“Device security is really about beating things up with lasers, power, and electromagnetic field analysis, redundancies and tampering—working to verify statements that you would never think about even bothering to make,” he said. “And this is on a larger scale, such as with passports and bank cards.”While Thorpe is optimistic that NXP and other stakeholders will be able provide sound connected car security on devices and on the network, he’s more worried about what happens in between. “There’s a lot of focus on securing the data at rest and in flight; the data at rest is your device security and the data in flight is your network security. But there’s a second-order data, a metadata, which is completely independent.”He pointed out that in a post-Snowden world, entities securing the data may have other motives. “As governments and multinational corporations all sort of vie for cybersecurity of smart cities and connected cars, there’s going to be an issue of confidence,” Thorpe said. “There’s the risk of the wolves looking after the hens.”