I’m thrilled to sit down with Malik Haidar, a seasoned cybersecurity expert with a wealth of experience in safeguarding multinational corporations from digital threats and hackers. With a background rooted in analytics, intelligence, and security, Malik brings a unique perspective by blending business strategy with cutting-edge cybersecurity practices. In this interview, we dive into the evolving landscape of automotive cybersecurity, exploring how industry collaboration drives innovation, the challenges of securing software and AI in vehicles, and the importance of partnerships in building a safer connected future for the automotive sector.
How did you first become involved in automotive cybersecurity, and what drew you to this field?
My journey into automotive cybersecurity started when I noticed the rapid shift toward connected vehicles and software-defined systems. I was working on broader enterprise security for large corporations, and it became clear that the automotive industry was facing unique challenges with the integration of complex software and AI. What drew me in was the critical nature of the work—vehicles aren’t just products; they’re tied to human safety. The opportunity to protect something so integral to daily life while tackling sophisticated cyber threats was incredibly compelling.
Can you explain the role of collaborative organizations in advancing vehicle cybersecurity, and why this teamwork is so vital?
Collaborative organizations play a pivotal role by creating a space where industry players can share intelligence, best practices, and resources to combat cyber threats. The automotive ecosystem is vast, involving manufacturers, suppliers, and tech providers, and no single entity can tackle these challenges alone. Teamwork is vital because threats evolve rapidly—hackers don’t target just one company; they exploit vulnerabilities across the supply chain. By pooling knowledge and insights, we can anticipate risks, develop stronger defenses, and ensure that even smaller players have access to cutting-edge solutions.
What are some of the biggest cybersecurity challenges facing the automotive industry today, especially with the rise of software-defined vehicles?
One of the biggest challenges is the sheer complexity of software-defined vehicles. Modern cars are essentially rolling data centers, with millions of lines of code and intricate AI systems controlling everything from braking to infotainment. This creates countless entry points for attackers. Additionally, securing the software supply chain is a massive hurdle—components come from multiple vendors, and a single vulnerability in third-party code can compromise an entire vehicle. Regulatory compliance adds another layer of difficulty, as automakers must meet stringent global standards while innovating at breakneck speed.
How do partnerships between cybersecurity firms and automotive companies help address the complexities of global regulations and standards?
Partnerships are crucial for navigating the regulatory maze. Cybersecurity firms often specialize in understanding and implementing standards like UNECE R155 or ISO/SAE 21434, which can be overwhelming for automakers focused on design and production. These collaborations bring in expertise to ensure compliance without slowing down innovation. For instance, partners can automate processes like creating a Software Bill of Materials, which is essential for tracking components and vulnerabilities. They also provide tailored solutions that align with both regulatory demands and the specific needs of a manufacturer, creating a win-win scenario.
In your experience, how significant is the role of AI and software supply chain security in the future of vehicle safety and performance?
AI and software supply chain security are absolutely central to the future of vehicle safety and performance. AI powers critical systems like autonomous driving and predictive maintenance, but if those algorithms or their dependencies are compromised, the consequences could be catastrophic. Similarly, the supply chain is a weak link—most vehicles rely on open-source or third-party software, and a single flaw can ripple through the entire system. Securing these elements isn’t just about preventing hacks; it’s about ensuring trust in the technology that drivers rely on every day. I believe this focus will only grow as vehicles become more connected and autonomous.
What strategies or tools do you think are most effective in detecting and managing vulnerabilities across the automotive software ecosystem?
Effective strategies start with visibility—knowing exactly what software and components are in your system through tools like automated Software Bill of Materials workflows. Beyond that, continuous monitoring and threat intelligence are key. Tools that scan for vulnerabilities in real-time, especially in open-source code or AI models, can catch issues before they’re exploited. I’ve also seen great success with layered security approaches, where you combine secure development practices with runtime protections like secure gateways in vehicles. It’s about building resilience at every stage, from design to deployment, and being proactive rather than reactive.
How do you see the balance between fostering innovation and maintaining robust cybersecurity in the automotive industry?
Striking that balance is tricky but essential. Innovation often means pushing boundaries—think rapid deployment of new features or over-the-air updates—but cybersecurity requires caution and thorough vetting. The key is integrating security into the innovation process from the start, rather than treating it as an afterthought. This means embedding secure coding practices in development, involving cybersecurity experts early in design phases, and fostering a culture where safety and security are seen as enablers of innovation, not barriers. It’s a mindset shift, but one that pays off in trust and reliability.
What is your forecast for the future of automotive cybersecurity over the next decade?
I believe the next decade will see automotive cybersecurity become even more intertwined with vehicle functionality and consumer trust. As vehicles grow more autonomous and connected, the attack surface will expand, and we’ll likely see more sophisticated, state-sponsored threats alongside traditional hacking attempts. On the positive side, I expect advancements in AI-driven threat detection and blockchain for supply chain security to become mainstream. Collaboration will deepen, with more standardized frameworks for sharing threat intelligence globally. Ultimately, cybersecurity will be a defining factor in how the industry evolves, shaping everything from regulation to customer expectations.
