Print Friendly and PDF

Bug Bounties, Data Privacy and Why You Should Be Aware of a 15-Year-Old in the Philippines



Automotive executives and industry stakeholders gathered at Cobo today to talk about the key cybersecurity issues facing the industry at the Billington Global Automotive Cybersecurity Summit. Keynote speakers included: GM CEO Mary Barra, U.S. Transportation Secretary Anthony Foxx and Asst. Attorney General for National Security John Carlin, among many panelists and speakers.

Here are a few takeaways that stood out:

Cybersecurity is a growing national and public safety issue

Autonomous vehicles have the potential to save countless lives from fatal accidents. On the flip side, the more technology the greater the risk of cyber threats. As Assistant Attorney General for National Security John Carlin pointed out: “If (terrorists) are trying to get people to drive trucks into people in public – it doesn’t take too much imagination that to realize that they’d do the same thing with autonomous vehicles.”

You can’t do it alone, collaborate

The words of the day were collaboration and trust. In a connected world, a Toyota Prius is going to have to talk to a Chevy Bolt. So if the vehicles have to communicate, so will the companies that make them. It’s not only needed, it’s inevitable. So best now to collaborate and build those relationships, which will only be more critical with autonomous vehicles. U.S. Transportation Sec. Anthony Foxx closed with some sage advice: “There is no company that can accomplish (in cybersecurity) what all companies can accomplish together.”

Hackers are going to hack, so put them to work for you

Panelist after panelist raised the issue of hackers and how they hold the key to creating resilient defenses and outsmarting cyber criminals. Businesses should embrace and seek out “white-hat” hackers to lengthen their talent pipeline and bolster their defenses. Holding hack-a-thons and paying out bug bounties to hackers who can identify your vulnerabilities before criminals do, will pay huge dividends. As one panelist alluded to, Fortune 500 companies must recognize that the key to their cybersecurity defense may be a 15-year-old kid in the Philippines with an innate curiosity in finding out how things work, and how they can be broken. Embrace crowd-sourcing, there’s a lot of talent out there in curious hackers looking to do good … often for a fraction of the price.

In 10 years, fully autonomous vehicles will be available for sale

That was the estimate provided during a panel featuring GM’s Mark Reuss and Carnegie Mellon Professor Raj Rajkumar. If that’s the case, establishing robust cybersecurity into design on the front end of prototype development has to start now … no delays. Cars that drive themselves are no joke, but the company that doesn’t include cybersecurity into design likely will be.

Cybersecurity is a C-suite issue

If GM’s CEO Mary Barra is concerned about cybersecurity and taking a hands-on approach in bolstering her company’s defenses … you should too. Successful CEOs of her caliber with her busy schedule don’t waste time on trivial things. With the onset of the Internet of Things and fully connected vehicles (and fully connected employees), cyber breaches will only become more sophisticated and frequent. CEOs must engage cybersecurity head-on.

You can’t embarrass a dead person (says a panelist)

With the amount of consumer and performance data flowing through a vehicle growing rapidly, questions loom about who can access that information and how it can be used. As a panel pointed out, it’s likely to pit consumer privacy advocates against public safety advocates, and create a tension between the need to protect one’s info and investigating accidents by gathering info/evidence from vehicles. Josh Corman, director of Cyber Statecraft Initiative for the Atlantic Council, put it bluntly: “If we’re not careful, we’re going to have corpses with their privacy intact.” A delicate balance will be needed.