Open systems offer better cybersecurity

In a panel debate at the Connected Fleets Conference, Dirk Schlimm, Executive Vice President, Geotab spoke with Dr Dan Massey, Director of Technology, Cybersecurity and Policy Programme and Professor of Computer Science at the University of Colorado Boulder and part of the Neutral Vehicle Consortium and Ted Guild, Connected Vehicle Lead at W3C.

Is cyber security a nerdy topic we should leave to IT specialists?

“There are basics about cybersecurity that no one can afford to disregard,” said Dr Massey. “It’s like accounting - there are no accountants in this room but everyone here needs to look at budgets regularly anyway. So it’s definitely a C-level responsibility.”

“Security is about playing against an adversary,” added Dr Massey. So it is key to follow the standards but you should also ask someone from outside your company to assess your system’s security.

According to Mr Massey, no one can claim to have a flawless system. “If someone says there system has no flaws, they are either lying or unaware of flaws in their system.”

“The bad guys are looking in a very different way than you are,” said Mr Guild.

Open vs closed systems

It sounds counter-intuitive, but an open system is far more secure, says Dr Massey. In closed systems, you’re on your own to protect your system against your adversaries. In an open system, however, you have all other users as allies.

Why does interoperability matter?

Both panelists agree interoperability is key if you want your systems to communicate with other systems, particularly IoT systems or smart city services. “Locking out everyone else only works if you can dominate the market, but few companies succeed in that.”

Questions for every fleet executive

Mr Schlimm listed 7 questions each fleet executive should ask when drawing up a cybersecurity policy:

1. Do we follow leading cyber security standards specific to our industry?
2. Do we use outside experts to test/challenge our security programme?
3. Do we disclose security vulnerabilities and do we have a reliable systtem for over the air patching?
4. Do our strategic partners have good answers to the above questions?
5. Do we have a strategy for data-driven innovation?
6. Do our fleet vehicles come with direct data connections that can interoperate with V2X (“vehicle to everything”) infrastructure and emerging smart cities?
7. Do we actively participate in conceptualising and shaping the transportation ecosystem of the future?

Image (from left to right): Ted Guild (W3C), Dr. Dan Massey (University of Colorado Boulder) and Dirk Schlimm (Geotab)