An Inconvenient but Timely Lesson

Who else went for a ride this weekend, or a run only to complete the activity and find out they could not sync their data? As a recent Peloton convert and someone who enjoys the concept of socially accountable fitness ushered in by Peloton…if I can’t post or share an activity, did the activity even happen?

This is the conundrum we “Pelophiles” have to deal with. If we exercise outdoors, we still have to be able to generate metrics and share our experiences. I prefer to ride outside. In fact, I only ride the Peloton when our Florida weather precludes me from riding outside. I want to share photos of my ride and force the beauty of riding alongside scenic views of the ocean on all of my Facebook friends. This is why I have a Garmin Edge cycling computer.

Garmin has been around for a long time in the navigation industry providing systems for aircraft, and marine industries and more recently devices for sporting enthusiasts. They pretty much defined the market and understand that the ability to export to other third-party apps such as Strava, or Relive, is a big part of their success.

What happened over the weekend though is a problem, Garmin was hacked and their data (our data) is being held for ransom. This has affected a lot of people, in 2017 alone Garmin produced and delivered 15 million products. The Garmin Connect mobile app in the Google Play Store shows over 500K downloads and Sensortower shows over 400K downloads on the Apple App Store.

I’m only using Garmin to track my off Peloton efforts, and fitness devices are less than 25% of Garmin’s portfolio of products. Transportation, which includes Auto, Marine, and Aviation, make up a much larger 50%. That’s a bit more important and way scarier. Coming from a family of pilots, I know you kinda need your navigational charts.

Data security is serious business

Its effect on me, in this case, is a minor inconvenience. As I write this article, Garmin’s IT staff are slowly bringing their system back online. I have no idea if a ransom was paid, or if we will get 100% of our data back. Again, for me, it's a minor inconvenience, but how bad is this for other users where their safety or passengers might have been compromised?

The company I work for Kittyhawk.io was founded on the concept of security. Rightfully so as we provide fleet management SaaS for Unmanned Aircraft Systems (UAS) aka Drones. Our clients are large enterprises such as Insurance companies, Utilities, Railroads, Law Enforcement Agencies, Engineering Firms, and Package delivery services.

Soon we will see virtual corridors in the sky under 400' where drones are currently allowed to operate. They will carry goods, and eventually people. The FAA describes this as Unmanned Aircraft System Traffic Management (UTM) which is a “traffic management” ecosystem for uncontrolled operations that is separate from, but complementary to, the FAA’s Air Traffic Management (ATM) system.

This UTM will not be managed by one company or organization, but likely by many operating alongside and interactively with each other. Recently the FAA selected a handful of companies to participate in the further development of UTM. Kittyhawk, as well as a few others, are ready for it now. In our case, it will reside in a security-centric environment that is system agnostic.

Riding a bike and losing your trip data for a few days is one thing, managing a fleet of drones over densely populated urban corridors and having a data breach is much more significant. Either way, data security, and data integrity should be paramount. Josh Ziering, our Co-Founder, recently presented on the issue of Security at the Energy Drone + Robotics Summit and has written many blog posts on the subject of security. I wish Garmin well and hope to share my ride data soon.