Cybersecurity for connected fleets probably isn't something that keeps most people awake at night. And yet, increasingly, it's something fleet managers can't afford to ignore. After all, with increased connectivity and data sharing comes a host of vulnerabilities that could stop businesses in their tracks.
That was the topic of a recent conference held by Israeli automotive cybersecurity startup Enigmatos for the Association of Transport Safety Officers. The conference aimed to delve into the intricacies of cybersecurity for connected fleets and to equip professionals with the tools to thwart these attacks before any real damage is caused. Additionally, Enigmatos presented their patented solutions for monitoring and detecting malicious cyber activity in real-time.
Proactive approach to fleet security
Shimon Sudai, chairman of the Association of Transportation Safety Officers In Israel, gave the opening remarks. He stressed the need for a proactive approach to securing modern vehicle technologies in the face of growing cyber threats. Sudai also underscored legislation's essential role in shaping everything from electric vehicles and cyber vulnerabilities to information leakage.
Neta Lampert, CEO of Enigmatos, discussed the evolving nature of cyber attacks in transportation and explained why lowering response time to a minimum is critical. "It's not a question of whether a fleet will be attacked; it's a question of when, and at what magnitude" said Lampert. This problem becomes even more worrying for bigger vehicles like trucks, vans, and buses, which have complex operational needs.
Cyberattacks on connected fleets can wreak havoc. Lampert explained that thousands of cyber attacks on vehicles occur every year. These can lead to human life loss, operational disruption, and even a damaged reputation. It's also not unheard of for these cases to end with ransom demands.
Next up was Hemi Pecker, the Director of Israel Cyber Center for Intelligent Transportation Systems. He provided further insights into cyber warfare, shedding light on the sophisticated tactics employed by major powers like the United States, China, and Russia. Peker's discourse underscored the urgency of fortifying defenses in the face of increasingly potent cyber threats.
Outsmarting today's cyber threats
A big part of this conference focused on how to deal with these ever-evolving threats, especially when hackers can sometimes seem one step ahead of us. That's where cyber detection and companies like Enigmatos come in. Liran Zwickel, Enigmatos's VP of Cyber, touched on this. His presentation underscored the imperative for comprehensive cyber solutions that transcend traditional security measures.
Zwickel discussed how an air pressure system in tires can be used as an attack surface. After all, the car's CAN network is integrated with all systems and is a hub for cyber breaches. The information received is varied and includes everything from tire pressure and oil pressure to engine temperature and even fluid level height. By analyzing this data, Enigmatos is able to detect threats in real-time.
The challenge with cyber monitoring in the automotive world is the ability to detect events in the CAN network - that may imply a cyber breach. That’s why the Enigmatos system learns each fleet vehicle's unique characteristics and produces a unique profile using machine learning. Then, the system monitors the messages on the CAN network in real-time and compares them to the profile. When the system detects a deviation from typical behavior, it activates another verification process based on AI to determine whether it's a possible cyber event.
Regulatory implications
The conference also addressed regulatory developments to bolster cyber security standards in the transportation sector. European regulators have adopted ISO/SAE 21434, mandating adherence to stringent cyber security protocols in new vehicle manufacturing. Similarly, the Ministry of Transportation in Israel has enforced regulations requiring cyber monitoring in public transport, signaling a paradigm shift towards enhanced cyber resilience.
According to the Ministry of Transportation procedures, every public transport tender must now include a requirement for cyber monitoring of the CAN communication protocol network, which is to monitor external accessories installed on the bus. Expanding cybersecurity to the after-market is one of the driving forces behind Enigmatos. It’s also why Enigmatos is in contact with companies that won tenders to ensure they comply with the Ministry of Transport's criteria.
Can't afford to ignore
Cybersecurity is too important to ignore. While it poses a very real threat, fleet managers have an opportunity. By working together and staying ahead of emerging threats, fleet managers can mitigate the risks associated with cyber-attacks and ensure their businesses' continued success in an increasingly digital world.