Mark Phelan of the Detroit Free Press Elaborates on Car Cyber Security

What are car companies, dealerships and the government doing to ensure sensitive information embedded inside connected cars – including your car’s “black box” or event data recorder (EDR) — is secure and inaccessible to hackers and even legal probes? Don’t miss this Q&A on vehicle cyber security with auto tech expert Mark Phelan.

V2Gov: Automakers are increasingly concerned about cyber security, how are OEMs keeping vehicle owner information private?

Phelan: There’s a lot of work going on to make cars more secure, including hackathons where automakers and suppliers work with white-hats to find holes in their cyber security. It’s hard to get much detail on what they do, for the same reason Apple and Microsoft don’t talk about security measures: They want to keep it secret so each new system lasts for as long as possible.

V2Gov: What about security at dealerships? What’s been happening there?

Phelan: Automakers are working hard to make their systems hack-proof, or at least very difficult to penetrate. That’s not just for owners’ privacy, but because automakers are afraid hackers could get into dealer networks, or even the automakers’ own systems, if they cracked the vehicle’s security.

V2Gov: What about vehicles outfitted with video capabilities? Who can access that?

Phelan: A bit like Apple’s position regarding cracking iPhones, the evolving position regarding privacy from official inquires appears to be that customers expect privacy from the company that made their car. To that end, some companies that offer video recorders for forward-facing cameras, for instance, don’t make recording automatic or include an SD card. That makes it each owner’s individual choice to record, so the automaker isn’t responsible for the video and can’t be compelled to provide access to it.

V2Gov: How much information is too much?

Phelan: Some automakers’ infotainment systems ask for account information about drivers’ online services. I think we’ll see less of that as more drivers realize their phone is probably the best place for secure cyber information. The best solution is probably to keep secure information in one place. Right now, I’d say that’s your phone.

In general, says Phelan, the European Union has stronger laws for cyber privacy than does the United States.  “Companies that sell cars around the world have to meet those standards,” he adds. “I hope they offer the same level of protection to their American customers.”

Next time, learn about the 2015 Driver Privacy Act, which President Obama signed into law in December.

Mark Pheland, auto critic for the Detroit Free Press

About Mark Phelan

Mark Phelan is an auto critic and columnist for the Detroit Free Press. He began covering the auto industry in 1986, and wrote for a variety of newspapers, magazines and online outlets before joining the Free Press in 2002. He has reported on the auto industry from all over the world, including while living in Europe and working in Asia, Australia, South America and Africa. Phelan has contributed to numerous publications, including the New York Times, Road & Track, and the Car Connection. He is a regular guest on television and radio programs, discussing trends shaping the auto industry. The winner of numerous awards, he is a former president of the Automotive Press Association and a juror for the North American Car and Truck of the Year awards.