EXECUTIVE SUMMARY:

Putting the brakes on vehicle hackers:

A new U.N. regulation mandates that manufacturers of network-connected vehicles secure their products against cyber attacks. A group of 53 nations ratified this agreement last month. Although the US chose not to participate, American car manufacturers will need to comply with the rules to sell vehicles in Europe.

In addition to outlining cyber security standards for manufacturers, the mandate also requires for manufacturers to guarantee the security of third-party suppliers.

“If consumers get their car hacked, the manufacturers will be ready to take action and respond,” said one U.N. secretary. But is that enough? A hacked car may not only mean injury or death for the car’s occupants, but also for innocent drivers on the road who don’t own connected cars.

Connected car security spend:

In the auto industry, spending on cyber security is currently at $4.9 billion. While auto manufacturers’ cyber security spend is expected to double by 2030, will we genuinely be able to solve for all of the vulnerabilities that put drivers at risk?

The U.N. regulation requires for manufacturers to secure against certain types of malware attacks, but what about those obscure attack types that almost no one has ever heard of? And what if an attack not only infects one vehicle, but spreads to hundreds or thousands of vehicles?

The new rules are set to take effect in 2022, although Japan and South Korea intend to implement them sooner than the agreement requires. For more information on connected cars, visit The Wall Street Journal.