Automotive Data Privacy: Securing Software at Speed & Scale

Share this post:

The superhighway of connected car systems is widening, and it’s yielding greater volume and velocity of information across intravehicle and intervehicle networks.

But with speed and scale come new security concerns. Vehicles now boast more than 100 million lines of code, hundreds of task-specific microchips and multiple operating systems. With consumers increasingly prioritizing seamless service and security at scale, automotive data privacy is no longer a downstream concern — it’s a critical deployment.

Security and privacy are intertwined, but they’re not identical. Security focuses on defending internal protocols, such as a car’s operating systems and network components. Privacy focuses on protecting consumers’ personal data as it leaves the vehicle.

However, solving for security or privacy isn’t a binary choice. Companies must incorporate both to ensure automotive safety and attract new buyers.

Security & Privacy: Push & Pull

According to the IBM Institute for Business Value, 56 percent of executives think that automotive privacy and security will drive purchasing decisions. Customers have already made that leap; 62 percent said they would consider one brand over another if it had better security and privacy, according to a recent IBV consumer study.

Concerns around breaches are increasing. Some consumer advocacy groups are pushing for kill switches in connected cars to mitigate the damage a connected car could do if overridden by a bad actor, but, as Vice reports, vulnerabilities in two GPS tracking apps enabled a hacker to remotely cut engines at low speed and potentially cause huge traffic jams.

Consumers, meanwhile, are still willing to share their location, application and usage data in exchange for value-added features. But if pushed by breaches or lack of control, drivers and passengers will pull back data access.

Hard Pass, Soft Censure

The rapid uptake of connected vehicle technologies has prompted manufacturers to improve automotive data privacy controls, but rigor remains lacking. According to a Ponemon study sponsored by Synopsys, 63 percent of auto manufacturers say they test less than half their hardware. Meanwhile, even though automakers have employees charged with handling cybersecurity, the report found that just 10 percent have dedicated, multiperson cybersecurity teams. To bridge the gap between functionality and security, manufacturers must work with multiple software developers, vendors and suppliers.

But that bridged process weakens security. Consumers are willing to give vehicle hardware a pass for common wear and tear — air filters must be replaced, tires checked and engine oil changed — they almost immediately stop using software that doesn’t meet their expectations. Unlike physical components, even occasional software hiccups can dim consumer confidence and drive negative PR.

The Code is the Car

IBM’s Bridget van Kralingen puts it simply: “The last best experience that anyone has anywhere becomes the minimum expectation for the experience they want everywhere.” For vehicle manufacturers, this means recognizing that the ubiquity of consumer mobile experience — i.e., the ability to seamlessly connect with services anytime and anywhere — informs their expectation for the in-car experience.

Code is no longer the underlying infrastructure of existing vehicles, nor is it a potential pathway to autonomous automobiles. Instead, the code is the car. To embrace this shift and improve privacy and security in automotive development, manufacturers must:

  • Deliver over-the-air updates. Security threats don’t happen in isolation. To ensure that connected cars receive necessary firmware and software updates, continued investment in over-the-air delivery is essential.
  • Defend digital footprints. Every digital action leaves behind virtual footprints. Rental vehicles capture smartphone data; eventually, mobile information could be stored on autonomous autos that aren’t owned by individuals but instead rented as a service. Automakers must develop ways to defend digital footprints at all points along the connected car ecosystem to assuage consumers’ privacy concerns.
  • Deploy end-to-end security. As vehicles become part of the technology stack, end-to-end security becomes mandatory. This starts with advanced encryption to safeguard both internal data and connected consumer information, but it also demands regular risk assessments to identify vulnerabilities.
  • Develop rigorous standards. Manufacturers understand the need for rigor in parts procurement; standards exist to evaluate products from first-, second- and third-tier suppliers and ensure consistent quality.
  • Software requires the same approach but follows different rules. Automakers must first define what automotive security and privacy mean to their organization and then create digital supplier standards to ensure that applications meet corporate and consumer expectations.

Auto manufacturers must defend data at speed and scale. Effective adaption means embracing consumer expectations and recognizing that software isn’t just critical. In the quest to deliver automotive data security and privacy, car and code are indivisible.

Learn more about IBM’s offerings in the automotive industry.

Client Partner, Automotive Industry, IBM Global Business Services

More AI stories

Digital Transformation is the Auto Industry’s Road to Recovery

Even before COVID-19, the automotive industry had its share of challenges. Sales were down in many markets. Huge investments in electrification, autonomous driving and digital were hurting revenue and profitability. The coronavirus pandemic turned those challenges into a crisis. Global vehicle sales have stalled, production facilities have been shuttered and many supply chains have ground […]

Continue reading

Vehicle-as-a-Service: Driving Differentiation in the Connected-Car

Connected cars offer enormous potential. As noted by a 2017 Foley and Lardner study, 77 percent of auto industry professionals expect the automotive sales market to change substantially as bundled connected services become the norm. According to Gartner , this new market demands a customer-first strategy that hinges on differentiation to capture user interest and […]

Continue reading

Automakers & the Complete Consumer Experience

In-car connectivity drives consumer choice. With the connected-car market expected by grow by 270 percent between now and 2022, consumer expectations are changing: Around half of consumers now expect to be able to access their smartphone apps through their vehicle’s digital interface. Combined with the evolution of autonomous vehicle technology, automakers face a major change: […]

Continue reading