Following up on Justin's cyber security focused post, the recently announced partnership between Volkswagen and Israeli experts in the creation of an automotive cyber-security company, CYMOTIVE Technologies, represents a further sign that industry players are taking seriously the issue of security and privacy risks in the car environment.
There is no doubt that new transportation systems will bring extraordinary benefits in terms of efficiency, comfort, entertainment and safety. However, sight should not be lost of the fact that the greater vehicle digitalization and connectivity, the higher degree of vulnerability to cyber-attacks. With new sophisticated features, which include the connection to the Internet, among cars and with other multiple devices, the potential for manipulation increases exponentially. Cyber-criminals may be able to spread malware but also to remotely gain control of the vehicle, interfere in and even disable the car systems (engine, breaks, lights, GPS, etc.), so safety of the passengers and of others circulating around may be compromised. The risk of unauthorized access to or theft of personal information gathered by the car on-board systems is also significant.
In this context, where driverless and connected cars have emerged as a new target for hackers, the evolution of automotive technology must go hand in hand with the development of solutions addressing vehicle-specific security threats, and collaboration among all players in the value chain is of the essence to tackle the challenges ahead.
Vehicle manufacturers, component suppliers, dealers, wireless operators, software companies, providers of cyber-security solutions and insurers are becoming increasingly aware of this evolving problem. Regardless of the applicable regulatory framework (for instance, at the EU level, the eCall Regulation, the existing and forthcoming data protection obligations -e.g. privacy by design and by default, privacy impact assessment for each new product or system, introduced by the new General Data Protection Regulation- or the network and information security requirements under the NIS Directive, which is applicable to operators of intelligent transport systems), security standards and best practices will be required. And initiatives such as this joint venture underscore the industry commitment to ensure a secure ecosystem.
Connected vehicles have extraordinary power to transform daily life for consumers and for supply chain companies, but also represents huge potential risk of exploit by bad actors. Through this venture, Volkswagen has set out to develop its cyber security bona fides and get ahead of the risks.