Cybersecurity in the MaaS Ecosystem
The Transformation of the Automotive Sector
Cybersecurity in the MaaS Ecosystem: The automotive sector is going through an unprecedented radical transformation involving digitalisation, the Internet of Things (IoT), urbanisation, and autonomous technology. These technological trends are completely disrupting business models and reshaping this sector. There are currently three interconnected processes:
1.) New servicing options are being introduced using advanced technologies, gradually transforming products into services,
2.) Even in traditionally hardware-oriented industries like the automotive industry, drivers are evolving into users, and
3.) The prevalence of cyberattacks is growing along with connectivity, necessitating new security standards in these uncharted areas.
These developments have collectively contributed to the emergence of what we now know as Mobility as a Service (MaaS). MaaS essentially provides the flexibility needed in today’s on-demand environment. With a new generation of digital and connected services, the automotive industry (amongst other transportation sectors) is quickly adapting to consumers who value experiences over possessions and moving away from a car-centric to a user-centric focus. However, this change is challenging for all industry participants, particularly with regards to keeping consumers and data safe from cyberattacks.
The Requirement of Cybersecurity for MaaS
The direct connection to safety is what makes cybersecurity a top concern in the connected transportation and MaaS ecosystems today.
Ensuring safety and mitigating attacks on compromised transportation systems, where vehicle control is at stake, remains the primary concern. Data privacy and protecting corporate intellectual property are also obviously required. In the transportation sector, protecting the connected vehicle is what keeps services safe. Therefore, any defects discovered in mobile apps, backend telematics servers, or in-vehicle computers could have disastrous effects.
Innovative connected transportation platforms and new services that let users of connected transportation (whether corporate or private) experience the newest smart mobility features have emerged due to the changing technological landscape.
However, utilizing these technologies effectively requires a comprehensive security solution that offers visibility into all potential communication entry points, facilitates real-time proactive measures, and ultimately assists Original Equipment Manufacturers (OEMs) and transportation service providers in developing connected mobility solutions.
Innovations in Cybersecurity for MaaS
In mid-2021, researchers from the Massachusetts Institute of Technology, USA, developed a cybersecurity method based on System Theoretic Process Analysis (STPA and STPA-Sec) to meet the growing need to analyse complex socio-technical systems holistically. They applied cybersecurity to co-analyse safety and security hazards and identify mitigation requirements. The researchers compared the outcomes with those of a different technique called ‘Combined Harm Analysis of Safety and Security for Information Systems’ (CHASSIS), which holds potential for fruitful results.
The researchers applied both methods to MaaS and Internet of Vehicle (IoV) use cases, with a specific focus on the over-the-air software update features.
Compared to CHASSIS, the STPA and STPA-Sec cybersecurity methods identified more risks and valuable requirements. STPA and STPA-Sec cybersecurity systems identify risks arising from unsafe or insecure interactions between socio-technical elements. This research suggested utilizing CHASSIS methods for information lifecycle analysis to complement and expand cybersecurity considerations. Comparing results to a previous cyberattack, researchers found STPA, STPA-Sec, and CHASSIS approaches effectively reduced incident risks.
Researchers from the School of Computing and The Institute of Cyber Security for Society (iCSS) at the University of Kent, UK will work with researchers at Cranfield University, UK, to research the cybersecurity risks posed by a digitally enabled, low-carbon MaaS ecosystem. The Engineering and Physical Sciences Research Council (EPSRC), a part of UK Research and Innovation (UKRI), funds the project titled ‘Mobility as a service: Managing Cybersecurity Risks across Consumers, Organisations and Sectors (MACRO),’ which will run for two years. MaaS ecosystem requires evaluating privacy and cybersecurity risks and developing solutions, including policies, procedures, and new tools. Moreover, the project aims to develop tools and information for stakeholders to foster healthy MaaS ecosystems through a modelling-based approach.
Enhancing Cybersecurity in Mobility as a Service (MaaS) Ecosystems
US-based start-up SecureThings have created a security suite for the automotive and mobility sectors and MaaS ecosystems. The start-up’s real-time in-vehicle security system offers multi-layered cybersecurity and safeguards electronic and telematic control units. Deterministic and machine learning-based strategies used by SecureThings defend against both known and unknown attacks. It supports the service-based economy of connected autonomous shared mobility and electrification by ensuring the security of vehicle networks. This is particularly important with regards to MaaS ecosystems.
Researchers at the University of Southampton, UK, applied the STRIDE Threat Modelling framework for security analysis of a MaaS ecosystem.
By using a threat-centric approach, STRIDE associated threats and types to stakeholder assets, from an adversary’s perspective. Analyzed MaaS security threats, planned mitigations to eliminate/reduce them, identifying vulnerabilities and enhancing overall protection. Establishing and maintaining privacy and security are salient to engendering trust in a system.
By eliciting threats in MaaS and designing mitigations to counter them, they demonstrated how MaaS security could be established, fostering increased stakeholder trust in MaaS and next-generation transportation systems.
The Japanese start-up Keychain produced a blockchain-based software development kit to safeguard data within MaaS ecosystems.
The start-up’s DAP enables secure issuance, distribution, and management of digital assets, with end-to-end data encryption in mobility networks.
This normalises the risk of data breaches, enabling mobility companies to continue operations and bounce back from cybersecurity lapses. The solution securely logs network-based events to ensure reporting, archiving, and regulatory compliance.
The Future of Cybersecurity for MaaS
Transportation companies are already paying attention to cybersecurity, leading to a paradigm shift in operations to meet customer demands, deliver on quality expectations, manage rising cyber risks, and comply with UNECE WP.29 cybersecurity and software update regulations in Europe.
By 2030, experts anticipate global MaaS revenues to surpass US$1 trillion, transforming the entire transportation sector and fostering a competitive ecosystem of rapidly evolving transportation marketplaces. Additionally, MaaS providers will face increasing competition from public transportation for customers as the world’s population rapidly urbanises. Customised cybersecurity solutions created from the ground up and catered to the unique requirements of each system are required for public transportation. Too frequently, one-size-fits-all cybersecurity solutions are presented, omitting the specifics of each transit system and placing them at greater risk. For instance, V2X, metros, aeroplanes, and railways require safeguards tailored to the sector’s requirements.
Leave a Comment