Hacked Off
Security is about to become everyone's business. Several years ago a research company discovered a vulnerability in a car maker's anti-theft system. The research company approached the car company to let them know about the weakness of their system and the car company thanked the research company.
What happened next is emblematic of what is now unfolding in the auto industry in the wake of the BMW hack by the German automobile club ADAC. The car company in question turned to the supplier of the system and complained vociferously about failing to create a sufficiently safe system. The supplier then turned on the research company for making them look bad.
The moral of the story is - consequences roll down hill along with blame. BMW suppliers implicated in the BMW hack considered making public statements disavowing any role in contributing to the vulnerability of the ConnectedDrive system, but ultimately demurred.
You can't blame them for considering such a move. In essence, BMW was making THEM look bad!
A well-known and frequent dodge in the automotive industry is to blame the car company. Most supplier agreements have very specific requirements for what the car maker wants and those specific requirements have the unintended effect of letting the supplier off the hook when anything goes wrong: "After all, we built the system precisely to their specifications."
But that is a no-win position for a supplier. You can't fall on your sword as a supplier: "It was all our fault." And you can't blame the car company: "We warned them there might be a problem, but they ignored us." or, worse: "We don't know anything about that security stuff. It's not our problem."
In future, supplier agreements may raise the liability exposure putting greater onus on suppliers to take on more responsibility for security. Companies such as semiconductor supplier Freescale have already recognized this new regime and taken on the responsibility along with a thought leadership position in the industry.
Security is not the sole responsibility of the car maker, although the car maker bears that sole responsibility in the eye of the customer. Henceforth, suppliers must embrace security as a key element of their product or service regardless of their position in the value chain. All players sink or swim together.
???? Product Owner/Leader Sustainability Insights at Stena Recycling Group | Sustainability aficionado | Climate Change troublemaker
10 年Well put