’ to fix security and privacy issues.
Much has been written about the need for security in Internet of Things (IoT) devices and the importance of including adequate security measures to help fight against cybercrime. When it comes to fleet security however, there has been a lot of debate around third-party telematics solutions, specifically the devices which plug into on board diagnostic (OBD) ports and provide open access to vehicle data.
OBD devices have contributed to improved safety, with drivers able to track and improve their driving in real time, plus more efficient fleet maintenance, better fuel savings and reduced emissions. As such, they are a vital tool in efficient fleet management. Alongside this however, there has been some concern over the security of these devices.
While it is unfortunately true that some OBD device providers don’t see a need to address the security of their products, fleet security doesn’t just lie in the hands of third-party businesses. In fact, vehicle manufacturers are also prone to security vulnerabilities. Take the Jeep Cherokee hack in 2015 as just one example. Much has been done across the connected vehicle ecosystem since cyber vulnerabilities were exposed, including original equipment manufacturers (OEM), tier one, and third parties advancing security measures. Safety and security must be a responsibility shared among the entire vehicle ecosystem while ensuring that access to vehicle data and communication is protected.
Regulation of telematics systems
We are living in an ever-more connected world and whilst the laws around more simple systems e.g. speed limits and traffic violations work well, they cannot keep pace with complex systems that change rapidly, such as connected vehicles and the data they gather.
In a bid to try and solve this, and ensure the security of connected vehicles and devices, a number of concepts that restrict third-party access to in-vehicle data have recently emerged. Whilst these strategies have allegedly come about because of security reasons, they worryingly suggest putting a paywall in place, forcing end users to pay for access to data from their own vehicles – not an appealing prospect for any vehicle owner, including fleet managers. In order to preserve free competition and allow fleets the power of choice, an alternative is required which allows secure, third-party access to data.
As the future connected strategy is developed however, it’s important to understand that the most robust and secure systems are also the most transparent in the way they are structured. An open system is seen and used by many and it’s through this use that failures and vulnerabilities are discovered, shared and corrected with patches. On the contrary, closed systems are used only by a few, meaning vulnerabilities and errors can remain undiscovered for long periods of time, making these systems less secure.
Open systems are also more conducive to innovation than closed systems and as the connected vehicle is one of the most transformative innovations ever in transport, it seems strange that a closed and monopolistic approach could gain traction at this historical inflection point.
Alongside this, the use of closed systems tends to give rise to monopolies, with a single company providing limited service and charging higher prices, compared to an open and competitive market environment. All of this means it’s in the best interests of the vehicle end users, fleet managers, and the public at large to have an open, competitive and continuous transport ecosystem.
In the current landscape more resources are needed to ensure the safety and security of the system, but this isn’t a reason to impose a monopoly on access to data in the vehicle.
We need a set of principles that not only cover the security of intelligent mobility and comply with the requirements and privacy regulations in various jurisdictions, but are also representative of all those involved in the connected vehicle ecosystem. The ‘neutral vehicle’ concept, which provides management capabilities to commercial fleet managers, vehicle manufacturers and other independent services (i.e. telematics providers), is the future.
The implementation of security is a journey, not a destination. By moving forward together as an industry towards the concept of the ‘neutral vehicle’, we will have a means of fixing the security and privacy issues currently in play, and all whilst allowing end users open access to the latest mobility services.