How Automakers can take the lead in cybersecurity
The automotive industry is evolving through its largest technological disruption. Automakers are recognizing opportunities to use digital, connected, and cognitive technologies to deliver superior customer experiences. The advanced technologies that enabled connected and autonomous cars are making vehicle engineering more complex than ever, and cybersecurity and data privacy are moving into the forefront of engineering challenges. These challenges are not only threatening passenger privacy, but also the safety and reliability of automobiles.
While regulators are beginning to define new rules of the road to enhance cybersecurity, automakers have struggled to incorporate cybersecurity principles into the 5-7 year development cycles which the industry has historically operated. The industry is starting to combat these risks, however there is an emerging risk that regulators will direct the future of the industry through cybersecurity and privacy regulation.
The automotive industry has a long history of technological advancements and reactive regulatory oversight, including changes to manufacturing practices, safety standards, and emissions requirements. For decades, regulators have put the focus on consumer protection.
Now, the stakes are higher than ever. Connected cars produce an unprecedented amount of sensitive and valuable data. Beyond vehicle diagnostic information, automakers are managing personal information about drivers’ behaviors, preferences, and habits. Vehicle technology, while integral to improving safety, also makes these vehicles prime targets for cyber attacks putting drivers and passengers at risk.
The digital disruption in the industry today has far outpaced traditional safety regulations. Regulators are challenged to keep up with the rate of change. With a sharpened focus on vehicle cybersecurity and data privacy, they are searching for measures to protect consumer interest while encouraging continuous innovation.
Every automaker and supplier now has a critical choice: either decide on best practices for vehicle cybersecurity or wait for the government to impose potentially disruptive (and restrictive) regulations.
Those automakers that emerge as leaders in cybersecurity have the opportunity to benefit from increased consumer trust and public safety reputation. They will also be able to help ensure that new standards do not unnecessarily disrupt business practices and objectives.
Determining how to implement and maintain cybersecurity principles into a complex vehicle development cycle is not an easy task. To help automakers along their journey, here are five guidelines to start responsibly managing vehicle cybersecurity:
Establish a vehicle cybersecurity governance program
A cross-functional team should be empowered with providing oversight and enforcement of your company’s cybersecurity program. Responsibilities should include secure product development requirements, threat management, responding to incidents, training and developing strategies for future threats.
Create data governance protections
Security of vehicle and consumer data should be a top consideration when developing a data governance strategy. Security and compliance requirements should be put in place to address how data is stored, encrypted, accessed, and shared.
Build security and privacy throughout the design of each vehicle
Security and privacy are not afterthoughts. Engineers and suppliers should build security protections into every aspect of the car. Privacy experts should help determine how the car collects and uses data and whether it complies with federal and state regulations.
Contribute to industry security standards
Automakers should proactively become involved in establishing regulations for vehicle security. Staying involved with industry networks and working with government agencies will help define where the industry is headed.
Collaborate with experts to address cyber risk
You can’t manage cybersecurity and regulatory risks alone. A trusted advisor in operations, financing and engineering can help you navigate the complex and competitive transportation industry in the digital age.
Martin Sokalski, Advisory Managing Director, Emerging Technology Risk
- Why African companies need to get serious about cybersecurity
- Cyber Security: Information Protection and Business Resilience
- Cyber security: a strategic risk
- Challenging CFOs to look differently at cyber threats
- Jason Gottschalk: Cyber security and Risk Management
- Cyber security: A failure of imagination by CEOs