Two new research papers by leading cybersecurity experts underscore the importance of data produced by connected vehicles to innovation and cybersecurity for vehicle owners and highlight the risks posed by the “gatekeeper” model employed by automakers, in which they decide what data to share, according to the American Car Rental Association.
The new perspectives offered by the researchers could steer public policy discussions about vehicle data access and how to best to choose the mobility solutions that benefit the American public and economy.
“Our analysis of the gatekeeper model acknowledges that cybersecurity threats facing automobiles are real and pressing,” write Stanford University’s James X. Dempsey and Andrew J. Grotto in Cybersecurity and the Connected Car. “However, we conclude that these risks are best addressed in a wider data governance context that examines alternative models for security, the incentives of OEMs and fleet owners to ensure that cyber risks are appropriately managed, and the risks to competition and innovation that the gatekeeper model presents. “In our view, the security argument for OEMs serving as gatekeepers is weak, while the countervailing security and economic reasons for rejecting that role are strong.”
Dempsey and Grotto contrast the automakers’ model with that employed in the airline industry where multi-directional data flows are based on the principle that the airlines control the data about their planes.
In The Protected Connected Car, David A. Hoffman of Duke University stated, “Owners of connected car fleets must have access to usable vehicle telemetry to ensure comprehensive cybersecurity protection. The integration of cloud-based AI services is essential for owners to defend against cyber threats, maintain regulatory compliance, and demonstrate the implementation of reasonable cybersecurity safeguards. The concept of the ‘protected connected car’ emerges as a key objective, emphasizing the pivotal role of usable access to telemetry data in securing vehicles, data, and the safety of individuals associated with connected cars.
“Fleet owners have made significant investments to protect the vehicles they own and their customers from cyberattacks,” said Greg Scott of the American Car Rental Association. “In order to strengthen these defenses against emerging threats, fleet owners must have direct, real-time access to the data generated by their connected vehicles.”
In one example of how technology can balance access security with wider fleet vehicle data insights, “Geotab is focused on the security of vehicle generated data, deploys specialized security expertise, and is trusted by major players in the connected mobility ecosystem,” said Alan Cawse, chief security officer of Geotab, a member of the Global Alliance for Vehicle Data Access (GAVDA). “Geotab’s proven approach includes leading security practices and transparency based on open standards, external verification based on rigorous third party testing, and collaboration with industry and government stakeholders to address vulnerabilities promptly, effectively, and systematically.”
Both papers were commissioned by the American Car Rental Association and represent the independent views of the authors alone.