Getty Images
Industryweek 12933 Delphi

Addressing Privacy and Security Issues in the Connected Car

Feb. 2, 2017
A pair of intellectual property lawyers share their four top cybersecurity tips for automotive suppliers and OEMs.

The modern-day car is not just a computer on wheels—it’s several computers on wheels. New cars can have 50 or more electrical control units (ECUs) networked together, and each network is analogous to a separate computer.

By 2020, an estimated 250 million connected cars will be on roads worldwide. Each car will have 200 or more sensors collecting information about road conditions, the car itself and driver behaviors and preferences.

With significant advances in smart phone car-connectivity and onboard infotainment system allowing cars to collect more and more information about our daily lives and personal interactions, privacy and security have become top-priority for OEMs and suppliers.

Here are our top four tips for addressing these privacy and security issues and concerns:

1. Practice “security by design.” This is a concept recently espoused by federal regulators, namely, the National Highway Traffic Safety Administration and the Federal Trade Commission, as well as industry self-regulatory organizations. With security by design, a company addresses data security controls when products, components and devices are still on the drawing board. The days of building it first and then layering security on top are now over.

Deal with risk assessments—addressing potential threats and attack targets—during the design process. Conduct security design reviews and product testing during the development process. Make sure secure computing, software development and networking practices address the security of connections into, from and inside the vehicle.

2. Practice “privacy by design.” While security deals with the safeguards and measures implemented to protect the data from unauthorized access or use, privacy focuses on theright and desire of individuals to keep information about themselves confidential. During the design process, companies should understand and identify what personal information a device will collect and how it will be used; what type of consumer consent they will need and how to best obtain it; and whether the intended sharing of personal information is appropriate and legal. After identifying this information, the company can reconcile privacy requirements with security safeguards during the design and development process.

3. Establish an appropriate data security governance model. Executives and senior management can no longer blindly delegate data security to the security engineering team. Regulators, courts and juries are demanding that senior management become involved in and accountable for data security. With the precise governance model depending on the nature and size of the organization, each company should actively consider what level of executive oversight is appropriate, and then document those conclusions in a data security governance policy. This will serve the dual purposes of enhancing data security of vehicles and component parts, while also bolstering the company’s defenses in the event of a security incident or investigation.

4. Address the entire supply chain. Both OEMs and suppliers should conduct appropriate due diligence and risk assessments of their respective suppliers of hardware, software, development tools assembly, integration and testing—both at the beginning of the relationship and periodically throughout.. Suppliers’ contracts should also address data security requirements.

Agarwal and Howell are partners and intellectual property lawyers with Foley and Lardner LLP.

Popular Sponsored Recommendations

The Benefits of Continuous Thermal Monitoring

Oct. 17, 2023
Read this eBook to learn more about collecting and using data intelligently to improve performance.

Are You Positioned To Tackle Supply Chain Risk?

Sept. 20, 2023
Supply chain disruption is here to stay, but you can keep ahead of potential issues — and identify new opportunities — by regularly assessing your suppliers. Download our supplier...

Legacy Phone Lines Are Draining Your Profits

Oct. 30, 2023
Copper wire phone line expenses that support emergency devices could be costing your company millions of dollars in wasteful overhead expenses. Rates have been skyrocketing while...

Discrete and Process Manufacturing 2024 Trends and Outlook for North America

Oct. 29, 2023
Manufacturers are reaping the benefits of automation and cloud-based solutions. Discover what is driving today's industry trends and how they can shape your growth priorities ...

Voice your opinion!

To join the conversation, and become an exclusive member of IndustryWeek, create an account today!