Published: March 11, 2016 | Detroit, MI
General Motors announced that it is conducting a “coordinated disclosure” program to incentivize hackers for bringing crowd-sourced solutions that can be effective in staying ahead of cyber-threats. In a Wall Street Journal’s report, reporter Gautham Nagesh notes that this is done to identify potential vulnerabilities and also strengthen existing security measures in connected vehicles.
The effort is an offshoot of so-called bug bounty programs run by companies, including Tesla Motors , that pay researchers to spot software vulnerabilities before outside hackers exploit them. GM’s program isn’t offering hackers cash but promises not to take legal action against them so long as they don’t disclose any vulnerabilities they uncover.
GM suffered a mild attack last year when a researcher (Samy Kamkar) demonstrated an ability to remotely locate, unlock or start a car using the auto maker’s OnStar smartphone system by installing a gadget underneath the vehicle. GM quickly addressed the problem and alerted consumers to the fix without a formal recall. GM already has a vehicle cyber security unit (not to be confused with the IT cybersecurity unit) led by Mr. Jeffrey Massimilla. He said that the current program would allow GM to create an industry-wide group to share information on cybersecurity threats.
In wake of the damning hacking demos, OEMs are hard-pressured to invest in security technologies right from the planning phase. It seems no longer appropriate to be “reactive” to security attacks as it brings down an automakers brand image and also raise skepticism amongst legislatures. The automotive OEMs are therefore partnering with the security research community to develop strategies for securing the connected vehicle.