In the Transformative Age of Transportation, Why Trusted Mobility Platform and Services are a Must!

This article, written by Mahbubul Alam, CMO & SVP of Global Engineering at Trillium Secure, was first published as a guest feature in Jefferies Mobility Technology – Weekly Newsletter December 9, 2018

 

In today’s digital world, trust is our most valuable asset. Without trust, you cannot create value. To allow people to trust in one another, when they do not know each other well, currency was devised to ensure that all perceived values were equally recognized by both the buyer and seller. So, a currency that doesn’t have trust is one that is not useful. In the era of Internet of Things, data is the new currency. When dealing with the data that is transmitted by connected vehicles, trust in data integrity is more than just important. It can be life-saving.

In 2018 a high-end vehicle has, on average, more than 100 million lines of code. To put this in context, that is more than 50 times what the F22 fighter jet contains! Obviously, that means protecting all this software code is mission critical. According to industry projections, the value of data and services from connected vehicles is projected to grow from $30B to $1.5T by 2030. So that represents exabytes of data at stake, which present a massive opportunity.

A growing number of connected cars and electronic content per vehicle and reinforcement of mandates by regulatory bodies for vehicle data protection are driving the automotive cybersecurity market. In short, data must be protected to ensure total confidence among those who will be entrusting their lives to these vehicles’ implicit safety. That is why there must be, not only security in its purest sense of being free from threats, but trust, in all facets of the data.

Security is the foundation upon which trust is built. Trust, defined at its core as the immutable reliability of every facet contained within, is much more significant than security. For example, if on a one-hundred-dollar bill, the identifiers put into place include special security efforts such a watermark, a unique ID, a special type of paper used, etc. This makes it far more difficult to duplicate, generating the foundation of a secure currency. For it to become trusted, however, demands a far more thorough undertaking. It requires tracking to see where it is going, to whom it is going, how it is being spent and that someone is not spending more than its actual worth. A currency is only valuable when there is confidence that all these protections are in place.

In the same way, data in a digital economy must also have protections to provide confidence in its authenticity. If it became easy to counterfeit one hundred bills, the trust would erode immediately. That becomes even more important with digital currencies such as data. A recipient of the information needs to unequivocally believe that there has been no tampering with the information contained within and that its source has been uniquely identified. The trust value chain must be established by a combination of transparency, governance of the data and a continued record of transactions taking place as they are supposed to. In a data economy, in order to ask organizations to do business with a vendor or partner, the process must go beyond just making the data communication secure. They must trust the data integrity, which can be provided through a combination of architecture, technology, protocols and secure data governance.

Trust enables organizations to create value and capital markets to function properly. With trust comes confidence for organizations to make strategic moves and seize the upside of disruption. Where Trillium plays a key role in this is by encrypting the communication that occurs within the vehicle. The Trillium Secure in-vehicle security products provide adaptive firewall and self-defending intrusion detection and protection solutions, which can run on telematic control units, gateways and/or on domain controllers, ensuring that only communications that are supposed to traverse are allowed. In-vehicle security products are complimented with cloud-based AI for self-learning capability from external sources and from other vehicles connected to the platform, as well as establishing a secure connection between the vehicle and the cloud through a blockchain architecture.

Without trust in data integrity, AI/machine learning cannot deliver its potential value. While the industry as a whole has taken for granted that this incredibly powerful new technology will revolutionize the entire world, if the data it is learning from is flawed, then there will be no confidence whatsoever. This is an incredibly important objective for everyone to understand! If the data is not trusted, the machine learning that occurs will be faulty, as it is working off assumptions that are flawed. That is why a platform of trusted mobility is so ground breaking. Trillium Secure has recognized the necessity of this fact and predicated its technology to first and foremost guarantee that trust across all types of data transmitted.

But it is more than just revolutionary. Trillium technology creates a level of digital trust second to none. At its very essence, the DNA of the platform provides trust, security and integrity so that data can deliver value without reservation. It is architected in such a way that every action taken is predicated on ensuring this mandate. By doing this, the company will truly make a fundamental contribution.

To examine this further, Trillium’s platform is transformative at three distinct levels:

For the Individual:

At its essence, the data generated from connected vehicles is yet one more place where an individual can become concerned about both its legitimate use, as well as its illegitimate use by black hats who might look to profit from its sale or illegal mining. The benefit of Trillium’s platform is the ability to keep data private, control its dissemination and notify each individual whenever it might be used for monetary benefit by any entity with access to it. In this way, the entire premise discussed throughout can be said, without exaggeration, to overdeliver on the critical promise of trust.

For the Industry:

In the new privacy world order established by General Data Protection Regulation (GDPR), compliance with all privacy regulations globally becomes more valuable than ever. There is no grey area in this endeavor and the expectation is that all personally identifiable information data generated from connected vehicles, must be, not only trustworthy, but also private. Furthermore, Trillium Secure value is delivered through a distinct combination of the following: a) it lowers operational expenses, which positively improves the bottom line, b) it provides ways to generate new revenue streams, and c) it simplifies the operation and usability of complex systems at large scale. Together, this ROI becomes immediately justifiable from both a top and bottom line perspective.

For Society:

Finally, and perhaps most important, Trillium Secure looks at the impact that it can help contribute to the world. If the dream of a truly connected, mobile world is to happen, society must be able to let go of the proverbial steering wheel and let AI/machine learning take over. As stated, once that data trust and vehicle cybersecurity has been established and validated, a new set of positive paradigms will occur. Traffic can become significantly reduced, if not outright eradicated, which can have a huge effect on helping the world combat climate change. Furthermore, the stress many commuters face each day when dealing with debilitating gridlock on highways and side streets can become a thing of the past, increasing both quality of life, as well as actual longevity.

All these benefits combined will provide a clear, positive use case that makes a compelling argument for the benefits of Trillium Secure’s widespread adoption. Once accomplished, the platform and services can help to accelerate the trust needed to allow a truly connected world of transportation.

How Trusted Data Unlocks Value for Connected & Autonomous Fleets

A wide-range of industries, including food and beverage distributors and construction companies, use their connected fleets today to deliver goods and services to their customers. These connected fleets are increasingly data-driven – in 2018 a high-end vehicle has, on average, more than 100 million lines of code. To put this in context, that is more than 50 times what the F22 fighter jet contains! Obviously, that means it’s mission-critical that all this software code is protected. According to Intel Corp. the average autonomous vehicle will generate 4 terabytes of data per hour. Based on McKinsey’s projections, monetization of connected and autonomous vehicle data and services is projected to grow from $30B to $1.5T by 2030. So that represents zettabytes (1,000s of exabytes) of data at stake, which present a massive opportunity.

 

There are significant roadblocks to capitalizing on this burgeoning marketplace of data, applications, and services, one of which is a lack of trust in vehicle-generated data. “The core to success in mobility freedom and services is ‘data trust’ and the industry is increasingly demanding “Trust Protocol” for data services. We must have absolute trust in the data – it must be immutable and secured so that offered services are also trusted by users,” says Mahbubul Alam, Chief Marketing Officer and Sr. VP of Global Engineering at Trillium Secure.

 

Connected vehicles are prone to all types of cyber-attacks and ransomware. These problems only get worse with autonomous vehicles and robo-taxis where software vulnerabilities can put human lives at stake. To engender a sense of immutable trust in transportation providers to continue innovating in fleet management, preventative maintenance and other data-centric services for connected and autonomous vehicles, the threat of cyber-attack needs to be mitigated within the mobility ecosystem. Security is the foundation upon which trust is built. Trusted data, defined at its core as immutable, transparent, auditable, reliable data records that are cryptographically encrypted, is much more significant than just data security.

 

Connected fleet operators have the most to gain from trusted data security technologies developed by Trillium Secure. AI and machine learning promise to deliver incredible value once there is confidence that data is free of flaws and ready for analysis. If the data is not trusted, the machine learning that occurs will be faulty, as it is working off assumptions that are flawed. That is why a platform of trusted mobility is so ground breaking. Trillium Secure has recognized the necessity of this fact and predicated its technology to first and foremost guarantee trust across all types of data necessary for the efficient operation of connected and autonomous fleets.

 

To learn more about what Trillium’s Trusted Mobility Platform and Services can do for your connected fleet, visit https://trilliumsecure.com.

Guest Blog: Cybersecurity Explained to your Grandparents

This is a guest post coordinated by Rebecca Nehme who works for Thales’ Cybersecurity program based at STATION F. You know grandparents who want to learn more about other tech topics? Follow our Medium keyword « Techxplanation »

After blockchain and Artificial Intelligence, it’s time to become a cybersecurity expert. Cybersecurity is not an easy concept, but it can be understood as a peacekeeper against digital world’s growing threats. The startups in the Cyber@StationF program led by Thales help us get some answers to questions about this mysterious world that you didn’t even think of asking.

What’s an Information System?

In order to understand what cybersecurity is, let us start where it all happens: in and around computer systems. Derek Pierre, from NuCypher, explains:

“An information system is an organized system for the collection, organization, storage, analysis, and communication of information. Information security, INFOSEC, includes the processes and methodologies designed and deployed to keep data available and confidential while ensuring its integrity is maintained, with areas such as:

1. Application security: vulnerabilities in the software used by web and mobile applications

2. Cloud security: the security of applications that are hosted on servers

3. Cryptography: encryption and decryption of data whether stored or being exchanged

4. Infrastructure security: protection of communication networks and hardware devices

5. Vulnerability management: auditing and scanning of environments for weak points

6. Incident response: detection and remediation of malicious activities

When private data is unintentionally revealed or obtained by an unauthorized person, the event is labelled as a ‘data breach’ or ‘data leak’. Imagine the potential issues that could arise if your information was leaked from your bank:

· Home address — so that you receive an uninvited guest

· Personal information that can be used for identity theft

· Bank account information that can be used to withdraw funds

· Credit card information to use for unauthorized purchases

· Money transfer details modified to send money to an unintended recipient

Cryptography is the practice and study of techniques for securing data against unauthorized parties. It is sometimes synonymous with the terms encryption, which converts data from a readable state (plaintext) to a state that is unintelligible (ciphertext) to an observer, and decryption, which converts the unintelligible (ciphertext) back into a readable state (plaintext). Cybersecurity solves the problem of storage and communication between trusted parties without exposing the data to an untrusted interceptor i.e. it provides prevention against eavesdroppers.

At NuCypher, we are focused on using the latest advances in cryptography to provide a data privacy layer that provides the ability for distributed systems to securely store, share, and manage private data and ensure only authorized access to data”.

Who are those hackers?

“A hacker could be a person with a high level of skills in computer, or a person who circumvents security and breaks into a network or others embedded systems, usually with malicious intent,” Jin Zhang, from Algodone, explains. “The typical stereotype of a hacker is a man wearing a dark hoodie in a dark room, typing furiously on his keyboard to break the security barriers to a confidential database in hope of stealing identity or money from individuals or big corporations. But reality isn’t always as we think it is.”

Software Hackers

Software attacks are the most famous threat because they regularly affect our mobile platforms, computers, and servers. In the software world, security hackers are labelled by the colored hats they wear.

White Hat Hackers are the good guys on the block. They try to find weakness in a system with a goal of improving the security of the underlying system, with owner’s permission.

Black Hat Hackers — Their dark and malicious intent is to find vulnerabilities in individual devices, so they can hack into your network and get access to your personal, business and financial information for nefarious purposes.

Grey Hat Hackers — They might have hacked into a system without permission, yet they don’t have personal gain in mind. They may hack into an organization, find some vulnerability and leak it over the Internet or inform the organization about it.

Hardware Hackers

While individual hackers can harm others, the most serious ones are often states or competitive corporations who have money and advanced tools to be able to hack into hardware. They have generally a few main objectives, such as obtaining secret information, causing a breakdown of the system…

Counterfeiting in electronic hardware is also a wide spread challenge and a financial motivation for hackers. The following image from an August 2007 EE Times article showed counterfeited Toshiba chips with Samsung die inside.

Thanks to Algodone’s SALT (Silicon Activation Licensing Technology) electronic manufacturers can possess authentic licenses in order to use an IC chip in an electronic system. As Algodone’s SALT licensing is rooted in silicon, it is extremely difficult and nearly impossible to break through”.

Why are they doing that?

So, hackers could very well be anyone… but really, why are they doing such things? We’ve asked Rotem Abeles, from Cylus, a company that delivers in-depth holistic visibility into rail safety-critical networks.

“The motivation for a cyber-attack can vary considerably depending on the circumstances. The key motivations can be summarized into 4 main reasons:

1.They want to show off. In 2008, a polish kid hacked the train network in Lodz, and as a result, 12 people got injured. His prank was not taken lightly — he was caught by the police and sentenced to jail.

2. They are looking for revenge. In 2017, a former employee of Transcontinental Railroad Company was found guilty of damaging the railway’s’ IT network. He was fired in 2015 and according to the US justice department, before leaving, the former IT admin deleted files in his employer’s network, removed administrative-level accounts, and changed passwords on the remaining administrative-level accounts, locking them out. He even attempted to conceal his activity by wiping the laptop’s hard drive!

3. They are in for the money. Ransomware attacks are a lucrative way for criminals to fill their pockets. In 2016, San Francisco’s railway system, the Bay Area Rapid Transit (BART) was the target of ransomware. The management of BART refused to pay the ransom and let commuters in for free until they could recover the system from a safe backup. Had the attack been on a more critical system, the outcome could have been different. Shutting down the subway in a major city could cost hundreds of millions of dollars in economic damage per day.

4. They are motivated by ideology (e.g. Terrorist groups or governments). Cyber-attacks can be an act of terrorism or part of a larger geopolitical conflict. We have seen Russia launch cyber-attacks on utility companies in the Ukraine, shutting down the power with a push of a button. In transportation, we have seen that North Korea tried to hack South’s railway system”.

How do they attack?

Cybersecurity will always exist, and the more digital the world becomes, the more it will be necessary. Everyone these days is digitally connected, whether you have a mobile phone, a tablet, or even a fridge! All these smart devices connect to the internet, which allows cyber-attackers to target a person, as explained by Jonathan Levy, from Perception Point:

“This market follows a cat-and-mouse model where the defenders are continuously trying to catch up with the attackers. As a result, there is no ‘silver bullet’ that will stop all attacks, but a continuous game to try to stay ahead of the attackers.

In order to better understand on howattackers target people, we will list the most popular places attackers target with examples and deep dive into two of the main types:

· Mobile– Fake wifi connection, malware disguised as an app, malicious SMS link

· Internet of Things:Intercept connection of any connected device (Vacuum, HVACS, Fridge, Printer…) and turn them into a zombie army working for the attacker.

· Email: Malicious attachments and links hidden within the email enable further in-depth attacks like Advanced Persistent Threats. 90% of cyber-attacks use email to attack people. New malware samples executed via email are rapidly multiplying, with over 72 million seen in just one month! A common example of attackers’ techniques is a phishing attack: an attacker masks as a trusted entity and dupes a victim into opening the malicious content.

· Shared Drives: Rapid spread of malware through document sharing. Given their growing usage, they pose an attractive target for hackers, yet aren’t nearly as protected as more traditional targets. It is not enough to just secure the data in collaboration channels, you have to ensure that the content inside these channels is clean and safe.

· Network: Distributed denial of service (DDOS) attacks leverage swarms of zombie computers to saturate a web service; a Man-in-the-middle (MITM) attack diverts the network traffic through the attackers’ computers, Spear phishing attacks are socially-engineered attacks to specific targets.

· End-Points– USB sticks are the computer equivalent of drug syringes and spread viruses very rapidly; Ransomware blocks users out of their own systems; Eavesdropping enables to listen to confidential conversations even when your phone is — apparently — switched off.

This cat-and-mouse model of cybersecurity shows again that the defensive side of the industry needs to take a new approach. Perception Point stop malicious content from infiltrating via any collaboration channel. Unique CPU-level visibility plus deep scanning capabilities detect the unknown attacks, pre-malware release. In addition, multi-layered technology combines multiple threat intelligence, image recognition and static engines to prevent phishing and commodity malware.”

Data: What is at stake?

The data you generate on the internet create a double “digital you”, as real as your flesh and blood, your digital footprint. Adrian Sossna and David Uze, from Trillium, explain how our actions on the internet can harm us and our people.

“Any and all information sent over an unprotected internet connection can be intercepted by criminals. Ordering an Uber to your friends’ house puts both your and their location at risk, and making online purchases exposes your credit card information — a mistake that can lead to serious financial fraud. Having your social security number leaked over the internet could lead to a torrent of trouble at the hands of an unscrupulous identity thief.

The stakes get even higher, however, when connectivity is used to amplify the services in whose hands we put our lives. Modern cars, airplanes, ships, and even medical devices have added internet connections to expand the range of services they offer. Using your phone to adjust your pacemaker is incredibly convenient, but the damage a hacker could cause with control of it is literally life threatening. Without the appropriate protective measures in place, all digital information can be turned into a weapon to threaten people.

Modern vehicles are connected to the internet wirelessly, and also use a number of additional radio interfaces: Bluetooth, remote unlocking and starting of vehicles, wireless tire pressure monitoring systems, wired iOS and Android interfaces…

The electronics in your vehicle keep record of the places you visited — if equipped with navigation, they remember your driving style, how you accelerate and how often you break hard. If you use the Bluetooth connection to make phone calls in your car the electronics may keep a list if your contacts, or the history of your calls and messages.

Connectivity-enabled transportation has numerous hurdles barring its way to success. Unique, unprecedented situations involving multiple vehicles, their passengers, and their data need to be secured from start to finish to ensure the safety of the people depending on connected vehicles”.

Even worse, in addition to one’s own actions, this “digital self” is also indirectly threatened by confidential information in various companies’ databases. Are these companies doing the right thing to protect us and themselves? Antoine Matthey-Doret, from Dathena, provides an answer:

“Imagine a very messy office open to everyone, files and folders lying everywhere: this is what most data centers look like today. Even if the office is locked with a key, you want to make sure that no matter what happens, the confidential information does not get stolen. As we know that no system is perfect, there is a need to proactively protect the confidential information. However, people do not know what is sensitive or not or even what the company has to protect. And doing this manually would be a nightmare. Automated classification allows exhaustive and granular inventory of all these documents by business category and by level of confidentiality to protect and monitor information.

The 7 reasons for data classification are the following:

· Handle your data appropriately: data classification enables organizations and employees to regain control over their data knowing where each type of record is stored.

· Measure your protection: identifying which files are being protected, as well as how and why. This way you are able to proactively detect potential security lacks.

· Prevent insider threats: data classification combined with identity and access management technology helps by only allowing the right people to access to documents on a need-to-know basis.

· Prevent outsider threats: data classification combined with data loss prevention technologies help to prevent unauthorized third parties from seeing information they shouldn’t.

· Find data quickly: data classification enables efficient data retrieval, which has become a key point for organizations with new regulations such as GDPR. (The C-Suite UK, 2017)

GDP What?

GDPR stands for General Data Protection Regulation. It’s a new European regulation which revolutionizes data privacy addressing the way data should be stored, transferred and collected online. Its aim is to give European residents greater control and visibility over their personal data, strengthening and unifying data protection.

Cybersecurity technologies can help organizations navigate within their petabytes of data and regain control over it: this is Dathena’s mission. Leveraging the power of Artificial Intelligence, Dathena automatically classifies data, identifies personal information, detects security anomalies and protects sensitive information”.

How to Cyber-Secure your business?

Businesses really need be aware of cybersecurity solutions in order to prevent any risks of data leaks or others attacks that might happen against them. Eric Houdet, from Quarkslab, gives us some advice about what we can easily put in place at work:

“The primary focus of INFOSEC (Information Security) is the balanced protection of the confidentiality, integrity and availability of data while maintaining a focus on efficient policy implementation, all without hampering organization productivity. This is largely achieved through a multi-step risk management process that identifies assets, threat sources, vulnerabilities, potential impacts, and possible controls, followed by assessment of the effectiveness of the risk management plan.

To standardize this discipline, academics and professionals collaborate and seek to set basic guidance, policies, and industry standards on password, antivirus software, firewall, encryption software, legal liability and user/administrator training standards. This standardization may be further driven by a wide variety of laws and regulations that affect how data is accessed, processed, stored, and transferred. However, the implementation of any standards and guidance within an entity may have limited effect if a culture of continuous improvement isn’t adopted.

But attackers target data, not the infrastructure which needs to be constantly:

· monitored with usually a security operations center (SOC) where a centralized unit deals with security issues on an organizational and technical level;

· tested with regular authorized simulated attack on a computer system, performed to evaluate the security of the system. The test is performed to identify both weaknesses, also referred to as vulnerabilities;

· and updated.

Therefore, Quarkslab focuses on data security, with 3 products: IRMA, Ivy, and Epona. These products, coming along our service and training offers, help organizations take security decisions at the right time based on relevant information.

At Quarkslab, we see security as a means of fulfillment. With security you can look ahead, with confidence. We give meaning to security, seen not as a self-serving abstraction but as a concrete means for accomplishing ambitions”.

IN A NUTSHELL

Cybersecurity is a critical technology for the digital age: without it, there can be no trust, no services, no transactions, no digitization, no growth, no citizenship. As a world leading company in this industry and others, Thales is proud to be working with the crème de la crème of cybersecurity start-ups worldwide, and to provide the best secured solutions that make the world go round, whatever it takes. Learn more about the Cyber@StationF programme and the start-ups on their website.

Hack Across America’s Latest Stop is the University of Detroit Mercy

Cybersecurity is a hot subject area on university campuses nationwide. In particular, schools in the state of Michigan are refining curricula to produce professionals capable of defending against the increasingly complex nature of cybercrime and intrusion in both government and industry.

 

That’s why Trillium’s latest stop on the Hack Across America tour was the University of Detroit-Mercy (UDM). The school is a Department of Homeland Security (DHS) and National Security Agency (NSA) designated Center of Academic Excellence in Cyber Defense (CAE-CD). Over forty students attended the engagement on UDM’s campus on November 8th, 2019.

 

During the presentations given by Trillium’s sales engineer and cloud engineer on the need for securing the data generated by connected vehicles, UDM students were engaged and asked many questions. They exhibited a strong grasp of encryption technologies, familiarity with CAN bus networks, and deep interest in work placements at Trillium’s Ann Arbor office location. The two-hour discussion which followed the presentations was marked by intense curiosity about Trillium’s multi-layered cybersecurity solution, its online car hacking simulation called PassGO, and how a trusted mobility platform and data management services can be deployed to make connected vehicles safe.

 

To find out where the next CAE-CD stop of Hack Across America will be, follow Trillium Secure on LinkedIn, or visit www.trilliumsecure.com.

Vehicle Safety is Synonymous with Vehicle Security

Drivers used to think of vehicle safety systems as strictly mechanical elements like seat belts, brakes, and crunch zones. But today, safety systems have become completely dependent on electronics and sensors – airbags, ABS, blind spot indicators, cruise control, lane departure warning, automatic emergency braking, just to name a few. This makes sense considering how rapidly safety tech has evolved, the value of marketing the assurance of safety in a vehicle, and the countless lives saved by automated safeguards.

 

But what happens when the integrity of data generated by safety tech comes into question? Who is liable if a hacker manipulates the data sent by a blind-spot detection safety system and the orange or red indicator remained unlit as a car sped past? This issue is very important because of the overriding need to be safe and to feel safe when on the road. The damage to a vehicle brand, and the liability to a business that sells unsafe vehicles, is long and far reaching. In some cases, it is unrecoverable. Therefore, as modern vehicles become more connected and automated, the biggest reason for security is safety.

 

Many fundamental driver controls, such as headlamps or automatic door locks, have a dual purpose as a safety device. What is not well understood in the mobility industry is that vehicle security also has a dual purpose as a safety device. This is true because safety devices are vulnerable to attacks and indeed threaten driver and passenger safety, as detailed in Andy Greenberg’s article in Wired.

 

Another aspect of vehicle safety that is often overlooked is data privacy. As automakers increasingly market themselves as technology companies, it’s important to note that tech titans, such as Microsoft CEO Satya Nadella and Apple CEO Tim Cook, view data privacy as a human right and welcome stringent privacy standards. When it comes to connected vehicles, safety and data privacy are two sides of the same coin. For example, many modern vehicles feature real-time GPS information – it takes just a short stretch of the imagination to consider the consequences of an angry spouse who is able to easily track the location of a person fleeing from domestic abuse. In other words, leaders in the mobility industry who are concerned about driver safety must consider data privacy, in addition to security, as a benchmark for evaluating vehicle systems.

 

The mobility industry is connecting vehicles in all sorts of ways via Bluetooth, WiFi, LTE, and OBD-2 to name a few. Each of these access surfaces are a magnet for hackers and bad actors. What is still in the process of becoming better understood is the mounting liabilities associated with vulnerable safety systems and unprotected driver data. Trillium’s trusted data management platform mitigates the risks of operating connected vehicle fleets. Learn more about Trillium’s secure platform as a service at www.trilliumsecure.com

Who Has Access to Data From Connected Vehicles?

In an informative article written by Bryan Jonston, it’s made clear that there’s a disconnect between consumers and vehicle manufacturers about who should have exclusive access to vehicle data, according to a survey conducted by Ipsos.

86 percent of vehicle owners and lessees believe car owners should have full access to and control of their vehicle’s data, including maintenance and repair information, says a survey released by the Auto Care Association. Additionally, 88 percent of consumers believe a vehicle’s owner should decide who has access to this data.

It’s true that the public has a low level of awareness regarding driver and vehicle data, known as telematics; however, people still feel entitled to accessing the data that their vehicles generate despite not having a clear idea about what is being collected and sent to the cloud. On the other hand, there has been clear indications that commercial fleet owners have begun tapping into this lake of data.

Having the means to securely access and confidently analyze vehicle-generated data is the key to keeping personal information private or reducing the cost of operating fleets of vehicles. Automakers and fleet owners are in advantageous positions to leverage data for monetization purposes, but also have the responsibility to secure telematics systems against cyber-attack.

Infotainment system suppliers like Harman can also access connected car data, especially when assisting law enforcement for digital forensics. A myriad of new use-cases is being spawned right now, including advanced remote diagnosis and enhanced driver safety, as the goldmine of vehicle data is further explored.

What’s needed to bridge this information divide between consumers and the automotive industry is trust. Widening the number of parties that can drink from the firehose of data being generated by connected cars will unleash a new wave of innovation. This untapped market will grow faster thanks to Trillium’s leadership in creating a trusted ecosystem for connected vehicles and next-generation mobility services. Trillium – championing the cause of making connected cars safe.

Trillium Spotlights Security and Data Monetization at CEATEC Japan 2018

The Trillium team harkened back to its roots in Japan during the CEATEC (Combined Exhibition of Advanced Technologies) 2018 event, which took place from Oct. 16 – 19 at Makuhari Messe. Much has changed since Trillium began as a small outfit of engineers working towards securing IoT devices using lightweight encryption technology – the proliferation of connected devices, and the explosion of data they generate, has brought a wealth of opportunities and conveniences to all aspects of life. As such, Trillium used its presence at this year’s CEATEC to highlight the company’s leadership position in automotive cybersecurity, and its unique position to enable the growing number of monetizable services arising from connected car data.

CEATEC Japan was the perfect stage for Trillium to show the world how it’s fueling the trusted mobility revolution – the event attracts close to 700 exhibitors and over 150,000 attendees each year. Trillium took the spotlight a total of three times, first during the Plug and Play Startup Pitch event (Mobility); next, at the Cutting-Edge U.S. Technology Showcase (Cybersecurity) in Co-Creation Park; and during the CEATEC Cybersecurity Keynote Sessions when CEO David Uze addressed the audience on “Security, Safety and Monetization Opportunities in the Connected Vehicles Era” alongside speakers from Symantec, Crowdstrike, and Lookout.

Mr. Uze put into context well-known car hacks such as the Jeep whose brakes and steering were demonstrated to be vulnerable to remote take-over, and what it meant for internet connected vehicles: innovation is a wonderful thing until someone gets injured or worse. Where human safety is concerned both inside and outside the vehicle, basic common sense tells us that particularly with regards to mobility, innovation requires trust. That trust extends not only to all of the complex features and functions associated with connectivity and self-driving capabilities, but also to the resilience of the vehicle against cyber threats and bad actors.

Mr. Uze shared how Trillium will lead the trusted mobility revolution by securing vast amounts of data harvested from connected cars for a growing number of monetizable services. He teased Trillium’s data management dashboard called SecureSKYE, which will be demonstrated at CES 2019, to draw implications for fleet operators, automotive OEMs, insurance companies and network service providers on the game-changing nature of trusted access to vehicle data.

Trillium benefited from participating at CEATEC, a showcase for innovative solutions to society’s problems, because a highly-receptive audience understood Mr. Uze’s main point: smart tech does not evolve without secure tech. Indeed, vulnerable smart tech translates directly into a “high-value target” for hackers since there is more reward. Moreover, there’s enormous unrealized revenue if connected vehicle data is secured and extracted in a protected way through Trillium’s innovative technologies.

Reporting Live from Global Sales Summit Japan

It’s early-October and the morning air is pleasantly crisp in Tokyo. Over twenty-five Trillium employees have flown from all over the world – Ann Arbor, Silicon Valley, Belfast, Paris, Shanghai – to gather in the France-Japan Chamber of Commerce boardroom to discuss what we’ve accomplished, the challenges we face, and the roadmap to making Trillium Secure an incredible success.

 

The Global Sales Summit (GSS) is a biannual four-day marathon of progress reports, project proposals, and brainstorming sessions to get all global team members on the same page. For example, Ross Hirschi, Trillium’s Director of Engineering, gives a detailed account of multiple innovative products that are in the pipeline. Next, Dan Viza, Director of Global Business Development and Strategy, presents a farsighted overview of Trillium’s ambitious goals in the connected vehicle data industry. And, David Uze, Trillium’s tireless president and CEO, paces to-and-fro while actively providing feedback on sales funnels, giving encouragement for upcoming pitch competitions, and getting excited when new requirement use-cases are identified for blue ocean opportunities. For ten hours straight. Then we all hit the town together, get some rest, and do it again.

 

There are rules, but they can be bent. Like how a new policy for granting cash rewards to high-performing engineering teams was swiftly proposed and approved. We raise our hands when a colleague asks for help because they’re like family – at 1 AM, you can find ten Trillium team members sitting in a row outside a ramen shop, slurping and cooing with pleasure over delicious broth. We work hard as hell, but we play hard too. Like how David Uze takes his calls while listening to world-class jazz musicians in Roppongi Hills and turns on a mobile hot spot for the phalanx of global employees around him – his Hawaiian shirt stands out from the crowd of white, blue and plaid shirts and he snaps rhythmically while discussing a new office opening in Belfast, Northern Ireland with his Head of Finance.

 

It’s safe to say that GSS is like nothing I’ve experienced before – it’s a methodical, creative, and expansive exercise in how a tough company like Trillium is disrupting industries that increasingly depend on secured data. But more importantly, GSS is the chance to experience, contribute to, and embrace other Trillium team members’ expertise to propel the company into the stratosphere. Despite the grueling schedule, I’m hungry for more. And it’s only day 3!

Team Trillium Sponsors InsureTech Connect 2018

The conversations at InsureTech Connect 2018 (ITC 2018), the world’s largest gathering of insurance leaders and innovators, always veered back to data and cybersecurity –Trillium Secure was the only vehicle cybersecurity company that sponsored ITC 2018 as part of the Plug and Play cohort.

 

The event took place in Las Vegas’ MGM Grand between October 2-3. ITC 2018 attracted 6,000 attendees and Team Trillium engaged numerous high-value partners and clients who are concerned about how the proliferation of connected car data will impact their businesses. Trillium’s main message was that insurance companies must have a cybersecurity partner to analyze vehicle-generated data, and to succeed in the autonomous-driven future.

 

“We are definitely coming back next year to InsureTech Connect,” said David Uze, CEO of Trillium. “The insurance community is searching for the right solution to protect, harvest, and analyze data from connected vehicles and Trillium’s trusted mobility services captivated the attendees at ITC 2018.”

 

Usage-based insurance was a big theme at this year’s event and many participants were interested in how to complement their vehicle health data sets with additional data points on driver behavior. Trillium’s sponsorship of ITC 2018 shed critical light on how valuable vehicle data, once secured against cyber-attack, enables insurance companies to build innovative new products in a changing market space where the number of automobile accidents decrease as self-driving car technology matures.

 

“Trillium’s subscription-based model for providing lifecycle protection, threat management and data analytics generated huge interest at ITC 2018,” said Dan Viza, vice president, global business development and strategy. “Our holistic, multi-layered vehicle cybersecurity platform struck a chord with key players in the insurance and telecommunications industry.”