Registered users can unlock up to five pieces of premium content each month.
Automotive: A Unique IoT Market |
NEWS |
The automotive market is a highly complex industry dealing with a composite juxtaposition of operational, technical, security, privacy, and customer objectives. It not only brings high-compute interconnected systems into the hands of end-users but is also a market that is strategically tied to both cellular infrastructure and IoT analytics, management, and authentication platforms. Automotive applications employ data-rich systems for internal (in-vehicle networking and edge computing) and external communications (telematics and connected vehicle servers) for a wide spectrum of applications. These range from standard top-tier objectives like telematics vehicle diagnostics, optimizing vehicle operations and fleet management to digital security objectives like predictive maintenance for vehicle systems, remote Electronic Control Unit (ECU) Firmware Over the Air (FOTA) update capabilities, in-vehicle network traffic monitoring, and external system authentication, as well as non-critical, low-security consumer-focused applications like infotainment systems, application marketplace, voice and video streaming services.
Security monetization is a prevalent challenge across Internet of Things (IoT) applications and understanding the underlying strategic objectives of security investments is key to both securing operations and increasing trust among Business-to-Business (B2B) and Business-to-Customer (B2C) engagements. The automotive market is no different. Currently, automotive OEMs are starting to recognize the value that security investments offer, particularly in telematics. While this is partially fueled out of necessity due to compliance and regulatory measures with functional and physical safety requirements, it is also due to the fervent attempts of car OEMs to further hone intelligence operations.
Expanding the Telematics Data Value Chain |
IMPACT |
Secure telematics data management is vital in expediting intelligence operations for car OEMs and Tier One suppliers. It is a vital component for connected vehicle operations. Insights gathered from reliable, secure sources from vehicle diagnostics can provide a competitive edge for car OEMs, Telecommunication Service Providers (TSPs), and Tier One suppliers. A secure development and continuous market feedback concept relates to streamlining insights gathered from telematics data in an efficient process, expediting manufacturing and firmware development.
First level—Identifying Ongoing Issues: Obtaining reliable data by connected devices in the field on pre-determined internals or in real-time is a key strategic point for IoT management across most applications, including telematics units. Provided that the data gathered from vehicles’ Telematics Control Units (TCUs) in the field are obtained in a reliable fashion (and ideally in real-time), OEMs can identify any security concerns, software problems, firmware version inconsistencies, and, of course, vehicle or ECU malfunctions. This is the first level of intelligence: identifying any potential issues present in vehicles, potentially even prior to the users themselves experiencing any problems.
Second level—Firmware-Over-the-Air (FOTA) and Maintenance: Avoiding vehicle recalls is a priority for car OEMs and in many cases, identified problems can be tackled ahead of time. On this second level, car OEMs may take action based on the data gathered in order to provide a solution. For example, this can be achieved by pushing a new firmware update and performing any remote alterations to a TCU, ECU, gateway, or vehicle processing unit. Alternatively, a car OEM can even instruct and issue new orders for the next time the vehicle performs on-premises maintenance. This relates to the concept of resiliency, ascertaining that vehicle manufacturers can indeed provide flexible solutions to issues as they arise.
Third level—Enhancing Manufacturing Processes: Tackling data security in telematics will require different levels of design based on the types of services utilized, the data that is tracked and managed, the critical nature of certain applications running, and real-time challenges related to critical applications. If the process is streamlined and done correctly, by gathering and analyzing reliable data from vehicle telematics, TSPs and ISPs can provide car OEMs with valuable diagnostics, Key Performance Indicators (KPIs), and information about specific vehicle control units.
In turn, this valuable information, which is not only restricted to field operations like fleet management, can also allow car OEMs to directly influence current manufacturing operations (firmware, networking, communication, security architectures) and address any security concerns during the ongoing assembly process. This allows manufacturers (both car OEMs and telematics device OEMs) to coordinate with software development teams and tackle newly discovered flaws, exploits or other malfunctions before vehicles even leave the assembly line.
Regulations May Push Car OEMs in Finding Value in New Areas |
RECOMMENDATIONS |
ABI Research posits that there is no scenario in the software-defined vehicle era where automotive players do not revisit security architecture, cloud service options, telecom strategy, and communication security for telematics and connected vehicles. While car OEMs indeed adopt new security measures out of necessity due to regulatory pressures, the fact of the matter is that they do need to adapt Vehicle-to-Everything (V2X) applications to meet the demands of the greater IoT ecosystem. As such, they are steadily starting to recognize the value of having a security-first approach in connected vehicles beyond the immediate functional safety requirements. Note that key regulations are driven by instruments like the GDPR (General Data Protection Regulation) from the EU, the CCPA California Consumer Privacy Act from the US, China’s Cybersecurity Law and the Chinese (PIPL) Personal Information Protection Law, the LGPD (General Personal Data Protection Law) in Brazil, or the DPA (Data Protection Act) in Russia as well as standards such as the automotive-specific WP-29 from the UNECE World Forum for Harmonization of Vehicle Regulations.