With the future of warfare being online, and in the news right now, I thought that an updated article of mine may be useful to you.

The world of mobility is undergoing nothing less than a technological revolution. Such technologies pose significant issues, most notably cyber security. Hacking of connected vehicles and traffic signals hits the headlines and news. How this issue will evolve, and how the automotive, public transport, maritime, aviation, and other sectors of mobility react will be critical.

Back in the day, I collaborated with Digital Catapult, IBM, Coventry University, and the Institution of Engineering and Technology, to undertake research on the future of cyber security in intelligent mobility. That research culminated in the publication of a new ‘Cyber Security and Intelligent Mobility’ report. Many others have done amazing work since to further develop the research agenda, with ENISA publishing a particularly seminal report.

The future isn’t just an extension of the current issues. As demands for integrating technology into mobility become insatiable, the future will be a whole different proposition to securing current transport systems. It is one that we need to understand quickly if we are to remain safe. This proposition is characterised by the following elements:

• Deep levels of integration across all mobility sectors and new forms of mobility. As Mobility as a Service-style services that integrate several aspects of several systems gain advantage, the technological relationships between infrastructure providers, service operators, and technology solutions will become deeper. All providers will need to understand and plan for security issues at a system level.

• Decentralised control of customer and operational choices. The customer will utilise new technologies to put themselves in control of their mobility. Single points of control that are characteristic of modern intelligent transport systems will be replaced with decentralised systems of coordination, information-sharing, and decision-making between multiple organisations and individuals, enabled in real time by technology.

• Autonomy as standard, but with humans. Vehicle manufacturers are increasingly taking the mindset of designing new vehicles with future autonomy in mind. Safety-critical systems are the manifestation of an increasingly cyber-physical challenge, and is one of most concern to cyber security and transport professionals.

• New business models and services emerging. The business model of mobility is rapidly changing. Shifting away from selling vehicles or running public transport services, into being whole mobility companies will radically change the economics of the mobility market. This affects the business case for investing in cyber security.

Mobility companies, governments, academics, cyber security practitioners and people using our mobility systems every day face new challenges. Even securing current systems whilst maintaining levels of services is a huge challenge.

Levels of maturity in tackling this challenge vary across the sector, and each sector is fast trying to improve its understanding of this space, while the numbers of cyber-attacks are rapidly increasing. The future is only likely to see more attacks, happening more often, with a greater potency.

Our future brings more challenges, not just related to technology. New security governance structures crossing mobility sectors will need to be in place, sharing intelligence and solutions between traditionally conservative sectors. As the business model for mobility shifts, cyber security companies will see new Mobility as a Service customers emerge. Demand for an already limited supply of cyber security skills will sky-rocket further. In my previous work, we identified 10 challenges.

Challenge 1 – Improving market literacy. The UK has significant cyber security capability – particularly in the defence and financial sectors – and yet a common message was the current lack of understanding of the cyber security and transport markets. From the cyber security market, common issues reported are: Who is responsible for what? Who is my potential customer for my technology? What standards do I have to meet to have my product approved in a particular market?

Challenge 2 – Engraining good security principles in industry culture. This is not just about ensuring there is a core capability, it is also about a much wider issue of cyber security literacy. Transport prides itself on its safety culture. A mix of awareness-raising, training and leadership, and making the safe thing do the easiest thing to do, has created a culture where any preventable incident is unacceptable. A similar approach to cyber security also needs to be part of the industry’s culture if it is to tackle the cyber threat in a world of intelligent mobility.

Challenge 3 – Regulation and standards. What was most desired is clarity over standards relating to specific aspects of intelligent mobility – notably autonomous cars – and cyber security. The complexity of the standards landscape was a common comment, and whilst work has been undertaken in specific areas in this space – notably standard J3061 on Cybersecurity for Cyber-Physical Vehicle Systems – the many technologies and systems in the whole intelligent mobility space necessitates clarity to aid deliver.

Challenge 4 – Blended governance structures and strategy. Securing intelligent mobility will necessitate a change in security governance
structures in current transport sectors. This will include experimentation with new distributed and collaborative governance, which manages risk at an organisation and system level across sectors, and importantly is adaptive to a changing cyber threat landscape.

Challenge 5 – Intelligence sharing. The challenge is that current intelligence sharing is not pervasive within the transport industry, and also carries a significant time lag between detection and sharing an issue. Where multiple attacks across an industry are occurring in real time, this makes coordinating action to deal with the threat more challenging. Such joint action needs to be built upon a system of sharing trusted intelligence, in real time, with appropriate levels of information required to coordinate a response.

Challenge 6 – Bringing through solutions that enable transport to understand the complexity of the threat. Threats to key actors in intelligent mobility are becoming increasingly complex as perpetrators of intentional attacks and technologies become more sophisticated. Those working in transport will not only need to be more aware of the evolution of the threat facing them, they will also need to be aware of threats to other actors, who may not be within their own industry, which may in turn affect them through an increasingly connected ecosystem.

Challenge 7 – Encouraging innovation in cyber security. Current innovation ecosystems are tailored towards developing general capability in cyber security. While transport can benefit such ecosystems and there is considerable scope to transfer capability from sectors such as banking, a focus is required on developing transport’s innovation capability in cyber security.

Challenge 8 – Shifting business case for cyber security caused by new value chains. The challenge posed by the future is that instead of generating new revenue for operators and infrastructure owners, transport will shift
existing value generated in transport, for example to Mobility as a Service
providers. This will fundamentally change the business case for cyber investment for many organisations, particularly if value is shifted away from organisations with a significant cyber-physical presence, such as infrastructure operators.

Challenge 9 – Smart data focussed new business models. Data is critical to generating new value in the world of transport. One of the key balancing acts facing organisations in transport will be to collect enough data so as to provide a useful and sustainable service and to innovate, and not so much as to be an attractive proposition for potential attackers. Intelligent mobility may be required to shift away from business models based on big data, to business models based on smart data.

Challenge 10 – Seeing consumer privacy as an opportunity. While the debate over security and privacy will continue over the forthcoming 10 years, it is important to realise that privacy in itself also poses a business opportunity as well as a risk that requires managing. Already many companies are identifying
protecting the privacy of their customers as a unique selling point withs ignificant potential value in a time where cyber security is becoming more a consumer concern.

The tempting thing to do will be to run, hide, and unplug all of your connected infrastructure. But that time has been and gone – the technology is here to stay. Luckily, there are things you can do to deliver technologically leading services, and keep yourselves secure:

• Perform basic cyber hygiene. If you’re an individual, take basic actions like making your password easy to remember and hard to guess, and don’t leave your screen open when making a cup of coffee. It sounds simple, but it makes a big difference.

• Take the same attitude to cyber security as you do to safety. Get trained in cyber security basics – it will benefit you and your organisation. Lobby before and become a lead person within your department who will act as a cyber champion.

• Be aware of what you sign up to. Ask yourself – does this app really need access to my Facebook profile? Can i just get away with giving them my email address? For professionals, get to know the security contacts in your suppliers, potential suppliers, and users of your data.

None of this is a barrier to the future. They are basic steps that go a long way. Future users of our mobility system will demand a personalised service offering, where technology puts them in control of their journey experience. But they will expect all of us to keep them safe and secure. Let’s give that to them.