Hackers hired on to debug GM cars

Bounty offered for every breach

Highly computerized cars increase the likelihood that consumers' data are vulnerable or that driver safety is endangered if car companies aren't prepared to cut off at the pass any data breach or threat to cybersecurity.

To help thwart such infiltrations, General Motors is taking no chances.

In the coming weeks, GM will invite researchers, some of whom are professional computer hackers, to Detroit to offer them a bounty or cash payment for each "bug" they uncover in GM vehicles' computer systems.

"We'll show them the products, programs and systems for which we plan to establish these bug bounties. Then we'll put them in a comfortable environment, ply them with pizza and Red Bull or whatever they might need ... and turn them loose," GM President Dan Ammann said in a speech at the Billington CyberSecurity Summit at Cobo Center in Detroit on Friday.

After that, GM will send these cybersecurity pros home with hardware to continue their research over many weeks, he said.

The program, called Bug Bounty, will include about 10 researchers GM has hand-picked.

"They are white-hat researchers who we've established relationships with through our coordinated disclosure program," Jeff Massimila, GM's vice president of Global CyberSecurity, told reporters at the summit.

"White hat" is Internet slang for an ethical computer hacker or computer security expert who specializes in penetration testing or other testing methods to help protect an organization's information systems.

GM started its coordinated disclosure program two years ago, Massimila said. He said GM was one of the first automakers to embrace the work of white hat researchers for its products and programs. The coordinated disclosure program was open to anyone, but GM did not pay those researchers for any contributions. Instead, he said, GM built relationships and identified the 10 it would pay to fix the bugs.

GM presently employs about 450 people working in the cybersecurity area, Massimila said.

The Bug Bounty program will start before the end of the summer, Massimila said. He and Ammann declined to say how much GM will pay the bug hunters or what it has spent on cybersecurity so far.

Ammann said "it is a top priority" for GM that its vehicles are safe from any data breach or threats particularly as it aggressively pursues development and deployment of autonomous vehicles, which it plans to take to market next year.

Ammann said GM has a broad perspective of where threats to information technology could come from.

"The overall threat level and so on is only going to grow from here, which is why we're putting so much energy and resources into getting ahead and staying ahead," Ammann told reporters.

The work is not just happening inside the company, said Ammann, but GM is "taking advantage of third-party researchers, taking advantage of third-party expertise from multiple different places, working together across the industry to collaborate to make sure we have all the best minds working on this issue."

Convincing consumers that GM cars are secure from any cyberthreats will happen by meeting government regulations and having strong public communications, Ammann said, adding, "We'll have work to do ahead of us on that."

Business on 08/04/2018

Upcoming Events