Speaking in a keynote talk at the RSA Conference in San Francisco, Mary T. Barra, chairman and CEO of General Motors Company, said that she acknowledged that “no one in this room needs convincing that there are virtually no industries today that are not vulnerable to cyber-attacks.”
She said that the auto industry is no exception, as it is bringing technologies and features to market, while users expect seamless integration with their devices, “and it is always our intention that customers and their data are always safe, secure, and private.”
GM built a “proactive cybersecurity organization” with hands-on engagement from the board, as it views cybersecurity “not just as a competitive advantage, but as a systemic concern for our industry.”
Barra said that the automotive industry remains competitive, but cybersecurity is an area “in which we must, and where we do, act as a united front to collaborate and to share best practices,” and it works with the Auto-ISAC for information sharing, while it is focused on securing the automobile process at every stage.
Referring to the Cruise autonomous vehicle arm of GM, she said that human error is responsible for 9 out of 10 crashes, and GM was keen to provide “the safest products and strongest cybersecurity and giving them greater convenience, better accessibility, at an affordable cost.”
Barra said that around $100m is spent per year on cybersecurity, and the risk is looked at end-to-end with “no shortcuts” taken by the nearly 500 practitioners “developing in-depth defense, monitoring incident response capabilities that we continually test, rework, and refine.”
One partner GM has worked with is HackerOne “to engage more closely with the research community and identify vulnerabilities before they become an issue.” She said that this commitment showed its determination to maintain best practices in cybersecurity, and had re-engineered its development program to create the Vehicle Intelligent Program (VIP) to support safety systems, 5G networks, and over-the-air updates “and enhanced cybersecurity protections.”
She concluded by saying that “we know this is a marathon with no finish line” and stressed the need for more talent.