OEMs like BMW not only rely on over-the-air updates for their latest vehicle generations but also on the underlying observability processes to enhance data security.Uwe Fischer
The automotive industry is becoming increasingly similar to the data industry. A side effect: More data means more cyber risks. These risks are to be minimized through seamless real-time monitoring of IT infrastructures. What can observability solutions do?
Inside the vehicle, in the cloud, on mobile devices – the
flow of data and the software environment in cars are becoming larger, more
complex, and more fragmented. And more vulnerable to attacks. "The
automotive industry is increasingly evolving into a software industry, selling
cars online, maintaining vehicles, updating them via over-the-air updates, and
monetizing data," says Ewald Munz, Head of Manufacturing, Automotive,
and Sustainability EMEA at the software company Splunk.
"Digitalization, autonomous driving, and increased connectivity offer many
benefits but also introduce new challenges for cybersecurity."
New threats, more sophisticated attacks
Summary: The Role of Observability in Automotive Cybersecurity
The automotive industry is evolving into a software-centric field, increasing cyber risks that necessitate robust observability strategies for real-time IT infrastructure monitoring.
Observability, which involves understanding system operations through external data, is crucial for identifying vulnerabilities and ensuring seamless software and IT service functionality.
This factbox was generated by Labrador AI and proof-read by a journalist.
Cyberattacks are becoming increasingly sophisticated: "Attackers are
constantly developing new methods to compromise vehicles. For example, zero-day
exploits are used to take advantage of vulnerabilities in vehicle
software," Munz reports. As a result of growing cyber risks, the
automotive industry must address the need for a Vehicle Security Operations
Center (VSOC). A major driving force behind the establishment of a VSOC,
according to Munz, is UNECE WP.29, a global regulatory forum for harmonizing
vehicle regulations.
This makes an observability strategy necessary, just like in
any other software company, to maintain performance, availability, and
cybersecurity. The key component for this is seamless real-time monitoring of
the entire IT infrastructure. Analysts at Gartner predict that by 2026, around
70 percent of organizations that successfully implement observability will gain
significant competitive advantages – ranging from fewer and shorter downtimes
to more resilient IT and faster decision-making.
Advertisement
What experts mean by observability
But what exactly does observability mean? "Observability is the ability
to understand what is happening within a system based on external data
published by that system," defines David Groombridge, an analyst in
the IT Leaders and Technical Professionals team at Gartner Research &
Advisory. "Observability requires actionable data from various sources
to be appropriately connected, optimized, and contextually enriched."
This opens up a broad field, as it involves analyzing everything that can be
observed and measured in terms of data.
Nevertheless, there is some confusion about the term: "There
is no clear and precise definition," says Munz. "We are
experiencing a phase of observability-washing, where every vendor or IT expert
has their own definition." The core idea, however, is straightforward:
"The key to observability is the availability of data." This
highlights a fundamental requirement for a solid observability strategy. The
essential question is: Do I have the data I need to make my system 'observable'
so that it can be properly monitored? Munz concludes, "The more
observable the system is, the better the monitoring." An observability
team must ensure that all software and IT services function smoothly and
transparently – inside the vehicle, in the cloud, on mobile devices, and with
third-party providers.
What to consider regarding observability solutions
"With regard to the necessary infrastructure monitoring, the backend
systems of the industry resemble those of a typical corporate IT
environment," says Munz. "Given this, automotive companies
must consider where and how an attacker might attempt to infiltrate them."
Attack vectors could include the mobile app, dealer connections, or even
compromised vehicle backend connections. Munz adds, "End-to-end
visibility is essential, whether for production processes in manufacturing,
customer-facing service processes, or mission-critical business processes
tailored to the company."
BMW employs a multi-tiered approach to implement
observability solutions, ensuring vertical, horizontal, global, and predictive
end-to-end visibility. These solutions capture all telemetry data in real-time
in the form of logs, events, metrics, and traces, providing information on
software transactions, errors, performance, customer interactions, and IT
system health. Observability platforms aggregate and correlate telemetry data,
transforming it into insights with dashboards, alerts, and analysis and troubleshooting
features.
How to implement an observability strategy
Without available data, there can be no observability – that much is clear. "The
first step is to establish an 'industrialized' way of making data
available," Munz explains. A good method for collecting observability
data, according to the expert, is using OpenTelemetry (OTel). OTel is an
open-source project under the Cloud Native Computing Foundation. This
community-driven project aims to use a single open-source agent for collecting
all relevant telemetry data, with full control over how the data is collected,
transformed, and filtered before being sent to an observability solution.
"Once the data collection strategy is defined, the
next step is to determine where the data should be sent and which observability
platform to use," Munz explains. He also observes a washing effect in
this area, as all observability solutions can collect logs, metrics, and
traces, but not in the same way. "We recommend a streaming-based
solution to achieve real-time results as closely as possible and to avoid using
sample data, ensuring that the root cause of problems is always
identified."
Modern monitoring solutions have evolved
significantly, but they are often still inadequate. "Therefore,
consistent observability is essential," Munz emphasizes. "A
proper solution provides important context, identifies the most significant
problem areas, and helps teams optimize service performance and customer
experience."
