Everyone in the automotive industry is thinking about cybersecurity. We got the opportunity to speak to not one but two thought leaders in the space — live from the OESA Summit in Novi, Michigan.

“When you have software or technology plugging into the vehicle in a totally new and different way, understanding how all of the systems around you and those specifications work is absolutely mission critical to launch,” says Jennifer Dukarski, known as “The Geek Lawyer.”

VP of Autocrypt Martin Totev sees digitalization reshaping automotive firsthand. “The auto industry is going to experience what the phone industry has experienced for the last 20 to 30 years,” he explains.

Themes discussed on this episode:

• How technology and automotive are colliding in a big way, and what to focus on to benefit most from these transitional changes.
• The biggest risks OEMs and automotive suppliers face today, and why increased digitization means increased cyberthreats.
• The industry standards OEMs and suppliers need to get up to speed on.
• What the landscape of program management looks like.
• Who should be responsible for cybersecurity updates.

Featured on this Episode

Name: Jennifer Dukarski

Title: Shareholder, Butzel

About: Affectionately known as “The Geek Lawyer,” Jennifer is a recognized thought leader in the emerging tech media, IP privacy and cybersecurity spaces. As a “recovering engineer” — albeit, as she says, “one never truly recovers” — she brings “engineering sensibility” to legal issues within the automotive supply chain.

Connect: LinkedIn

Name: Martin Totev

Title: VP, Autocrypt

About: Autocrypt is a mobility cybersecurity provider dedicated to the safety of new transportation. With increasing cyber risks, Autocrypt works with OEMs and suppliers to offer cybersecurity solutions to the automotive industry.

Connect: LinkedIn

Episode Highlights

Timestamped inflection points from the show

[1:28] Recovering engineer: From engineering to the legal world, Jennifer brings her prior experience into emerging new tech-driven spaces.

[2:14] Automotive supply chain prophecy: What’s on the horizon for automotive? A lot of exciting technology to modernize your supply chain.

[3:03] Big challenges: Automakers have to contend with the risks of software, as well as benefit from its upsides.

[4:47] Jennifer’s one thing: Terms and conditions and engineering specifications really matter when improving the supply chain — Jennifer explains how.

[6:02] Where cybersecurity and automotive collide: Cars are growing more digitized by the day. With this trend, Martin explains, comes an increasing number of cyber threats.

[6:56] ISO alignment: Along with ISO 26262, there are published industry standards like ISO 21434 and cybersecurity regulations like WP.29 to which companies need to adhere. But it’ll be a few years yet before everyone is fully compliant.

[8:24] View from the supply chain: Martin explains how cybersecurity looks inside the car. Pressing a button to engage breaks is one of many new innovations that require manufacturers to assess different, new risks.

[10:12] Change the program: Program management in organizations is in for a wild ride. The traditional way no longer works. Autocrypt engages OEMs to help prepare with the WP.29 and other new regulations.

[11:57] Who owns cybersecurity?: OEMs and suppliers need to be aware of their responsibilities in this new world. This may include acquiring the necessary qualifications and considering how to mitigate vulnerabilities if (and when) they appear.

[13:28] Martin’s one thing: Consumers need to accept updates to benefit from better cybersecurity. Martin explains how safety is the number one priority and where the balance can be struck.

Top quotes

[2:15] Jennifer: “There's a lot of exciting things on the horizon and a lot of them really do come from technology: components [for] the supply chain, [and] new areas like software, artificial intelligence sensors, electrical vehicle batteries — so many different new technologies. But at the same time, a lot of these technologies, software and AI can all be used to truly bring your supply chain up and into the modern era of manufacturing. I see technology as the place to be because it can help with the actual workload, and it can help with the product that we're creating [and] your engineering.”

[4:47] Jennifer: “To truly improve the supply chain, understand your terms and conditions [and] include your engineering specifications. When we go and negotiate terms and conditions, we don't always look at everything underneath that agreement — we need to know and make sure we're understanding what the quality and test requirements are. Moreover, when you have software or technology plugging into the vehicle in a totally new and different way, understanding how all of the systems around you and those specifications work is absolutely mission critical to launch [and to make sure] it's going to be successful, have great delivery and quality, and also make consumers happy.”

[12:49] Martin: “How we update our phones these days — every few months — I believe cars are going to be also updatable in a very similar manner. It’s the future: Digitalization is happening everywhere, and the auto industry is going to experience what the phone industry has experienced for the last 20 [or] 30 years.”

[13:28] Martin: “When it comes to regulation, there should be a middle ground as to [asking] for permission from the driver and [when] the OEM [should] push it [out] themselves. If it's security and safety related, the OEM should not require any action from the drivers. … I hope that the regulation authorities are on the same page as myself, because safety of course is the highest priority.”