5 questions for
We talk to the founder and CEO of the start-up "Enigmatos" about risks of digitalised mobility and cyber-attacks and how to protect the bus and transport industry.
Which risks are associated with increasingly digitized mobility?
Digitization is the key to data driven future business models and new revenue streams. Bus fleets that will succeed in turning vehicle and fleet data into value added services will prevail. However, increasingly digitized, autonomous, and connected mobility also increases the risk of cyberattack on vehicles and fleet infrastructure which will compromise drivers’ and customers’ safety, data privacy and data governance.
What consequences can cyberattacks have?
Cyber-attacks carry a number of dangers with wide span of consequences. Of course, the gravest are those relating to endangering the safety and the lives of passengers and drivers. Yet even attacks that target access to data like ransomware attacks, might result in disrupting fleet’s operations, breach customers and fleet’s data integrity, incur high expenses, penalties, and even result in fleet’s management liability.
What digital shield does the transport industry need?
There are many stakeholders/participants in the transport industry, hence, we believe there's no single digital shield but rather a layered structure of cyber security solutions to protect stakeholders' security, safety, and data privacy should be implemented. Biometric, physical, and digital services security will all be required. Currently, we already see the emerging legislation aimed at vehicle manufacturers (UNECE WP 29, R 155 & 156). Yet, in our view, that will not be enough to ensure the security and safety of all stakeholders and vehicle fleets will have to implement an additional layer to secure the fleet vehicles and services' cyber integrity
How do we strike a balance between the opportunities of digital applications and risks in such a way that efficiency gains are not offset by cyber security costs?
Digital transformation does offer many new opportunities to earn more efficiency or generate higher revenue, but these opportunities also expand the risk of cyberattacks.
A single cyberattack on an organization's fleet can disrupt activity for days and months, such as floods or fires. To avoid such major damage and ensure a successful and yet cost-effective transformation, it is important that you have the ability to identify, assess and prioritize such threats and attacks. A good approach is to get a customizable and scalable solution that allows a business to tailor its cyber security plan according to its current needs and operational vulnerabilities. Such an approach would favor hybrid solutions that enable a cyber security “Pay As You Grow” model and value-added services.
How can bus companies protect themselves effectively?
In the digitized mobility, the vehicle become the most sensitive asset as it will be the main environment where fleet data is created and collected. Fleet vehicles become the edge nodes of the fleet’s IT & OT networks. We also are aware that fleet monitoring and protection throughout the whole vehicle’s lifetime is beyond the capabilities of the vehicle manufacturer. A risk focused approach requires cyber security monitoring of the connected fleet and will enable real time awareness on the fleet’s operational health. Bus fleets will have to expand their monitoring capabilities beyond the traditional IT walls and build their own in-vehicle monitoring and response capabilities, just like with any other critical enterprise infrastructure. This approach will ensure the fleet’s resilience and continued operation.