IBM Will Expand Security Testing Services To Automotive And IoT Companies

IBM’s X-Force Red, a division of the company that offers security testing services for various industries, recently started offering its expertise to automakers and Internet of Things (IoT) companies.

Connected Cars A Global Priority

Gartner estimates that there will be 61 million cars with internet connectivity by 2020. IBM believes that connected cars are among the “smart” products that are most at risk from cyberattacks.

IBM’s X-Force Red team has started working with a dozen automotive manufacturers and third-party automotive suppliers to test their equipment and components for security flaws. The collaboration also aims to standardize security protocols and the sharing of best practices in the industry.

Some earlier research from the X-Force Red team showed that “connected car” features such as allowing the owner to unlock the doors or start the car remotely, as well as horn and light control over the internet, can create opportunities for bad actors to take over those cars.

In other words, the features at the forefront of the recent “connected car” trend are exactly the ones that could make the cars easier to steal or  even put their owners' lives at risk. That risk may still be limited for now, at least when it comes to malicious actors causing accidents remotely, but if the same sort of features land in upcoming self-driving cars, the risk could be much larger there.

IBM’s team also noted that because components come from multiple suppliers in the automotive industry and are connected to each other, that means that the potential number of vulnerabilities surpasses the sum of each components’ flaws.

Security Testing For IoT

Gartner’s forecast says that the number of IoT devices will reach 20 billion by 2020, up from 8.4 billion being in use in 2017. IBM complained that as the IoT industry booms, the players are also in a hurry to ship products, often without properly testing them for security issues.

This is how we end up with massive terabit per second DDoS attacks, which are only going to grow in power unless IoT manufacturers start taking security more seriously. IBM believes that one solution to this problem is to use programmatic and on-demand security testing through the entire lifecycle of the products.

IBM will use its Watson IoT platform to leverage the security expertise of the X-Force Red team throughout the development and the deployment of its customers’ IoT products.

The company said in a recent announcement:

The Watson IoT Platform approach is security by design, with security controls built-in, delivered as a cloud-based service with industry-recognized ISO27001 compliance. The Watson IoT Platform also has advanced security IoT service capabilities that extend Watson IoT Platform with Threat Intelligence for IoT. These features help customers visualize critical risks in the IoT landscape and create policy-driven automations to help prioritize operational responses for IoT incidents. The skills and experience of the X-Force Red team alongside the Watson IoT Platform provide the vital components to help get clients off to the right start from design all the way through to go-live of their IoT solution.

IBM seems to have recently refocused its efforts towards digital security, with the release of the new IBM Z mainframe, too, a computing system that aims to fully encrypt cloud services and data for its corporate customers. The latest foray into the automotive and IoT markets also seem to show that IBM believes security services will play a big role in the future, as more and more devices become “smart” (and therefore more hackable).

Lucian Armasu
Lucian Armasu is a Contributing Writer for Tom's Hardware US. He covers software news and the issues surrounding privacy and security.
  • dark_lord69
    Happy to hear someone is stepping up to the plate on this issue.
    I've already imagined a nightmare future of self driving cars that could be hacked so some one could kill the passengers.

    I personally believe that the self driving ability should be on a separate (non-connected) network so that control of the car would simply NOT be remotely hackable at all.