Driving Security into Digitized, Connected Cars

As cars become digitized and connected to enable a better driving experience, enhance safety and relieve congestion, the threat of a cyber event is ever present. But General Motors goes to great lengths to protect both customer lives and their personal information.

“We’re in the early stages of a technology revolution that’s going to reshape our industry, and public acceptance is key,” said Harry Lightsey, executive director of GM Global Connected Customer, to a group of sustainability professionals at the GreenBiz Verge conference in Santa Clara, California. “You need to feel safe in a vehicle that’s connected to the infrastructure or otherwise.

“You may be getting into a car that doesn’t have a human driver and relying on that car to get you from point A to B.”  

In that kind of environment, Lightsey pointed out, cybersecurity is important.

A future where self-driving cars roam the streets is not so far out. GM is already testing autonomous vehicles in Phoenix and San Francisco, and will be launching cars with autonomous features. The company’s Super Cruise technology will enable “hands off the wheel and feet off the pedals” driving under certain conditions.

“Autonomous isn’t a destination, it’s a road map,” said Peter Kosak, GM’s executive director of urban mobility. “And we’re on it.”

Given these connectivity developments, GM devotes significant resources to building cyber defenses. The company, through its security vulnerability disclosure program, engages outside white-hat hackers who learn of vulnerabilities in GM products. The auto community, through the Automotive Information Sharing and Analysis Center, works together to combat threats.  When an automaker encounters information about a potential threat and submits it to the Auto-ISAC, the Auto-ISAC can analyze and share the appropriate information with other automakers and suppliers.

“You do your risk assessment and you build layers of defense into the system,” said Lightsey. “And if you become aware of a vulnerability, you share with your peers so they can fix it.” 

Common vulnerabilities can be a threat to multiple parts of the industry.

GM takes an ecosystem approach to cybersecurity, addressing in-vehicle and remote apps, telecommunication networks, and vehicle-facing IT systems. Engineers build multiple layers of protection at various levels on the vehicle and back office. GM leverages the expertise of researchers, security solution providers, academia and aerospace and defense organizations to minimize risk of any unauthorized access. 

GM is participating in a World Economic Forum task group to help make recommendations on how boards should effectively deal with cybersecurity; an action Lightsey foresees will be a key part of corporate governance going forward.

“Cyber events are a risk,” said Lightsey. “But overall, we’ll be better off because of the higher quality of life provided by these connectivity features and safety technologies.”

The benefits are undeniable. Today’s vehicles are made up of hundreds of electronic control units, controlling everything from infotainment systems, instrument panels, engine control systems, anti-lock brakes, stability control systems, airbags and more.

For context, the first generation Chevrolet Volt, introduced in late 2010, had about 10 million lines of code. That’s more than an F-35 fighter jet.  Today’s average vehicle has more than 100 million lines. And it won’t be long before it’s 200 million. It’s those lines of code that are delivering an enjoyable ride while helping address environmental issues such as pollution and traffic jams.

“We take the safety of our customers very seriously; it’s our No. 1 priority and part of our core identity,” said Lightsey. “We’re doing all we can to protect you and your information.”