‘Continuous' hacker attacks test GM Cruise

DETROIT — General Motors' self-driving vehicle unit is constantly under attack from hackers inside and outside the company.

Those inside the company are part of "red" and "blue" teams that continually attack and defend to verify the security of GM Cruise's autonomous vehicles, while real-world threats, according to Tim Piastrelli, GM Cruise's vice president of security, are "continuous" from third parties trying to steal information.

"We see all types of attacks, mostly on our corporate and infrastructure side," he said during the Automotive News World Congress. "Attacking the AVs, not so much."

Piastrelli expects attacks on the vehicles themselves to increase as autonomous vehicles become mainstream, but he said the types of hacks seen in movies that remotely weaponize the vehicle are "far-fetched."

The possibility of such attacks and the real ones the San Francisco-based operations face each day are among the reasons he believes federal regulations over the security of autonomous vehicles "need to happen."

But it may be premature to start setting guidelines.

The autonomous vehicle industry, according to Piastrelli, may not be mature enough to begin setting standards, especially given regulators' lack of knowledge about the technologies.

A more immediate concern, he said, is developing basic "security hygiene" for self-driving vehicles through the sharing of information and best practices across the industry.

Companies developing self-driving vehicles need to better communicate about security challenges and concerns, as the aerospace industry does, he said. Currently, he said, the industry treats security matters as intellectual property rather than as "a combined design that we should all be following to help secure customer data."

Securing customer data is among the duties of GM Cruise's security team, which oversees aspects ranging from software and data on the vehicles themselves to outside attacks on the company's systems.

Piastrelli said GM Cruise plans to expand its security team to more than 60 employees from 38 by year end.

The company is targeting a ratio of one security engineer for every 30 software engineers, which he said is far better than the industry average.