MWC Post-Mortem – Connected and Self-Driving Cars

With the dust settling on MWC for another year, one lingering question might be ‘when did MWC turn into The Barcelona Motor Show?’ At first sight it may have seemed jarring to see so many cars proudly being shown off at the show; in fact, it makes a lot of sense when you consider that more cars were connected to mobile networks than phones in Q1 of 2016. Almost every large MWC stand, connected cars featured as a headline act, in particular with reference to emergent tech 5G, on which they will rely heavily.

The truth is, connected cars are already a reality – and as we press forward, the depth of their connectivity is going to increase. Right round the corner now are self-driving cars, which present a significant security headache. Just this Monday, Nissan began testing their fleet of autonomous cars on public roads in London, clocking up hundreds of miles in a data collection exercise – the firm hopes to have everything in place to use them as taxis for the 2020 Olympics in Tokyo.

Mobile networks and car manufacturers alike were at pains during MWC to stress that testing has been extremely encouraging and mainstream driverless vehicles will be on the road within the next few years.

Interestingly, despite this week’s London tests, Nissan have not been the first to perform such trials. The front runners in the race for self-driving cars are Google and Uber, both of whom are testing their offerings on roads in the US – and neither of whom are car manufacturers. The reason for this is that the payments model for self-driving cars is, at this early stage, looking like it will lean toward an on-demand, subscription based service.

What’s certain is that from a security standpoint, a strong relationship is going to need to form between car manufacturers, subscription model service providers like Uber, infrastructure providers and whichever network provider is responsible for managing the data between the two. Intercede representatives on the floor at MWC this year were keen to press those manning the stands on their security considerations.

What they found was that there’s a lot of confusion and buck-passing regarding who in the relationship between end user, manufacturer, technology provider and service provider will ultimately assume responsibility for security. Several hopeful service providers told us that, naturally, car manufacturers and network providers would be responsible, whilst one of the world’s leading network providers claimed it would be the service provider’s responsibility.

The truth, of course, is that the responsibility lies with all of them. The problem is this: despite their claims, car manufacturers don’t have the depth and breadth of cybersecurity experience necessary to assume the responsibility alone – it will need to be a collaborative effort. And we all know that plenty of network providers have dubious cybersecurity records at best and a lot of form at letting the bad guys in at worst.

The work to ensure that every link in the connected and autonomous car ecosystems, many aspects will need to be outsourced to and collaborated on with cybersecurity companies, in order to assure that the task is approached with appropriate due diligence.

Establishing Trusted Digital Identities and authenticating them through methods such as PKI technology and digital certificates, rather than the traditional reliance on username and password, will become critical. And this gives us even more reason to believe that experts in this field will become key to the success of the IoT and autonomous tech.

The cars of tomorrow are exciting, but they put millions of lives in the hands of companies who don’t really seem to have figured out where the responsibilities lie. Before they hit the roads, we need clear standards; and cybersecurity experts need to be involved from the start.