GM Cruise executive calls for cybersecurity discipline

JOE WILSSENS

Tim Piastrelli wants to see more "security hygiene" for self-driving vehicles through the sharing of information and best practices across the industry.

DETROIT — Federal regulations over the security of autonomous vehicles "need to happen," but the security head of General Motors' self-driving car unit believes it may be premature to start setting guidelines.

Tim Piastrelli, vice president of security at GM Cruise, said the autonomous vehicle industry may not be mature enough to begin setting standards, especially given regulators' lack of knowledge about the technologies.

"I definitely believe they need to be there, but when, I'm not sure," he said Wednesday during the Automotive News World Congress.

A more immediate concern, according to Piastrelli, is developing basic "security hygiene" for self-driving vehicles through the sharing of information and best practices across the industry.

Companies developing self-driving vehicles, he said, need to better communicate about security challenges and concerns, as the aerospace industry does. Currently, he said, the industry treats security matters as intellectual property rather than as "a combined design that we should all be following to help secure customer data."

In 2015, the Alliance of Automobile Manufacturers and the Association of Global Automakers formed Auto ISAC, an information clearinghouse to develop ways to prevent cybersecurity attacks on connected vehicles. But there have not been many updates out of the group in recent years.

Securing customer data is among the duties of GM Cruise's security team, which oversees all aspects of GM Cruise's security — from software and data on the vehicles themselves to outside attacks on the company's systems.

AV attacks

GM Cruise's 150 to 200 self-driving vehicles operating in San Francisco are constantly under attack from hackers inside and outside the company, according to Piastrelli.

Those inside the company are part of "red" and "blue" teams that constantly attack and defend to verify the security of GM Cruise's autonomous vehicles, while real-world threats, he said, are "continuous" from third parties trying to steal information.

"We see all types of attacks, mostly on our corporate and infrastructure side," Piastrelli said. "Attacking the AVs, not so much."

Piastrelli expects attacks on the vehicles themselves to increase as autonomous vehicles become mainstream, but he said the types of hacks seen in movies that remotely weaponize the vehicle are "far-fetched."

"I'm not saying it can't happen, but if done correctly and the controls are in place, you can mitigate it," he said.

Piastrelli said GM Cruise plans to expand its security team from 38 people to more than 60 employees by year end. The company is targeting a ratio of one security engineer for every 30 software engineers, which he said is far better than the industry average.

RECOMMENDED FOR YOU
States ‘off to the races' on EV charging infrastructure, says Energy official
Letter
to the
Editor

Send us a letter

Have an opinion about this story? Click here to submit a Letter to the Editor, and we may publish it in print.

Recommended for You
Michael Berube
States ‘off to the races' on EV charging infrastructure, says Energy official
Meiman-MAIN_i.jpg
USMCA trade deal important as a ‘functioning' dispute mechanism, trade expert says
David Strickland at AN Congress
GM's David Strickland: Industry needs EV tax credit for mass adoption
Sign up for free newsletters
Digital Edition
Automotive News 6-27-22
THIS WEEK'S EDITION
See our archive
Fixed Ops Journal
Fixed Ops Journal 6-13-22
Read the issue
See our archive