This post is also available in: עברית (Hebrew)
One of the key drivers of the Internet of Industrial Things (IIoT) is automating systems that were previously operated manually. The IIoT helps these systems go autonomous, whether it’s cars, medical systems, or the power grid. Securing the complex systems is not simple. To ensure security, intelligent system manufacturers must meet demanding requirements that include safety, security, and fast data processing. Satisfying these mission-critical control requirements is much more challenging than the early stage IIoT implementations that focused on monitoring equipment for predictive maintenance, cloud analytics, and optimization.
Two recent examples of connected systems that are difficult to secure include the Jeep Cherokee hacking and the Target attack. The Jeep Cherokee hackers entered through the infotainment system and gained access to the steering and braking functions. At Target, the intruders entered through the HVAC system and gained access to the point-of-sale registers.
In the instance of a driverless vehicle, there are multiple individual networks that work in conjunction with each other. “For an autonomous car, you have a mixed network environment. The networks can include WiFi, a satellite network, applications, and fleet management systems,” said Bob Leigh, director of market development for Autonomous Vehicles at RTI. “You have a private network over a public system as well as an in-car network that is controlling the car – turning the wheel and applying the brakes. Many different vendors contribute hardware and software to the system, and these systems have to work with each other.”
According to designnews.com, each of the individual networks in an autonomous car has to be protected, even from each other if a breach occurs. If an intruder gains access to one of the networks, it has to be stopped within that network. “With the Jeep Cherokee hacking, there was a flaw that let the hacker go in through the infotainment system and get to the control functions,” said Leigh. “You have to create a design that contains each network and isolates it within the system.”
While each of the individual networks needs to be protected, it also has to be protected based on its function and the vulnerability of its data. RTI’s strategy is not securing the data. Instead, they secure the data flow based on its purpose “With control data, you don’t encrypt it because it’s not secret, and encryption is a burden. Yet you do encrypt the map because you don’t want anyone to access your location. You customize the security based on use or application,” Leigh said.