Just as computers are at risk for malicious hacking attempts, so too is the connected automotive industry with its ‘computers-on-wheels’. As the levels of connectivity increase and eventually reach autonomy,  the vulnerabilities and potential hacking vectors increase two-fold. It is imperative that cybersecurity is viewed as a necessity rather than a luxury.

Cybersecurity should not be viewed as a ‘patch in’ solution but rather as a holistic solution implemented during production or seamlessly retrofitted in the aftermarket as a simple plug in.

Automotive cybersecurity for insuring fleet protection

It’s important to note that connectivity doesn’t just mean constant communications. It also means that your new vehicle will be a member of one, and probably several, fleets simultaneously. Therefore, It is imperative to implement the most stringent and deterministic protection for predictive maintenance, reporting, retention, data flow and more. Cybersecurity should serve as the foundational layer for added applications, services, and management.  


On May 31, 2019, GandCrab Ransomware announced that it was shutting down after generating $2.5 billion and personally earning the developers $150 million since they started selling their ransomware to cyberthieves in January 2018.

Since ransomware was first launched in 2012, victims have included individuals, companies, hospitals, and even governments.  One of the largest malware incidents was the North Korean Wannacry epidemic that began on May 12, 2017. Although Microsoft had released a Wannacry security patch almost two months earlier in an automatic update for its Windows 10 systems, the initial patch excluded millions of Windows XP and Windows 7 systems that are no longer supported by Microsoft.

One high-profile victim, the UK National Health Service, had computer systems at 45 NHS hospitals taken offline, causing the cancellation of operations and thousands of appointments—including cancer treatments. Wannacry still launches 3,500 successful attacks per hour and demonstrated the need for a multi-layer, built from the ground up cybersecurity approach that is fully encompassing, from operating systems to applications to firewalls.

Another infamous malware attack occurred in May 2019, in which 10,000 municipal computers and servers of Baltimore, Maryland were paralyzed by RobbinHood, a new strain of ransomware. Hackers demanded a ransom of 13 Bitcoins (about $100,000) but the city refused to pay, causing city employees to be locked out of their email accounts and leaving citizens unable to pay water bills, property taxes and parking tickets or to purchase and sell real estate.

The non-payment of the $100,000 ransom is estimated to cost the city more than $18 million in clean-up costs and lost revenues. Since cleanup costs and lost revenues are usually much greater than the ransom itself,  it’s no surprise that 45% of ransomware victims or their insurance companies pay ransoms to hackers.


But it’s not just desktop computers that are at risk. In 2018, there were 116.5 million malicious software attacks on mobile phones—including 60,176 mobile ransomware Trojans. But the first connected car, a Jeep Cherokee, was already cyber hijacked on a highway in 2015. While nothing has been attempted on the grand scale of the Hollywood blockbuster The Fate of the Furious, actual attacks on connected vehicles and connected fleets of trucks and vans could utilize any of the numerous vectors corresponding to the vehicle’s external and internal communication channels.

Fleets of vehicles are a more desirable target than single vehicles for the same reason that business and municipal computer networks have been so appealing: they have deeper pockets and the high business costs of an immobilized fleet make them likely to pay sizeable sums to regain control of their vehicles. In fact, the infamous Chris Valasek and Charlie Miller have been quoted as saying “It’s much easier to hack all the Jeeps than [a] certain one”.  20 years from now, how much ransom could hackers get for restoring access to a municipal system of buses and autonomous ride-sharing cars?


The carmaker, or OEM, isn’t the only fleet manager. Insurance companies want to know how each insured driver use the vehicles. Fleets and therefore Fleet Management Systems (FMS) are highly connected and require robust cybersecurity for fleet cyber health as every vehicle is an endpoint, potential revenue generator as well as a stepping stone to penetrate the entire fleet and their operational or data centers.

Advanced fleet management relies on the constant flow of accurate data directly from the vehicles to the fleet manager’s data center. In order to ensure the highest level of security and protection against malicious hacking attempts, data must be secured both at rest within the vehicle and while in transit from the vehicle to operational databases.

Successful vehicle hacking attacks could result in:

  • Costly ransomware injections
  • Loss of command and control communication with vehicles
  • Extensive cost and adverse effects of loss of cargo / income
  • Interruption in incoming data from or to vehicles
  • Inability to access location data and services for route planning
  • Infiltration and exfiltration of data
  • Inability to send over-the-air (OTA) updates to vehicles
  • Regulatory investigation expenses and / or fines
  • Reporting expenses to customers / PR crisis management


The list goes on and on….


GuardKnox’s Secure Network Orchestrator™ (SNO) is a family of comprehensive vehicle cyber security solutions that protect against any type of known and unknown cyberattack. Requiring neither external connectivity nor on-going updates, the SNO™ solution is completely autonomous and uses GuardKnox’s patented Communication Lockdown™ Methodology to inspect and verify all vehicle network traffic on three levels:

3 levels of communication - animation

The GuardKnox SNO™ product line adheres to the most stringent security and safety standards, including ISO 26262 and ISO 15118, and comprises the:

  • Internal SNO™ ECU for protecting the entire internal vehicle network and providing total vehicle security
  • External SNO™ ECU for protecting the vehicle from the external network (cellular Internet) used by telematics and infotainment
  • EV SNO™ ECU for protecting electrical vehicles from the vehicle-to-grid (V2G) network during the charging process

Software-Only SNO™ for protecting any car system per the specifications of the OEM or Tier 1 manufacturer


Connected vehicles provide insurance companies with tremendous opportunities as new types of data may permit the construction of new types of insurance plans. But, when it comes to specifying and pricing cyber insurance for connected vehicle owners, and especially fleet operators, insurance companies historically have not had the capability to determine if the fleet is adequately protected against ransomware and other cyber-attacks.

Insurance providers can offer incentivized policies under the condition of installation of the GuardKnox SNO™ - not only prohibiting access to entire fleet by way of infiltration of one vehicle, but also potentially tapping into new markets and creating additional revenue streams for insurance agencies.


While tires, wipers and oil changes are the most commonly sold aftermarket products, the latest vehicle accessories installed by OEMs are quickly becoming highly desirable by the owners of older cars. Installing infotainment systems, remote key entry (RKE), smartphone integration and telematics—especially in fleets of commercial vehicles such as vans,  trucks and emergency service vehicles—opens them up to new cyberrisks and creates opportunities for add-on sales of GuardKnox’s cybersecurity solutions.

The easy installation of GuardKnox cybersecurity solutions behind the OBD, reduces the risk of ransomware infection of fleet vehicles or vehicle hijacking that can result in cargo loss, costly downtime, or even loss of life. Securing the telematics and fleet management system can mitigate risk and reduce payouts by insurance companies.

The SNO™ is an especially attractive aftermarket solution fitting seamlessly into the automotive value chain without requiring any third-party integration. The SNO™ can be installed as a simple plug-in and can be incentivized through lower insurance rates.


GuardKnox solutions offer more than just protection against ransomware and can be used for on-board data processing and storage that support added services such as telematics for predictive maintenance programs. In addition to maximizing vehicle performance and safety, GuardKnox-hosted telematics can potentially provide highly relevant data for identifying dangerous or safe drivers and adjusting their insurance rates accordingly. Furthermore, the SNO™ platform has the functionality to not only host data, but also retrieve, process and relay back relevant data -- saving time and extensively reducing costs.

cybersecurity solution for the automotive industry. The joint solution is an enabler for a variety of new services that depend on secure transmission of information between service providers or operational centers and the vehicles.

The partnership with Palo Alto Networks enables GuardKnox to deliver an end-to-end solution that combines secure in-vehicle communication lockdown with a secure communication channel that encrypts telematics and OTA updates between the vehicle and remote databases at OEMs, fleet management companies, car dealerships, insurance companies and mobile app stores.

GuardKnox Partnership with Palo Alto Networks

External network security between the vehicle and the OEM cloud is provided by the Palo Alto Networks® GlobalProtect™ secure communication channel while in-vehicle network security is provided by the GuardKnox Secure Network Orchestrator™ solution. Palo Alto Networks shared network ownership model reduces the operational burden of deploying its GlobalProtect security to connected cars. Palo Alto Networks manages the cloud network infrastructure, ensuring reliability, scalability, and availability while the OEM, fleet management company,  dealership or insurance provider focuses their efforts on deploying their OTA updates.

GuardKnox and DXC technology, a world leader in fleet management, demonstrated real-time monitoring of fleets and fleet cyberhealth. The two companies are collaborating to secure and monitor the data traffic between the car and the operational back end, or security operations center (SOC). The GuardKnox SNO™ transmits relevant data and enables real-time monitoring and in depth analysis of security-related events. SOC analysts are presented with well defined, targeted and actionable intelligence.

Futhermore, GuardKnox is able to integrate with any provider or fleet management system to provide real-time data security.

To learn about GuardKnox's specific offering for the insurance market, click here to download the one-pager datasheet.