Modern field guide to security and privacy

What automakers can teach us about securing the Internet of Things

While 'Back to the Future Part II' didn’t envision connected cars, car companies are working together to safeguard a cornerstone of the Internet of Things

  • close
    Ned Curic, chief technology officer for Toyota Motor Sales USA, speaks at the introduction of a Passcode event on security and privacy in the Internet of Things on Wednesday, Oct. 21, 2015.
    Michael Bonfigli/The Christian Science Monitor
    View Caption
  • About video ads
    View Caption

How’s it feel to be living in the future?

Oct. 21, 2015 is the exact day Marty McFly and his quirky friend, Doc Brown, traveled in their DeLorean time machine in "Back to the Future Part II" thirty years ago. 

The filmmakers got a few things right, as wide screen televisions and video chats are indeed commonplace. But we’re still waiting for self-lacing tennis shoes and rejuvenation clinics. And, although Toyota is working on both hover boards and flying cars, it seems like we’re still at least a few years away from either of those.

Recommended: Watch live: How can policymakers help secure the Internet of Things?

But Marty and Doc’s vision of Oct. 21, 2015 missed out on one of the most significant discoveries of our time: the Internet. 

The Internet has become a fundamental and inextricable part of our existence in the real 2015. Increasingly, it feels like the Internet is coming ever-closer to home because of the Internet of Things, the catch-all term for previously-unconnected devices being improved by digital connectivity. 

Cars, of course, are squarely in the middle of that conversation about the Internet of Things. We suspect that’s because we share some level of understanding about the profound impact connected cars will have on our lives.  We look forward to a day when cars don’t crash anymore, and to the convenience that connected cars will bring to our lives.  

Of course, there are also risks. It’s important that we talk about these risks. But I would argue that it’s also important that we keep them in perspective, because the reality is that there is no benefit – to the consumer, to the economy, to American competitiveness — without some level of risk.

The obvious question is what it will take to manage it all — and that’s where the auto industry has shown leadership, in peering out into the future and attempting to lessen the risks of the Internet of Things while obtaining its great benefits.

Radical changes, collaborative responses

We’re on the cusp of profoundly new ground in the auto industry, where the car is on on the verge of radical change made possible by connectivity.

Vehicle-to-vehicle (V2V) and vehicle-to-infrastructure (V2I) communication will bring about amazing reductions in traffic fatalities and provide a gateway to self-driving, or autonomous, vehicles. Unimaginable services and features driven by increased connectivity will provide greater opportunities for efficiency, personalization and safety for travelers.

Cars can only talk to one another and their surrounding infrastructure if every part of the system speaks the same language. Toyota vehicles must communicate with cars from other vehicle manufacturers. Similarly, increasingly durable cars live longer on our roads, meaning a Toyota built today must be able to communicate with a vehicle hitting the showroom 10 years from now.

We must also recognize that connected cars come with potential risks, including those of digital security and privacy. For example, the significant amount of data that will be generated by connected cars could threaten consumer privacy if it is not handled responsibly and respectfully. 

The good news is that the auto industry has not been deaf to these risks.

Various private sector collaborations and coalitions have worked diligently for years to define, develop, and validate the V2V and V2I communication protocol. This industry coordination has helped ensure that the connected vehicle network will be interoperable, robust, and able to withstand the test of time.

The auto industry also came together to proactively address privacy concerns and, last November, unveiled Privacy Principles for Vehicle Technologies and Services. These self-regulatory principles, which essentially amount to an industry code of conduct governing the collection and use of vehicle data, were developed over many months by the auto industry and include unprecedented consumer protections.

For example, automakers are prohibited from using sensitive vehicle data for marketing purposes or from sharing sensitive vehicle data with third parties without a vehicle owner’s affirmative consent. The Principles represent a clear commitment from the auto industry to protect and preserve consumer privacy, and should be celebrated as a meaningful self-regulatory model for other sectors in the emerging Internet of Things ecosystem.

By the end of the year, too, the industry will have a new layer of defense in the fight against would-be hackers. We have established an Information Sharing and Analysis Center (ISAC) to act as an industry-wide clearinghouse for intelligence about cyber threats to vehicles and their onboard networks. This center will also facilitate the sharing of best practices for how to safeguard against and respond to such threats.

While Doc and Marty may not have needed roads for their adventure, the rest of us certainly will.

And as such, the auto industry is enthusiastic about innovation made possible through connectivity. This innovation will undoubtedly change our lives and the way we travel. Through industry partnerships and collaborations, we can be assured that the exciting vehicles of tomorrow will drive us safely and responsibly into the future.


We want to hear, did we miss an angle we should have covered? Should we come back to this topic? Or just give us a rating for this story. We want to hear from you.