Recently I had an opportunity to meet with Martin Hunt, senior business development director of the automotive industry practice for BT Global Services, to better understand how BT is working in the connected car space. It’s important to clarify that BT Global Services is just that, a global company that works with players in many regions – unlike BT the telecom operator in the U.K. For the purposes of this piece we are focusing on the activities of the global organization. The following video helps to highlight its areas of focus, which are not about simple connectivity to the connected car.
https://www.youtube.com/watch?v=CAzfnGbAgyA
There are three key areas company is working in related to the connected car discussion: ethical hacking, data mining and cloud services. You may not be aware that BT has been involved in ethical hacking for over 20 years; supported by 60 global employees and 2,000 full-time security consultants. I’d say they know this topic well.
In April, BT launched a consultative program targeted at OEMs based on its ethical hacking expertise. At first it seemed a bit of an uphill sell; but with all of the recent news on this topic the interest has grown dramatically. Of course, BT cannot talk about its customers, but I asked for an overview of how a typical engagement would work.
An ethical hacking project looks at the car and the surrounding environment. In other words, everything the car connects to, including the infotainment system and outside servers sending information to/from the car. There also are infrared connections such as key fobs and tire pressure monitors. And even the dealership systems that connect to the car and the employees who operate them are considered. They begin by injecting errors into the system to see what happens and over time inject more. The analogy that was shared was that of an allergy test. If you’ve ever had one you know what I mean; many little needles are used to inject allergens in a quadrant to see what causes a reaction. Within the automotive industry, security is currently viewed as a competitive advantage, which means the OEM industry is not ready for cross-industry sharing of learnings as of yet.
Another layer of analysis is the work done by BT’s security operations center. In addition to monitoring networks, it monitors social media and the dark Web. As a result, it can predict an impending attack. In the scenario of a customer’s website, it would migrate the website to a safe server and set up a fake website to allow the attack to proceed in order to learn what the hackers are doing. In other words, a honeypot scenario.
Car Wi-Fi connections are often discussed as a source of potential malicious activities to allow hackers in through an unsecured connection. But what about unknown viruses on users’ smartphones in the car connecting to the Wi-Fi and unknown to them infecting the OEMs network? This is another area being considered by BT. Consider how often your PC software updates to keep your data secure; then you can imagine how often a secure connected car should be updating its security protocols. We’re still quite a long way from this model.
The second two areas being worked are still in the formulative stages. The gathering of data from the vehicle in order to understand car performance and send notifications for maintenance is already being widely discussed. BT hopes to take it to a product level where it can help fleets, leasing companies and insurance companies leverage the data. They also could work with OEMs to help reduce recalls based on the integration of the data with secure OTA update functionality.
The third topic is that of cloud services. In conjunction with the BT network the goal is to provide its Assure Threat Monitoring solution to the automotive industry. Taking into consideration the security operations center functionality mentioned above with the addition of video analytics provided regarding the number of threats attempted and thwarted, a series of secure data services could be offered. Wonder what magnitude of threat BT is ready for? During the London Olympics BT managed to block 11,000 malicious attempts per second. At the beginning of the games it equaled about 2 million attempts per day and grew to 9 million per day at the height of the games. I’d say they’re ready to take on the connected car space.
If you consider the topics of privacy vs. security, to date the market has been more focused on privacy. How to keep the data safe. This is now beginning to transition into a true security discussion as hackers – fortunately ethical ones at this point – have highlighted the opportunity for malicious intent to succeed in the world of the connected car.
Like what you read? Follow me on Twitter!
Claudia Bacco, Managing Director – EMEA for RCR Wireless News, has spent her entire career in telecom, IT and security. Having experience as an operator, software and hardware vendor and as a well-known industry analyst, she has many opinions on the market. She’ll be sharing those opinions along with ongoing trend analysis for RCR Wireless News.
