Volvo Cars expansion ambitions dealt serious data security blow

Volvo Cars recently announced a joint research and development (R&D) center with Swedish battery developer Northvolt, as part of a 30 billion investment in battery development and manufacturing. Pegged to be operational in 2022, the R&D center will create several hundred jobs and will position Volvo as one of the few automotive brands to make battery cell development and production part of its end-to-end engineering capabilities.

The establishment of the R&D center will be followed by the construction of a new manufacturing plant in Europe. The plant will produce next-generation state-of-the-art battery cells, specifically developed for use in next-generation pure electric Volvo and Polestar cars. It will have a potential annual capacity of up to 50-gigawatt hours (GWh), which would supply batteries for approximately half a million cars per year. It will start construction in 2023, with large-scale production moving aheadin 2026.

Interestingly, things quickly took a turn from the announcement for the car manufacturer. Despite its reputation as a producer of one of the safest automobiles on the planet, Volvo Cars has reported a security breach at the company’s research and development (R&D) property.

According to a statement from Volvo Cars, one of its file repositories has been illegally accessed by a third party. The car company also stated that investigations confirm that a limited amount of the company’s R&D property has been stolen during the intrusion. Based on information available, Volvo also said that there may be an impact on the company’s operation.

“After detecting the unauthorized access, the company immediately implemented security countermeasures including steps to prevent further access to its property and notified relevant authorities,” the statement said.

Volvo also said they are conducting their own investigation and are working with a third-party specialist to investigate the property theft. The company added that with currently available information, the security breach has not had an impact on the safety or security of its customers’ cars or their personal data.

To understand more about the security breach at Volvo, TechHQ caught up with Chris Clark, Senior Manager at Synopsys Software Integrity Group to get his views.

Clark pointed out that automotive manufacturers go to great lengths to keep next model year vehicles from prying eyes and the same is true for data, especially R&D data. This is why, for companies like Volvo, protecting key assets like research data is especially critical in a high-intensity sector like the automotive market.

“Manufacturers must continue to look at how they treat, store, and share data to protect these assets. After all, the software is at the core of innovation, and the recent wave of ransomware and supply chain attacks have demonstrated that compromised software can have a devastating impact on an organization. This reaches past the traditional IT protection methods like penetration testing, silicon, and software life cycle management systems. Developers and their peers in the testing teams must be aware of their role in protecting software and data,” explained Clark.

For Clark, the risk does not end when the hole is plugged though. Potential threat actors may gain some insight based on the data that was released. For this reason, he believes automotive manufacturers must examine the technologies that rely on this data.

With that said, R&D for car manufacturers are seemingly potential targets for cybercriminals in the future, especially with the technology with electric cars and batteries being highly in demand. For Volvo, the R&D security breach is surely a serious matter for them as part of their partnership with Northvolt secures the European battery cell needs that are part of their ambitious electrification plans.

Volvo aims to sell 50% pure electric cars by the middle of this decade, and by 2030 it aims to sell only fully electric cars.