The small number of connected vehicles on the road have shown high volumes of security issues which have damaged trust amongst consumers.
Speaking to CBR’s Joao Lima, Nick Cook, CIO at cybersecurity firm Intercede said: "There are very limited numbers of vehicles on the road with that level of connectivity today but we are seeing a high rate of security issues".
Recent security flaws found on connected vehicles like Fiat Chrysler’s Jeep Cherokee, can give hackers access to some of the car’s vital systems potentially causing mayhem on roads and putting people at risk of accidents.
Cook said these incidents have affected the smart car industry’s relationship with consumers, as trust in the solutions has been brought down by these recent events.
"These vehicles with long lifetime on them are out there, insecure. We need to make sure we bring the right facilities to consumers when we can, but we do need to ensure that this is done in a secure way to make sure that trust breakdown does not continue."
He said that in order to rebuild trust with consumers, the industry must engage as a group, collaborating and having the right organisations involved.
"Involving the right security party in that is important because those security parties, particularly coming from the enterprise environment, already have trust with consumers in many areas."
The enterprise bodies take a special role in the trust monopoly, as a lot of the security capabilities that we have in the enterprise today are relevant, according to Cook. Bringing those into the connected car space and understanding how they should be adapted to the automotive industry is important.
He added that looking towards standards is also vital so customers can see that OEMs are working into a common cause. "Implementation of solutions can be different" but the fact organisations are working towards a common standard that has been through a wide review will re-gain consumer trust.
"Having these things built in, being able to update, having plans to update, and a considerate approach to it, is where trust will come from ultimately.
"This is critical to begin to rebuild that trust which is broken at this moment in time."
Privacy splits into two
These trust issues are also allied to privacy concerns, but for Cook the industry needs to still understand what privacy means in the first place.
"I think there are some conversations that need to be taken around what privacy means, what aspects of privacy we need to protect and what aspects of it are deemed privacy related but are actually not necessary to be completely private.
"Privacy is important; it needs to be factored in, but it also needs to be considered carefully so it does not become overstated."
Asked about what privacy means to him, Cook explained that with user identity, there is privacy around who that user is, "but the IoT space is a lot different".
The CIO believes privacy needs to be discussed around "things connecting together" and what level of privacy needs to be in these smart solutions. This leads to data produced by IoT enabled vehicles, which should be loked at on its own from a privacy point of view.
"The privacy of the data is different than the privacy of the connection that is being made. It needs to be separated out, and the security characteristics of each aspect of it need to be considered properly, rather than all just being dumped in ‘privacy’."
Borrowing IT standards
A lot of the discussion surrounding privacy and security will always end up on the need for common standards. "Bringing together the security, the automotive background, the production and how we do these things, is critical. From that, [we will be able to] drive out what standards need to be in place and what they would look like."
The CIO said that in the connected vehicle space "clearly there needs to be a standard in place", with the need for procedures and practices to also be in place.
He pointed to the IT industry to highlight how the connected car space can benefit from this sector’s standards background. "[The IT industry] in general, has a whole processes around adopting standards. For example, how they are going to carry out the manufacturing process; how the information has been stored; or how it has gone under the manufacturing production software.
"Those [standards] need to be to be undercrossed with the OEMs and we need to get into an agreement on what that should look like."