General Motors has named an executive to lead efforts to harden its increasingly computer-dependent vehicles against attacks by cybercriminals. The new and growing concern is that hackers could remotely commandeer a car or truck’s control systems to cause accidents or perpetrate some other mischief.
GM said Jeffrey Massimilla will assume the role of chief product cybersecurity officer. The University of Michigan alum was previously director of the automaker’s Global Validation group and before that was engineering group manager for its Next Gen Infotainment unit.
GM is among many automobile makers building more vehicles that use telemetrics sensors to collect performance data on parts and and transmit it back to the manufacturer. On-board navigation and infotainment systems, like GM’s OnStar, also link cars and trucks to the Internet.
Some 2015 GM vehicles also feature embedded mobile Wi-Fi systems that use 4G LTE technology.
While these add-ons make vehicles more reliable and convenient to operate, it also makes them, like any connected system, vulnerable to hackers. That means automakers for the first time must worry about more than just physical safety and protection when it comes to safeguarding passengers.
In a demonstration last year, security experts Charlie Miller, of Twitter, and IOActive’s Chris Valasek used a MacBook to take over the braking system of a Ford Escape.
It’s not all bad, depending on one’s viewpoint. Lenders who make car loans to subprime borrowers have been installing so-called starter interrupt devices in vehicles. The device allows the lender to disable the vehicle over the Internet in the event a borrower falls behind on payments.
About 25 percent of vehicles sold to subprime borrowers use such devices, according to the New York Times.
Automakers aren't the only manufacturers that now have to worry about cybersecurity. A wide range of industries, from appliance makers that produce smart TVs to developers of connected healthcare instruments, are producing products that are adding to the so-called Internet of Things — which comprises billions of embedded sensors.
As a result, more and more companies are creating the role of Chief Information Security Officer (CISO) to protect their systems. “The IoT is a conspicuous inflection point for IT security — and the CISO will be on the front lines of its emerging and complex governance and management,” Earl Perkins, an analyst at research company Gartner, said in a statement.
Gartner predicts that 20 percent of large companies will have an organization in place to protect IoT systems by 2017. “The requirements for securing the IoT will be complex,” said Perkins.