GM CEO Mary Barra's Keynote: Billington Global Automotive Cybersecurity Summit
(Text as provided by General Motors. Address delivered in Detroit, Michigan, July 22, 2016.)
At General Motors, we are very pleased to join you and others to sponsor this first-ever ";Global Automotive Cybersecurity Summit";… and to do so here in Detroit.
I want to add my welcome to Secretary Foxx, Senator Peters, Congresswoman Dingell, Administrator Rosekind, Commissioner McSweeny, and all of the government, business and academic leaders who have made this summit a priority.
This event underscores the fundamental importance of bringing together thought leaders from all sectors to examine the state of automotive cybersecurity and explore ways to strengthen our mutual cyber defenses.
Even more important, it points to the unique responsibility we have to develop proactive solutions to the cybersecurity challenges facing society today.
Around the world, consumers increasingly expect to have constant and seamless connectivity. By 2020, it is estimated that there will be 50 billion smart devices in use around the world – or about seven connected devices for every man, woman and child on the planet.
Growth in the so-called sharing economy is now a global phenomenon – in everything from cars and bicycles to apartments, tools, and even high-end clothing and jewelry.
And the trend toward more sustainable living and environmentally friendly policies is now as important as the growth in urban population centers. By 2020, projections are that there will be 41 global ";megacities"; with populations above 10 million, up from 28 such cities today.
Each of these trends is reflected in today's global auto industry. In fact, I fully expect the auto industry to change more in the next five years than it has in the last 50. At GM, we are excited by this disruption and are committed to help lead it.
In the area of connectivity, GM's OnStar service has responded to 1.3 billion customer requests since we launched the service 20 years ago. By the end of this year, we expect to have 12 million OnStar connected vehicles around the world, and by 2020 we expect more than 75 percent of our global volume to be actively connected. And this is just the beginning of where connectivity will take us in the future, as we work to expand and improve the customer experience both inside and outside the vehicle.
Around the world, car- and ridesharing services are expanding exponentially. Globally, an estimated 15 million people use shared mobility services such as ridesharing and car sharing today. By 2020, this number is projected to be more than 50 million.
At GM, we combined a number of our sharing programs earlier this year under a single brand called Maven. We now have programs in half a dozen U.S. cities, as well as Germany, China, and Brazil… with more on the way.
We're also very excited about our strategic alliance with Lyft. We believe the convergence of connectivity, ridesharing, and autonomous vehicles will shape the future of personal mobility.
The societal trend toward sustainability is mirrored in the industry's drive toward alternative propulsion, especially electric vehicles. Later this year, we will start production of the all-electric Chevrolet Bolt EV, which will be the first electric vehicle to crack the code of affordability and a 200-plus-mile range.
And traditional and non-traditional automotive companies are making substantial investments right now in autonomous driving, which promises customers greater convenience, lower cost, and improved safety.
Taken together, these interconnected trends and technologies are allowing GM and the auto industry to stretch the boundaries of what is possible for consumers. They are giving us unprecedented opportunities to develop vehicles that are more environmentally friendly than ever, as well as smarter and safer for our customers.
But while today's technology creates many new and exciting opportunities for our customers, it also creates some challenges. One of these challenges is the issue of cybersecurity. And make no mistake: cybersecurity is foundational to each of the technologies I discussed.
In addition to the rapid growth in vehicle connectivity that I already talked about, there are two additional factors contributing to the cybersecurity risks for today's auto industry.
One is content – the fact that personal data is increasingly stored in or transmitted through vehicle networks.
The other is complexity, which opens up opportunities for those who want to do harm through cyber attacks. Consider that in 2000, cars had, on average, about 1 million lines of code. The first generation Chevrolet Volt, which was introduced in late 2010, had about 10 million lines of code – which is more than an F-35 fighter jet. Today, an average car has more than 100 million lines of code, and it won't be long before it's 200 million.
Now, we all want our customers to be able to take advantage of the technology that is changing the automobile and opening up new experiences that were unimaginable when I started in this business. But we also want our customers and their data to be safe and secure while they are doing it.
Cybersecurity protects not only the physical safety of our customers, but also their privacy and their data security.
And I am quick to add that, at GM, we view cybersecurity not as area for competitive advantage, but as a systemic concern in which the auto industry's collective customers – and society at large – are best served by industry-wide collaboration and the sharing of best practices.
At GM, we recognize that the threat landscape is continually evolving, and sophisticated attacks are specifically designed to circumvent even the most robust defense systems. Whether it is phishing or spyware, malware or ransomware, the attacks are getting more and more sophisticated every day.
Not only is it important that the industry design our products with cybersecurity in mind, but also that we work together to develop capabilities to detect cyber incidents, protect against cyber attacks, and mitigate the consequences of cyber incidents when they occur.
A cyber incident is not a problem just for the automaker involved. It is a problem for every automaker around the world. It is a matter of public safety. And this is why GM strongly supports the collaborative approach championed by Secretary Foxx, Administrator Rosekind, the Alliance of Automobile Manufacturers, the Association of Global Automakers, and members of the Auto-ISAC, among others.
At GM, I have made cybersecurity a top priority.
We have established a dedicated cybersecurity organization.
We have a senior executive running our cybersecurity team whom many of you know – Jeff Massimilla – who will participate in the roundtable discussion following my remarks.
We have taken a leadership position within Auto-ISAC, with Jeff serving as vice-chairman.
And we have made a very deliberate decision to embrace the relationship with the ";white hat"; researcher community.
Earlier this year, we launched a ";coordinated disclosure program"; that puts out a welcome mat to researchers and cybersecurity experts, inviting them to identify vulnerabilities in our system.
This is an approach that Silicon Valley has practiced for years, and is very good at… but which very few companies beyond the software industry have embraced. Our program at GM is new and we are still learning best practices, but we are committed to expanding and evolving it, and working with the researcher community to improve our cybersecurity posture.
But while all of these actions are important, the single most significant commitment we have made to cybersecurity at GM is our commitment to collaborate with everyone here today to address our shared cybersecurity issues and concerns.
Yesterday, the Auto-ISAC released an Executive Summary identifying cybersecurity ";best practices"; for the auto industry, based on the Proactive Safety Principles issued by Secretary Foxx in January.
I want to applaud the efforts of Executive Director Jon Allen and the members of Auto-ISAC, all of whom put in an enormous amount of work to get us where we are today.
And I am pleased to say that GM will support and endorse all recommendations in the Executive Summary, and we commit to implementing the actions and best practices outlined in the document.
Above all, we strongly agree with the Auto-ISAC's call for a commitment to expand our collaborative efforts and work together to mitigate cyber threats that present potential risks to our customers and to society at large.
Let me also say that, at GM, we are committed to collaborating proactively with NHTSA on the shared goal of enhancing vehicle cybersecurity for everyone. NHTSA and the industry have made a concerted effort to work together throughout the development of best practices, and at GM we are committed to continuing this valuable collaboration going forward.
A very important point that I want to stress is that unlike a number of industries that have already been seriously affected by cyberattacks, the auto industry has the opportunity to address cyber concerns before we experience a serious cyber incident.
We can work together today within the auto industry to mitigate our risk, and we can learn from companies and industries that are already addressing cyber threats on a large scale. In fact, I am very pleased that we will hear this afternoon from Phebe Novakovic, Chairman and CEO of General Dynamics, about how one company in the defense industry started approaching cybersecurity years ago. I believe we can learn a lot from General Dynamics' experience that can help the auto industry get out in front of cybersecurity before we face a fielded threat.
So, I believe we have a very real opportunity to work together today, and in the months to come, to move the industry forward.
The global auto industry is changing faster today than it has in 100 years. Many facets of the traditional industry are being disrupted, and this creates exciting new opportunities to rewrite the rules of vehicle use and ownership for the benefit of our customers.
I believe it is essential that leaders from a wide cross-section of industries – from automotive to defense to aerospace – work together with government, law enforcement, academia, researchers and the cybersecurity community to develop proactive solutions to the cybersecurity challenges we all face. And I believe we have a very real opportunity to do that here today for the safety and security of our customers and of society, in general.
Cybersecurity is one of the most serious challenges we face, and we need to make it an industry priority. This summit is an example of what we need more of – all of us working together to achieve what none of us can do on our own.
Again, I want to thank Billington Cybersecurity for their role in bringing us here today… and I want to thank each of you for your commitment to being a critical part of the solution.
Let's work together to leverage our collective strengths and knowledge to protect our customers and their privacy every time they get in their car.