The auto industry lags behind others in cybersecurity, said Mohamed Ismail, chair of the department of electrical and computer engineering at Wayne State University in Detroit.
“With any new technology, this is a very typical situation,” he said. "When I started Wi-Fi and Bluetooth 25 years ago, it took years for these technologies to become perfect and mature."
Ismail estimates that the auto industry needs around five more years of research and development to produce millions of vehicles, mostly software-based vehicles that are very secure.
Friendly hackers will help the industry get there.
“Using the bug bounty platform has proven to be an effective way to put the knowledge and experience of the security community into action,” said Katja Liesenfeld, IT communications manager at Mercedes-Benz Cars & Vans said in an email. "We cannot give more technical details because the software is private."
Automakers are reluctant to talk about their reward programs and cybersecurity issues. Ford, Jaguar Land Rover, Nissan, Stellantis and Subaru declined to discuss their cybersecurity programs with Automotive News. BMW, Porsche and Volkswagen did not respond to inquiries. Honda said it does not have a bug bounty program.
Most of the auto industry is proactive about cybersecurity issues, said Kevin Tierney, GM's director of cybersecurity and vice president of the Automotive Information Sharing and Analysis Center, better known as Auto-ISAC. The group of car manufacturers share information about cyber threats, vulnerabilities and possible incidents.
"Everyone is taking big steps and making big investments," Tierney said. "It's not always clear to the end consumer with everything that's going on."
General Motors started the bug bounty program in 2016. It's run by San Francisco-based HackerOne, which also runs programs for BMW, Ford, Rivian and Toyota.
HackerOne's automotive business jumped 400% from 2021 to 2022 as customers added services to their contracts. In addition to managing bug bounty management, HackerOne provides vulnerability detection and penetration testing software for online systems and other services.
Also Read: Discounts of 64,000 on Maruti Wagon R, Ignis, and other models in March 2023