By now, most companies understand the importance of security in the connected world and how much IoT impacts their businesses. So, it makes sense that at security was a common theme throughout the 2017 MWC show floor and sessions. Exhibitors represented a diverse ecosystem of technologies that are required to develop and expand today’s connected world and to solve one key challenge in it: security.
The two sessions I attended covered security in different ways and I wanted to share a few interesting points from each session. The first panel was at the 5G Summit where Arm’s Dave Weidner, Director, Internet Services Group discussed “IoTs Place in the World of 5G.” Weidner talked about the drive for IoT at scale requiring a common architecture and said companies must have a solution that allows them to have security and connectivity. This way, services can be built on top of it using a common architecture, which in turn, enables development across different industries. Weidner continued, noting that IoT is a symbiotic system where coOh mpanies first deploy intelligence, then they capture the intelligence and lastly, they gather insight to create an ongoing cycle of optimization/innovation. Surprisingly, businesses only analyze 1% of the data from the IoT today. If they can get 5% analyzed, Weidner says, we will increase our ability to make better decisions which in turn improves business value.
One key message Weidner drove home was that while the industry sees great opportunity in IoT, the need for developing it securely remains the only way true business value can be achieved.
The second panel session, “Securing the Connective Vehicle,” featured panelists that included Ron Malenfant, Cisco; Manu Namboodiri, Delphi; Larry Leblanc, Sierra Wireless; Peter Horling, Volvo Car USA, and Rusti Baker, Arm. Moderated by Ian Smith, IoT Security lead at GSMA, panelists were asked about the risks that connectivity brings to connected and autonomous cars. Volvo's Peter Horling noted there were many challenges but major opportunities as he believes sharing data that informs or guides a car into better decision making is a good thing, but we need to ensure that high quality data is used in the process.
Panelist Namboodiri further commented that the car structure is moving from a collection of separate components to a computer on wheels, and businesses must think of cars that way. This shift in perception changes the way the industry needs to think about security, safety, and privacy.
The discussion then shifted to the infrastructure that needs to be developed alongside the connected vehicle and the issues associated, with participants highlighting that companies can do more to help a car drive safely, but they need to look at trust and ensure that the right command messages are coming from a trusted source. Cisco's Ron Malenfant noted the difference between today’s connected vehicle compared to a smartphone citing the "identity situation", where a device can become a trusted, recognized entity, adequately. To fix this problem, he said that development in this space needs to continue so that all the parts in a car can have an ID and can be quickly added or removed from a network.
Surprisingly, these challenges are not unique to the automotive industry. Arm's Rusti Baker, Director Security Ecosystems and Partnerships, said there are many common technologies in smartphones and automobiles, highlighting a key difference between the two when it comes to security: smartphones have a single identity - the owner or subscriber. This single identity makes security and privacy simpler to achieve and protect. A vehicle doesn’t have a single subscriber, which makes it more complicated to ensure security, safety, and privacy. Today’s vehicle ownership comprises a household and could in the future be more people if the car share models becomes more popular. These current and future trends mean the industry needs to think about how to protect the information of the multiple vehicle users, meaning multiple identities, versus in the smartphone where there is only a single identity to protect.
Baker pointed out that while technologies exist today for protecting devices, the complexity of vehicles being comprised of a system of systems also creates potential opportunities for attackers often in the inter-device channel.
At this point, an audience member asked the panel: “If the vehicle is a system of systems, how do we figure out the responsibility if something bad happens since we can no longer blame the driver?”
Recognizing that a lot of research would need to take place before identifying blame, Malenfant took a more positive spin. He said rather than looking at it like a liability issue, perhaps, we can view it as a business opportunity for a centralized security source to add services.
As MWC ended, I felt optimistic after listening to the panelists about the challenges surrounding security. Sure, it’s scary and complex, but many companies and industry experts recognize this and are working hard to build a safe and secure connected world for everyone.
I also know that at Arm we believe and are working towards a more secure connected future - check out Security on Arm to find the latest security products and solutions from Arm.