Cyber security and the tyre business

For many, security is all about cash-management, stock-handling and making sure the premises are locked at the end of the day. In addition, tyre businesses have had to get more savvy over the years to avoid fraudulent orders. Now, with everything from phones, tills and even tyres themselves transmitting and receiving data, cyber security is the order of the day. There are lots of different sides to cyber security, so let’s start with some of the most recent most relevant examples to the tyre business.

As we went to press, the BBC’s Panorama programme reported that surveillance cameras in offices and even government buildings up and down the country are vulnerable to infiltration. The security flaw in question allows hackers to take control of the cameras and is particularly related to CCTV cameras manufactured by the two largest Chinese brands – Hikvision and Dhua. Freedom of Information (FOI) data shows that 806 UK public bodies use Hikvision or Dahua cameras. Within that figure, 227 councils and 15 police forces use Hikvision. 35 councils use Dahua. Furthermore, Panorama found them outside the Department for International Trade, the Department of Health, the Health Security Agency, Defra and an Army reserve centre. Indeed, one tyre business CEO told me this week that IBM revealed during a conference he had attended that an unnamed global bank was attacked via – nothing’s truer than life – reception’s internet-connected fish tank!

If that all sounds too general, in January, a hidden tracking device was found in a UK government car. According to the Independent, GPS-transmitting SIM was found in a sweep of Government and diplomatic vehicles. Security service sources added that “the geolocating device had been placed into a vehicle inside a sealed part imported from a supplier in China”, specifically the Engine Control Unit or ECU. The point is that the import, distributors and even the marque’s own branches in the UK wouldn’t have been aware of the chip and therefore couldn’t have mitigated any safety concerns.

Implications for tyre businesses

With all that in mind, you can see the line of reasoning that led the Italian government to invoke its Golden Power rule in relation to Pirelli. At first, it appeared that the Italian government was just working to limit the extent that Chinese owners could control one of its corporate national treasures. However, it soon became clear that Pirelli’s tyre-mounted cyber sensors were at the root of their concerns. After all, as Italy’s government notes, such cyber tyres are capable of collecting vehicle data including road condition, location, and information about infrastructure.

The good news is that tyre sensors in general and TPMS in particular has long been on the tyre industry cybersecurity radar. First, research conducted by North American students found that TPMS could be triggered externally and potentially malevolently by manipulating radio frequencies. Then, or perhaps at the same time only less publically, tyre manufacturers have been hard at work mitigating security risks. Indeed, several years ago Continental gave Tyres & Accessories an insight into how TPMS had previously been attacked. The point of such demonstrations is that the research-driven interventions of friendly in-house “hackers” prevent the same approaches being deployed by unfriendly forces.

Before anyone suggests that these examples are all in the domain of vehicle, tyre and sensor manufacturers, it is worth taking note of the recent experience of SimpleTire in the USA and ATU in Germany. For its part, SimpleTire lost something like 1 million customer records including data that could potential be used in identify fraud, due to an apparent lack of security within SimpleTire’s online systems. Meanwhile in Germany, the motive and perpetrators of a recent attack on ATU are unknown, but the outcome was that business was significantly impacted at one of the largest garage chains in the largest tyre market in Europe for several days.

What all these examples clearly demonstrate is that the increasingly technological tyre business has to understand its place in the world – and indeed in the Internet of Things – in order to de-risk its operations.

This article is an example of the editorial comment that introduces every edition of Tyres & Accessories magazine. Not a subscriber? No problem, click here to become one.