A few months ago, I received a call from the National Protective Security Authority (NPSA), which is part of MI5, asking if there was a way that we could assist in improving business security generally, using the motor industry as a pilot the learnings from which could be rolled out across other sectors.
Their mission is to build resilience to national security threats which sounds quite grand but is critically important.
The aim is to help our sector understand the range of threats that we face from terrorism, espionage, state actors and criminals. This is then to be supplemented with advice and support in how businesses and individuals can minimise risk in how they operate on a day-to-day basis.
Over the last few months, the IMI has been working with the NPSA to look at the nature of the risks facing the sector. These come in a variety of forms, some because of the complexity of working globally, but also the dispersed nature of the retail automotive sector.
We have always been aware of car theft; however, a new dimension comes in the form of connected vehicles. Whereas in the past most data breaches have been targeted at company data, the connected car becomes a potential portal for both personal and organisational data theft. It also has the more sinister possibility of impacting a cars performance.
Most connected vehicles would allow for:
Engine Shutdown: Hackers could manipulate a car’s Engine Control Unit (ECU) to the point where they can bring the engine to a sudden halt while driving, presenting a clear danger on the road.
Theft: Connectivity features like keyless entry can be exploited to unlock vehicles remotely, making it easy pickings for vehicle thieves.
Data Theft: Modern cars are loaded with data— with GPS history, phone contacts synced to the entertainment system, and even credit card info from your latest drive-through. Personal data such as this can be stolen.
Manipulated Vehicle Functions: Hackers could interfere with the car’s operating features like the horn, wipers, blinkers, or even headlights, leading to safety issues.
The IMI is in the process of responding to this challenge. IMI TechSafe, the world leading standard for emerging technologies such as EV, hydrogen and ADAS, already has elements that cover the issue of security in this new highly connected environment. We are working with the NPSA to develop a CPD element that brings together practical ways that cyber security can be enhanced within our sector.
Going forward drivers will not simply be handing their car over for service, they will at the same time be passing over access to the full details of their lifestyles, finances and contacts. If we don’t embed security, trust will be broken and customers will walk away.
Professor Jim Saker, is President of the Institute of the Motor Industry