DETROIT — Federal regulations over the security of autonomous vehicles "need to happen," but the security head of General Motors' self-driving car unit believes it may be premature to start setting guidelines.
Tim Piastrelli, vice president of security at GM Cruise, said the autonomous vehicle industry may not be mature enough to begin setting standards, especially given regulators' lack of knowledge about the technologies.
"I definitely believe they need to be there, but when, I'm not sure," he said Wednesday during the Automotive News World Congress.
A more immediate concern, according to Piastrelli, is developing basic "security hygiene" for self-driving vehicles through the sharing of information and best practices across the industry.
Companies developing self-driving vehicles, he said, need to better communicate about security challenges and concerns, as the aerospace industry does. Currently, he said, the industry treats security matters as intellectual property rather than as "a combined design that we should all be following to help secure customer data."
In 2015, the Alliance of Automobile Manufacturers and the Association of Global Automakers formed Auto ISAC, an information clearinghouse to develop ways to prevent cybersecurity attacks on connected vehicles. But there have not been many updates out of the group in recent years.
Securing customer data is among the duties of GM Cruise's security team, which oversees all aspects of GM Cruise's security — from software and data on the vehicles themselves to outside attacks on the company's systems.