How the IMI is protecting the future with the UK Security Services
Security should be embedded in everything we do. The problem is the government is worried UK business does not take it seriously and we aren’t very good at it!
Our industry has always faced the challenge of selling highly priced products that, if not secured properly, can be driven away quite easily. We also face the challenge of holding very rich data on customers, and several organisations have lost large quantities of information through breaches in cyber security.
A few months ago, I received a call from the National Protective Security Authority (NPSA), which is part of MI5, asking if there was a way that we could assist in improving business security, using the motor industry as a pilot, the learnings could be rolled out across other sectors.
The NPSA’s mission is to build resilience to national security threats, which sounds quite grand but is critically important. The aim is to help our sector understand the range of threats that we face from terrorism, espionage, state actors and criminals. This is then to be supplemented with advice and support in how businesses and individuals can minimise risk in how they operate on a day-to-day basis.
Over the last few months, the IMI has been working with the NPSA to look at the nature of the risks facing the sector. These come in a variety of forms, some because of the complexity of working globally, but also the dispersed nature of the retail automotive sector.
A new kind of criminality
We have always been aware of car theft; however, a new dimension comes in the form of connected vehicles. Whereas in the past most data breaches have been targeted at company data, the connected car becomes a potential portal for both personal and organisational data theft. It also has the more sinister possibility of impacting a cars performance.
Most connected vehicles would allow for:
Engine shutdown: Hackers could manipulate a car's ECU to the point where they can bring the engine to a sudden halt while driving, presenting a clear danger on the road.
Theft: Connectivity features like keyless entry can be exploited to unlock vehicles remotely, making it easy pickings for vehicle thieves.
Data theft: Modern cars are loaded with data – with GPS history, phone contacts synced to the entertainment system, and even credit card info from your latest drive-through. Personal data such as this can be stolen.
Manipulated vehicle functions: Hackers could interfere with the car's operating features such as the horn, wipers, blinkers, or even headlights, leading to safety issues.
The IMI is in the process of responding to this challenge. IMI TechSafe, the world leading standard for emerging technologies such as EV, hydrogen and ADAS, already has elements that cover the issue of security in this new highly connected environment. We are working with the NPSA to develop a CPD element that brings together practical ways that cyber security can be enhanced within our sector.
Going forward drivers will not simply be handing their car over for a service, they will at the same time be passing over access to the full details of their lifestyle, finances and contacts. If we don’t embed security, trust will be broken and customers will walk away.