A call for more focus on vehicle system security from AM’s regular columnist Professor Jim Saker, emeritus professor of Loughborough University’s business school and president of the Institute of the Motor Industry.
In April the deputy prime minister Oliver Dowden announced a top-level review by the UK Intelligence Services into the ability of hostile states, in particularly China, to use connected vehicles as intelligence gathering devices.
He said that officials at the National Cyber Security Centre were working with ministers and the intelligence agency GCHQ. This mirrors the investigation announced by Joe Biden in the US looking at whether vehicles could be used to collect sensitive data about people and the country’s infrastructure.
There have been calls in the US Senate to ban the import of Chinese connected vehicles.
Both moves come on the back of comments by Ken McCullam, the head of MI5, and Sir Richard Dearlove. McCullam described the scale of spying as being on an ‘epic’ scale and that most of it was not down by traditional covert activities but was to do with the infiltration of business activities, research facilities at universities and other hi- tech organisations.
Dearlove, writing in The Times, asked the question: “How many of us are aware that Chinese manufactured cellular modules are in the controls of our cars and act as an invisible trap door to malign forces?”
He commented that, last year, MI5 technicians stripped down a government car because data was being sent from its cellular modules to China. His dystopian view was that if over time you have created the ability to switch off significant areas of your enemy’s infrastructure, why bother going to war?
Although this is an eminently serious topic, I did find it funny when talking about this subject with a car retailer in Leicester.
He said that he had spent 20 years in vain trying to get anything meaningful out of his dealer management system (DMS) and commented that “if the Chinese could do it, they were a lot bloody smarter than he was!”
The challenge however is not simply about existential level threats identified by Governments.
It also comes into play when organised criminal gangs target the car industry and gain the capability to compromise the connected interface of other car companies.
A criticism from the security services is that our sector doesn’t take security seriously enough.
Several large dealer groups have lost customer data through their systems being compromised yet apart from GDPR compliance and some elementary cyber safe procedures there is little or no formal training on security in the sector.
The IMI is in the process of adding CPD elements on security to TechSafe as most of the next generation of connected vehicles are likely to be EVs.
With proper background checks of staff and better security systems at dealership level, although not the complete solution this will go some way to safeguarding data and the ensuring the connected cars of the future are safe from outside interference.