Will the Auto Industry Turn the Corner on Data Security?

Recently, a group of leading automakers agreed to guidelines aimed at safeguarding the burgeoning volumes of sensitive informationbeing collected by today’s vehicles. We applaud this move because it is the right thing to do, and also because it helps get the industry out ahead of the regulators, at least for now.

According to Automotive News, “The Alliance of Automobile Manufacturers and the Association of Global Automakers, two Washington, D.C., trade groups, laid down a set of rules intended to guard the most sensitive information, taking effect for the 2017 model year. Under the principles, automakers would need to disclose what data they collect and how the data are to be used or shared. Disclosure will be done in owner's manuals, on in-vehicle displays or on Internet-based registration portals managed by the companies. Consumers would be able to review the policies before buying a car. The automakers agreeing to the voluntary rules include BMW, Fiat Chrysler, Ford, General Motors, Honda, Hyundai-Kia, Mazda, Mercedes-Benz, Nissan, Toyota and Volkswagen Group.”

Such disclosures make sense and should help put many buyers’ minds at ease. Additionally, with the new guidelines, consumers would have to opt-in to any use of their personal data for fueling marketing activities. Many car owners will be happy with this guideline however, this will create a bigger challenge for marketing efforts in the future. OEM marketers will need to clearly articulate the benefits of “opting-in” to the consumer in order to obtain participation in such programs. The “opt-in” model will create a much smaller population to approach, but those that participate will definitely be more receptive to the marketing messages conveyed.

Yet industry standards governing automakers’ collection and use of personal information is just the start. There also needs to be just as much focus on protecting drivers' and passengers' personal information from external entities who lack such standards and principles – i.e. hackers.

With more and more vehicles connected to the Internet, and with a growing number of vehicle operations and data services now being managed via smartphones and other mobile devices, the risk of sensitive data being stolen by people with malicious intent is intensifying daily.

And that’s not all. In addition to personal identity theft, there are also threats to data and message integrity (e.g. changing the content of messages in order to issue counterfeit commands, etc.), the risk of denial of service attacks, and even the specter of cars being used like virus-infected PCs to help carry out mass cyber attacks. 

The next steps the industry must take is embracing standards around tightened data security, and do so before the regulators do it for us. Along with this, automakers need to implement a set of forward-looking technology solutions that will scale as the connected vehicle universe expands. These include deploying:

• Comprehensive identity management, including dynamically authenticating a user’s request to access certain information or have an application perform certain actions based on such criteria as pre-specified trust level, GPS location, nature of the request, timing and velocity of requests, etc.
• A secure token service with robust private-key encryptionto secure data and vehicles each time access or actions is requested.
• A cloud-based interoperability platformso that security/encryption services, as well as all business rules governing data and vehicle access, can be centralized in the cloud for cost effective scalability, optimal security and rapid implementation.

Now that the industry is at the turning point of safeguarding the sensitive data it collects, it is time to take the corner and comprehensively protect connected drivers and passengers against outside intrusion. Doesn’t it make sense for all the same reasons?