Elon Musk’s vision of fully autonomous AI-driven cars has long captivated the world. While Tesla has pioneered developments in self-driving technology, other major players, like IBM, are carving their own path forward by addressing the intersection of artificial intelligence, connected vehicles, and cybersecurity.
Martin Keen and Jeff Crume, seasoned IBM experts, discussed the challenges and opportunities in this evolving space. Keen noted that modern vehicles, equipped with 70 to 100 onboard computers and millions of lines of code, resemble mobile computers more than traditional cars. Crume echoed this, pointing out that with every connected endpoint, the risk of cyberattacks grows.
“Every one of these things is an endpoint, and every single one of them increases the attack surface,” he remarked, underling the scale of the challenge.
The automotive industry is rapidly moving toward a future dominated by connected and autonomous vehicles. According to Juniper Research, the number of connected cars is projected to reach 367 million by 2027, up from 200 million today. Keen explained that connected cars rely on vast amounts of data for shared mobility, assisted driving, and autonomous functionalities. However, this data dependency introduces significant security risks, especially as vehicles are expected to remain operational for decades. Crume stressed the issue, asking: “What’s the incentive for the car maker to keep supporting software updates in vehicles they’re not making any more money from?”
Another pressing challenge is the complexity of these systems. Vehicles now incorporate CPUs, GPUs, Telematics Control Units (TCUs), and over-the-air (OTA) update capabilities. Keen noted that such complexity can be a double-edged sword, offering advanced functionalities while making systems harder to secure.
“Complexity is the enemy of security,” Crume added. “The harder it is to assure that a system will behave as intended, the greater the security risks.”
The conversation also discussed on past incidents that foreshadow the potential risks of connected vehicles. Crume recalled a 2015 case where ethical hackers took control of a car’s brakes, steering, and infotainment system, leading to a recall of 1.4 million vehicles. Such breaches highlight the urgent need for automakers to adopt a “secure by design” approach, embedding cybersecurity measures into every stage of a vehicle’s lifecycle. Crume warned: “If you don’t build the security in from the start, trying to add it later is more expensive and more dangerous.”
Beyond security, the duo explored the implications for consumer privacy. Connected vehicles collect extensive data about their users, from driving patterns to location histories. Keen raised concerns about how this information is stored, used, and shared, often without drivers fully understanding the terms of service they agree to.
As the automotive industry continues its transformation, both Keen and Crume stressed the importance of education for consumers and robust security measures for manufacturers. Automakers must integrate advanced tools like generative AI to predict and mitigate future risks while maintaining transparency and compliance across their supply chains.
“Connected vehicle technology has incredible potential,” Keen concluded. “But we must ensure the security challenges are addressed so that we can enjoy the ride without compromise.”
