21st Century Business Herald reporter Guo Meiting Li Runzezi reported from Guangzhou
Since the beginning of this year, China's intelligent networked vehicles have ushered in a golden period of development.
Relevant agencies expect that the scale of the intelligent and connected vehicle industry will exceed 350 billion yuan in 2021 and reach 585.9 billion yuan by 2026. As an emerging industry ecology with deep integration of automotive, electronics, information and communication, intelligent networked vehicles have become another Internet entrance after mobile phones.
However, looking back at the development of intelligent and connected vehicles, it is always accompanied by the problem of network and data security.
In 2015, intelligent connected cars were first mentioned at the national strategic level, and their cybersecurity crisis was exposed by a hacking incident; the introduction of the General Data Protection Regulation (GDPR) put data security on the table when major car companies seized the track in 2018; even in this year, the industry boomed, the intensive issuance of regulatory documents followed.
The interviewed experts told the 21st Century Business Herald that the construction of the information security system of China's intelligent networked vehicles has roughly experienced a development stage from car product quality to personal data protection, and then to the level of national security. With the further popularization of intelligent networked vehicles, their network and data security issues will be closely related to public safety, etc., and every enterprise in the ecosystem needs to cooperate to achieve true security.
"Intelligent connected vehicles" were first mentioned from the national strategic level in 2015. The State Council issued the "Made in China 2025", proposing that "by 2025, China will establish a relatively complete independent research and development system for intelligent and networked vehicles, a production supporting system and an industrial cluster, and basically complete the transformation and upgrading of the automobile industry".
This year, the Internet of Vehicles industry has undergone years of exploration and layout, and the market size has reached 155 billion yuan. Traditional automakers such as Mercedes-Benz and BMW Ford have frequent cross-border cooperation with Internet giants such as Baidu, Alibaba and Tencent.
The car is seen as another internet portal after the mobile phone. "What we're creating is not the 'internet on the car,' but the 'car that runs on the internet.' This is an important milestone for the automotive industry. Wang Jian, chairman of Alibaba's technology committee, once said, "The intelligent operating system will become the second engine of the car, and data is the new fuel." ”
However, also in 2015, automotive cybersecurity issues sounded the first alarm bell for the fledgling industry. Two U.S. white hat hackers successfully hacked into the network system of a traveling JEEP Free light SUV and rolled over out of control, causing manufacturers to recall nearly 1.4 million vehicles sold.
"Countries recognize the importance of securing the network of connected vehicles." CCID Research Institute Zhou Qianhe told the 21st Century Business Herald reporter that the United States issued the "Automobile Safety and Privacy Law" in this context, requiring manufacturers to inform consumers of the degree of personal privacy and network security of vehicle protection, which is the earliest regulation in various countries to pay attention to the safety supervision of the on-board system. The UK then published the Key Principles of Cyber Security for Intelligent and Connected Vehicles in 2017.
Domestic car companies are also aware of the crisis. A number of industry insiders recalled to the 21st Century Business Herald reporter that at that time, car companies had begun to form intelligent and connected car information security teams, build protective systems and products, or cooperate with relevant personnel and companies to reward vulnerability clue finders. Neusoft Group, Wuyi Security and other technology companies have taken this opportunity to get involved in the field of automotive network information security.
Chen Jingxiang, deputy general manager of the network security division of Neusoft Group, believes that the data security awareness of the automotive industry around 2015 is still in its infancy, And Western countries such as Europe and the United States have begun to introduce relevant laws and regulations, and some domestic car companies and practitioners have also proposed the concept of data security storage to prevent the leakage of data on the car end, at this time, a complete data security system has not yet been formed, especially for the protection of personal sensitive information and data.
"Let the bullets fly first." He Shanshan, executive director of ICMA Zhilian Travel Research Institute, described this stage, the national policy level is still more concerned about promoting technology development and popularization, and the relevant documents only generally mention the network and data security issues of intelligent networked vehicles, and do not regulate too much.
When did practitioners really start to value the security of automotive data?
At that time, benefiting from the macro policy drive and the improvement of infrastructure, the scale of the Internet of Vehicles market was in a period of rapid growth. The data shows that by 2018, the penetration rate of new models of intelligent network connection reached 31.1%, an increase of nearly 5 times compared with 2016, and the penetration rate of new models of Chinese brand intelligent network reached 35.3%, an increase of 15 times compared with 2016.
Whether it is multinational car companies, domestic mainstream car companies, or new car-making forces, there are models equipped with the latest research and development of intelligent network technology achievements, and the limelight is booming.
However, there is still a potential crisis. Public data shows that among the 14 information security incidents of intelligent and connected vehicles with a large impact in 2018, there were 5 data breaches. One of the data breaches exposed car companies' secrets, along with 157 gigabytes of customer privacy.
At the same time, in May 2018, the European Union's General Data Protection Regulation (GDPR) was introduced, and personal data was protected to a high standard, and violations of the law were severely punished.
Connected cars involve a large amount of personal data collection. Some insiders pointed out that an autonomous driving test vehicle can generate up to 10TB of data per day, including video, images, coordinates, etc., which will undoubtedly become one of the objects of GDPR regulations.
As a result, following cybersecurity, the public began to pay attention to vehicle data security. In the view of Li Haowen, a security expert on the Internet of Vehicles, the early car network cracking incident made the public pay attention to the safety of people in the car and the negative public opinion of the brand of the car company, and the 2016 Cybersecurity Law only partially mentioned data cross-border and data security issues. Subsequently, the network security graded protection system 2.0 standard was released, and the GDPR has been officially introduced, practitioners began to think about whether the data of the Internet of Vehicles networking is within the requirements of the Cybersecurity Law, the Cyber Security Graded Protection System 2.0 standard or the GDPR.
He Xiaopeng, chairman of Xiaopeng Motors, publicly stated in 2018, "When automobile companies change from simple manufacturers and sellers to operator roles, they inevitably become data producers and service providers, at this time, data security will become the top priority." ”
In order to regulate the development of the industry, the state began to accelerate the revision of laws and regulations related to the information security of intelligent and connected vehicles. A series of documents such as the "Guidelines for the Construction of the National Vehicle Networking Industry Standard System (General Requirements)" were issued, all of which mentioned the construction of network and data or information security standards.
By 2020, the National Development and Reform Commission and 11 other ministries and commissions will jointly issue the "Intelligent Vehicle Innovation Development Strategy", which clearly requires the establishment of a safety management mechanism covering the entire life cycle of intelligent vehicle data; the "New Energy Vehicle Industry Development Plan (2021-2035)" issued by the General Office of the State Council proposes to strengthen data classification and classification and compliance application.
"2021 is the first year of data security for intelligent and connected vehicles." A number of interviewed experts said unanimously.
Internationally, the first binding international unified technical specification in the field of automotive information security, "WP29 Automotive Information Security and Information Security Management System" (UN/WP.29 R155), came into effect on January 1; in March, the European Data Protection Commission adopted the "Guidelines for the Protection of Personal Data of the Internet of Vehicles", which explained the privacy protection, data risks and countermeasures in different scenarios of the Internet of Vehicles; in August, the first international standard in the field of vehicle information security ISO/SAE 21434 "Road" vehicles — Cybersecurity Engineering" was officially released.
In China, with the implementation of the Data Security Law and the Personal Information Protection Law, the supervision of the field of intelligent and connected vehicles has ushered in a big outbreak. "Automotive data security has risen to a national strategy, and the top-level design of ioV security has been continuously improved." Chen Jingxiang told the 21st Century Business Herald reporter.
In April this year, some car owners claimed that "Tesla brake failure" rights protection caused concern. In addition to the dispute over the responsibility of the accident, this matter also made part of the public's attention focus on driving data and personal privacy, and became a catalyst for accelerating the supervision of intelligent car data safety.
According to the incomplete statistics of the 21st Century Business Herald reporter, nearly 20 policy documents involving the information security of intelligent and connected vehicles were released or introduced at the national level in 2021. According to industry insiders, in the intensively issued documents, the "Opinions on Strengthening the Management of Access to Intelligent and Connected Vehicle Manufacturers and Products" (hereinafter referred to as the "Opinions") and the "Several Provisions on the Security Management of Automobile Data Security (Trial)" (hereinafter referred to as the "Provisions") have a greater impact on the industry.
In August this year, the "Opinions" were officially promulgated, proposing to "strengthen data and network security management", clarifying a number of requirements such as data classification and grading, domestic storage of important data, and improvement of network security assurance technology.
Luo Chenggang, director of the Information Security Department of the National Intelligent Connected Vehicle Innovation Center, stressed that compared with other similar documents, the "Opinions" are most closely related to the interests of car companies. It starts from the most fundamental link, once the car company can not meet the requirements, it will not be able to apply for access product announcements, licenses and sales.
Li Haowen has a similar view, "The signal sent by the Opinions to the outside world is that if the vehicle does not do data and network security, it may not even be able to obtain production qualifications." ”
Another blockbuster document, the Provisions, was also released by the Cyberspace Administration of China and five other departments in August.
"This is an extremely important node, and the compliance framework for China's automotive data security has been initially established." Chen Jingxiang analyzed that the "Provisions" for the first time clearly defined the "automotive data processor" and "important data" types, put forward 4 recommended data processing principles, clarified the obligations of data processors, and formulated cross-border data transmission rules.
The Provisions also implement an annual reporting system, requiring automotive data processors to proactively report annual automotive data security management on time, which means that the state has taken an important step towards strengthening supervision and managing systems.
In addition, cross-border auto data has become another hot topic this year. From July to December, travel giant Didi's bumpy road to listing won the public's attention: the next day it went to the United States, it was launched as a national cybersecurity review, and only five months later it was delisted from the New York Stock Exchange and started preparations for listing in Hong Kong.
The Didi incident reflects the huge security risks and challenges posed by cross-border data flows. Intelligent networked vehicles that also have a large amount of user privacy data and are related to critical information infrastructure are affecting the nerves of national information security. This has been emphasized in documents issued this year, for example, the Provisions emphasize the scope of important data and geographic information security in addition to personal information. "This is a system unique to China, and it is closely related to the overall public security, social security, national security and economic security behind it." He Shanshan said.
Luo Chenggang concluded, "The information security system of intelligent and connected vehicles has basically experienced several stages from car product quality to personal data protection, and then rose to the level of national security. ”
China's intelligent networked automobile industry has ushered in a golden period of development.
The scale of the intelligent networked vehicle industry will continue to expand, and relevant institutions are expected to exceed 350 billion yuan in 2021 and 585.9 billion yuan by 2026.
"However, for intelligent and connected vehicles, at least in the field of data security, regulation is still in its infancy." Li Haowen told the 21st Century Business Herald reporter.
On June 21, the "Guidelines for the Construction of the Network of Vehicles (Intelligent connected Vehicle) Network Security Standard System" solicited opinions, proposing to complete the formulation and revision of more than 50 key and urgently needed security standards by the end of 2023, including data security standards; by 2025, more than 100 key standards will be completed. Subsequently, on August 25, the Ministry of Industry and Information Technology said that it would speed up the release of the "Guidelines for the Construction of the Networking Network Security Standard System" (hereinafter referred to as the "Construction Guidelines").
The importance of the "Construction Guide" lies in the systematization of the safety standards for intelligent and connected vehicles. In the past, the standard of intelligent networked vehicles was fragmented in the form of fragmentation, which made provisions for TBox, gateway, vehicle machine, charging pile, etc., and the "Construction Guide" divided the existing and future standards into infrastructure, communications, data, terminals and other categories into a standard system, setting an overall goal.
"It's like building a house, which used to be just a separate wall and a door, but now it has the framework of the whole house, the planning is more comprehensive, the structure is more reasonable, and the boundaries are clearer." Luo Chenggang said.
Chen Jingxiang also said that under the guidance of the "Construction Guide", many national standards committees and industry organizations have actively carried out research and development of the common foundation, key technologies and standards urgently needed by the industry industry for intelligent and connected vehicles, and have achieved phased results in the development of network security standards for the Internet of Vehicles.
The other end of the regulated industry is to promote development. From the perspective of vehicle to everything (vehicle to everything), He Shanshan talked about the "Construction Guide" to promote the solution of data security problems after information exchange. "Only by forming a standard system can we realize the interconnection of vehicles and vehicles, vehicles and roadside facilities, and vehicles and the surrounding environment."
In the future, how should China further improve the network and data security system of intelligent networked vehicles?
He Shanshan believes that in the future, we should further refine the existing regulations, form a landing and operable model in practice, and promote the experience after a period of time to promote or summarize the new standard.
"From the perspective of actual development, there is a certain gap between the current legal standard system and other regions in the United States and Europe, which cannot fully meet the needs of industrial development, and still needs to be strengthened from the aspects of formulating standard guidelines, establishing an evaluation system, and setting up a supervision mechanism." Chen Jingxiang said.
Luo Chenggang proposed that the classification and grading of automobile data need to be considered and paid attention to first. The amount of data generated by intelligent networked vehicles is huge, if the data is not classified and graded in advance, but in accordance with the unified standard for security protection, one will cause a lot of waste of resources, and the other may lead to some important data protection measures are not strong enough, and some non-important data are over-protected.
"The safety of intelligent networked vehicles is a comprehensive and complex system, in addition to information security, it also involves functional safety, expected functional safety, etc. In the future, they will interact and be closely integrated, so the issue should be viewed holistically rather than in a divisible manner. At the same time, in order to establish a truly intelligent and connected vehicle safety system, it is meaningless to do a good job in one or two enterprises alone, and the entire ecological cooperation is required to jointly achieve true safety. Luo Chenggang said.
For more information, please download the 21 Finance APP
![Barca withdrew from the battle for AC Milan midfielder Casey, and the players have still not yet determined the next home for the new season. Ivorian international Casey's contract with the Rossoneri is less than half a year away before it expires if doubled[fig]](data:image/gif;base64,R0lGODlhAQABAIAAAP///wAAACwAAAAAAQABAAACAkQBADs=)