General Motors Hires Cyber ChiefAutomaker Addresses Emerging Security Issues
General Motors Co. has hired its first chief product cybersecurity officer in a move by the automobile manufacturer to address ever-evolving and complex data security issues.
See Also: Live Webinar | Education Cybersecurity Best Practices: Devices, Ransomware, Budgets and Resources
Jeffrey Massimilla took on the role as of Sept. 2, says Jennie Ecclestone, a GM spokesperson.
GM is increasingly focusing on combating cybersecurity risks. Massimilla will head a newly formed corporate unit called Vehicle and Vehicle Services Cybersecurity.
"This team will utilize our internal experts and work with outside specialists to develop and implement protocols and strategies to reduce the risks associated with cybersecurity threats," Ecclestone says. "In addition, we are actively engaged in industrywide efforts to address vehicle security issues and develop industry standards that can be applied in the future."
Massimilla has worked with GM for the majority of his career in a variety of roles, Ecclestone says.
GM's new hire and establishment of a cybersecurity corporate unit signify the increasing need to secure devices as they connect to the Internet, says Tyler Shields, a security analyst at Forrester Research. "It just happens that cars are already quite a bit ahead of the curve for computing resources on board, resulting in a pretty large threat landscape," he says.
Vehicles have a number of computers built into them, and it's been shown that remote compromise of these systems is possible, Shields says. "With the Internet of Things coming so quickly, every product manufacturer that is embedding computing-style resources or connecting devices to the Internet or home network must consider the security of these devices."
The creation of the Vehicle and Vehicle Services Cybersecurity unit shows GM wants to get things right when it comes to protecting its products, says Alan Brill, senior managing director at Kroll Advisory Solutions. "It recognizes that preventing a problem by building security into the development cycle is far better than trying to solve a problem that might have been prevented," he says.