Last May, the US Department of Justice formally charged a man named Weibo Wang with stealing secrets for the benefit of the Chinese government.
This was hardly a Cold War-reminiscent espionage scenario, however. Wang was not arrested for lifting nuclear missile launch codes, selling plans to secret underground levels of the White House, or anything like that. Instead, he was charged with stealing, among other items, reams of code for self-driving software being developed by Apple (a project heavily rumored for years, although the company has never admitted its existence). James Bond, this was not.
Wang’s misadventure wasn’t the first instance of an insider attempting to lift proprietary intellectual property for advanced automotive systems and it won’t be the last. There is too much at stake in this game, and the rewards are tempting for the parties who might get away with it and those parties are legion. “The threat of spying in the connected car space is very real, with risks from both foreign governments and rival companies seeking a competitive advantage,” said Josh Amishav, founder and technical director of cyber-security company Breachsense.
Having an edge in the technology of the future can be a near-unbeatable advantage and not only for your favorite automaker or assisted-driving solutions provider. Modernization of the auto industry is critical in countries like Wang’s alleged client, China. Becoming a global force in next-generation auto design and technology would achieve several goals for the massive Asian country. For one, it would make it a powerhouse, for the first time, in an economic sector full of expensive, highly exportable goods. It would also greatly reduce the nation’s still-heavy dependence on foreign automakers.
Finally, by effectively harnessing non-ICE technologies it could put a real dent in pollution, which is still a thorny problem in many of its regions and cities. So, China could stand to gain – or not lose, depending on your point of view – the equivalent of billions of dollars if it gets an edge in advanced car tech. We could say the same for other ambitious countries with effective spying apparatuses at their disposal.
Another reason connected-car advancements are juicy targets for theft is their sheer cost. The more sophisticated such technologies become, the more capital-intensive they are to devise and build. For example, leading ADAS and autonomous solutions specialist Mobileye spent $235M on net research and development expenses in its most recently-reported quarter. That was far and away its top cost, dwarfing the $33M of the number two, sales and marketing. The $235M also ate up more than half of the $458M in revenue Mobileye collected for that period.
Therefore, Kenneth Mendelson, senior managing director at tech consultancy and investigative firm Guidepost Solutions, said: “Connected vehicle intellectual property is expensive to develop and is generally cheaper to steal than to create, making it a lucrative focus for corporate espionage.” Compounding the problem, there are ways a thieving entity can hide the fact that it’s stolen the technology it is using for its latest whiz-bang app or product. “Even if a manufacturer does not actually use stolen technology in its own products, having such unauthorized access to the intellectual property of others can reduce the time and cost associated with developing their own technology, providing a significant competitive advantage,” Mendelson said.
As long as there has been competition in the auto industry, tech pilfering has been a problem. This only intensified with the dawn of the next-generation era; Mendelson cited the bruising (not to mention expensive) recent legal fights between Google’s Waymo and Uber, and Tesla vs. Rivian, on such matters. Those are only two of numerous examples.
Fortunately, since advanced intellectual property has been a high-value prize in the auto world since nearly its inception, those in the business have evolved means to combat it. Close facility and employee monitoring might strike some as obtrusive but, again, the stakes are high here and people involved in the work understand the need for tighter-than-average security.
Those with tech to protect are also well-advised to take a page from the playbook of digital security specialists, since after all a great deal of spying these days is done through vulnerabilities in computer networks and websites. Amishav advises: “To keep your secrets secure, implement strong cybersecurity measures, like secure coding practices, regular security audits and ongoing visibility into your employees and suppliers’ breached data (especially credentials). In addition, strict access controls, multi-factor authentication and employee education are crucial to prevent internal breaches.”
Top-level organizational awareness of the need for such measures is also critical, said Mendelson. He said: “Protecting intellectual property must be viewed by boards of directors and senior management as the enterprise risk that it is. ‘Tone from the top’ is essential. Messaging must be accompanied by sufficient financial and human resources to design, develop and maintain a robust information security program that is based on an assessment of the actual risks facing the organization.”
