On June 19, 2025, at the 4th China Internet of Vehicles Security Conference, Zhang Zhiqiang, Head of Global Information Security & DPO/Head of Network Security Department of Ouhui New Energy/Tencent Cloud TVP Industry Ambassador/TWT Architect, judge Zhang Zhiqiang, pointed out,Intelligent networkingAutomotive network security faces multiple challenges, including security compliance, vulnerability control challenges caused by the surge in software code, and new attack paths brought about by user privacy protection and the popularization of Internet of Vehicles technology.
Zhang Zhiqiang emphasized that the network security protection of intelligent networked vehicles needs to integrate the automotive security protection system and the overall security architecture of the enterprise, and follow the international and domestic dual standard systems, especially the R155/R156 international regulations. He pointed out that Beiqi Foton deploys multi-dimensional security measures around the vehicle life cycle, builds an information security system architecture, increases security investment, and introduces new technologies to carry out functional testing services. At the same time, Beiqi Foton has fully implemented the field of intelligent security operations, using AI technology to improve the efficiency of security incident handling, integrating the group’s security data to provide support for business areas, and strictly complying with local laws and regulations in overseas business, building a global security network to ensure data security and compliance operations.
Zhang Zhiqiang | Beiqi Foton Global Information Security Leader &DPO/Ou HuiNew energyHead of Network Security Department/Tencent Cloud TVP Industry Ambassador/TWT Architect Judge
The following is a summary of the speech:
Challenges in Connected Vehicle Cybersecurity (Vehicle + Enterprise + Compliance)
The assisted driving level ranges from L0 to L5, and the risk trend faced by the vehicle shows multi-dimensional characteristics. The primary challenge is security and compliance. In addition, software-defined vehicles have become a core development trend in the field of intelligent networking, which is manifested in the exponential growth of automotive software code. The amount of code for the traditional Windows operating system is about 50 million lines, and the amount of code for fighter jet systems is in the range of 8 million to 10 million, while the current amount of code for smart cars has exceeded 100 million lines. When the assisted driving technology reaches the L5 level, the amount of system code is expected to reach 1 billion lines or more. This leapfrog growth in code scale poses a serious challenge to security personnel to carry out code detection work, and how to effectively control the software vulnerability rate has become a key problem that needs to be solved urgently.
Source: Speaker material
As an important carrier of people’s daily travel, automobiles have become the second private field after family space. In the car, users can freely plan their trips, such as driving to a meeting place or restaurant, and their driving trajectory is closely related to personal privacy, and users expect such information to be strictly protected. In addition, the deep interconnection of the in-vehicle system with the user’s mobile phone, such as the synchronization of address book data, further highlights the importance of privacy protection.
With the popularization of Internet of Vehicles technology, network security threats have broken through traditional boundaries. Attackers are no longer limited to infiltrating servers or other network nodes through computer systems, but may directly use the on-board system as an attack entry point to launch attacks on the back-end computing center and even the entire network architecture. This new attack path puts forward higher requirements for the existing security protection system.
At the level of technical architecture, the industry is accelerating its transformation to intelligence, and many enterprises have begun to deploy privatized AI computing centers to support the research and development and application of cutting-edge technologies such as autonomous driving. However, manufacturing enterprises are facing the dilemma of shortage of security talents in the process of promoting intelligence. Due to the scarcity of professionals in the field of security, the cost of recruitment remains high. For automobile manufacturers, such labor costs often exceed their budgets and become a key factor restricting safety capacity building.
There are significant differences between the field of vehicle security and enterprise information security, and small vulnerabilities can cause big harm. Abnormal situations in vehicle safety cannot be ignored, such as brake system failure caused by abnormal display screens, which may directly lead to major risks such as brake failure; In addition, the failure of the vehicle unlocking function also poses a safety hazard.
Regarding the network security protection of Beiqi Foton, we regularly submit special reports to the management every month. From 2014 to 2024, the Beiqi Foton network system has intercepted a total of 376 million cyber attacks. Among them, the number of attacks in a single month in April 2024 was as high as 134 million, with an average of about 23 million attacks per month. Although this data may be relatively low in the Internet industry, it is already a serious challenge for traditional automobile manufacturers. It is worth noting that the number of cybersecurity attacks showed a significant growth trend during major national events. In view of the upcoming network protection action in July and major national activities in August and September, Beiqi Foton has launched special preparations for network security protection, and made every effort to ensure the safe and stable operation of the company’s network system by strengthening technical protection and improving emergency plans.
Source: Speaker material
Ideas for network security protection of intelligent networked vehicles
In view of the current security risks, we have established the following ideas in the construction process of connected vehicles. First, the automotive safety protection system is deeply integrated with the overall security architecture of the enterprise. In the framework of connected vehicle construction, we first follow the international and domestic dual standard system, which is based on the requirements of the national standard, and focuses on the R155/R156 international regulations. In the global market layout, we not only strictly follow Chinese national standards, but also systematically study and integrate the safety regulations of major countries around the world, especially paying special attention to the strictest provisions in national regulations.
At the technical implementation level, we comprehensively benchmark the core requirements of the regulations on basic vehicle safety performance, external interface management, communication protocol specifications, OTA mechanisms, and data life cycle security to ensure that the product development process complies with international safety standards.
Source: Speaker material
In cybersecurity risk assessment and management, TARA is a critical process that must be performed. Whether implemented manually or with automated tools, the TARA methodology covers seven core stages throughout the entire lifecycle from asset identification to risk disposal. Although different enterprises may choose to convert some manual processes into automation to improve efficiency based on their own technical capabilities and resource conditions, the TARA methodology has always been a standard practice framework commonly followed in the risk identification process.
In project practice, we often use the V-shaped model to work based on actual needs. It should be noted that the traditional V-shaped model follows a waterfall development model, which has the problem of inefficiency. We adapt and fine-tune it to fit the company’s agile development mechanism.
Source: Speaker material
As we move the security left, we extend it not only to the development process, but also to the operational phase. In the process of development and operational safety, relevant rules and safety anchors are implanted to ensure that the system meets the requirements of the specification during the development stage and effectively reduces the probability of security risks and problems in the operation stage.
Solution sharing
The following diagram shows a schematic of our security architecture. We deploy security measures from multiple dimensions around the vehicle life cycle, covering the industrial control security of the vehicle production link, the safety protection of the vehicle itself, the IT security supported by the upper application and the platform security, and at the same time combine the assistance of relevant management systems and the adaptation requirements of laws and regulations to comprehensively promote safety work.
Source: Speaker material
By technically decomposing the security architecture diagram, we construct an information security architecture with four main dimensions, namely operation, technology, management system and governance modules. At present, Beiqi Foton’s safety operation and safety construction work revolve around this architecture.
This year, we will continue to increase our investment in safety. In this process, we will introduce new technical means to carry out functional testing services. In addition, a national attack team will be invited to conduct targeted attack tests on Futian and carry out repair work based on its output report to further improve the level of security protection.
Source: Speaker material
At present, many car companies follow the path of starting from regulatory requirements, deriving technical requirements, and then formulating implementation plans. This is because safety investment needs to be moderate, and the core purpose of our safety work is not simply to pursue safety itself, but to ensure the safety of vehicles and drivers, while meeting the basic requirements of laws and regulations. For example, many companies have begun to prepare for the requirements of relevant regulations such as 4495 and 4496, which is not the subjective will of the enterprise, but an inevitable measure driven by regulations. Based on this, we have formulated a corresponding implementation strategy.
In the field of Internet of Vehicles and intelligent networking, we have drawn relevant architecture diagrams. As a vehicle company, we have an important responsibility to make full use of the elements in the architecture diagram to ensure vehicle safety, not just considering the basic operating profit of the enterprise. We always adhere to the customer-centric concept and are committed to providing customers with high-quality vehicle solutions.
Source: Speaker material
The relevant architecture system covers laws and regulations, industry standards and norms, as well as network security, cloud security, and vehicle security. As far as satellite navigation systems are concerned, in China, GPS and Beidou systems are widely used; In Europe, the Galileo system is mainly used, Russia uses the Gronass system, and India and Japan have local small satellite systems. When you use your phone, you will find that there is a special communication type in the phone settings that shows the types of communication it supports, and if you look closely, you may find that there are other related protocols besides GPS.
In the construction plan of the Internet of Vehicles, the project of safety components is also included. If security components are provided by different vendors, multiple island platforms will be formed, which will not only make it difficult to coordinate between each platform, but also difficult to control the cost of adding functions or optimizing them in the later stage. In response to this problem, we deeply integrated the R&D system with security components to build a unified and comprehensive platform.
Source: Speaker material
In the field of intelligent and safe operation, we have achieved full implementation. In terms of security operations, from the early human-computer dialogue assistance mode to the support of RAG applications, to the current AI agent applications, it has been successfully implemented in Futian. This year, we introduced Depseek technology. On the underlying technical architecture, we deployed 7 large models to handle security events. In view of the limited processing capacity of a single model and the wide variety of security event types, the use of multi-model collaborative processing can effectively improve the processing efficiency and effectiveness. At present, our information security department generates about 98,000 alarm messages every day. The closed-loop processing of these alarm information is mainly completed automatically by the agent, and the disposal results are synchronized to the mobile phones of relevant personnel.
At present, our overall operation revolves around the three major screens of enterprise ESOC, industrial control OSOC and vehicle VSOC, and its underlying technical architecture is built based on AI methods.
In the early days, we used simple GPT technology to assist in security operations, deduplication and noise reduction of security events, accurately extract real events, and realize automatic identification, analysis and disposal.
With the development of technology, large models present various types such as large models, small models, generative and non-generative. In our security system, both generative and non-generative models are applied. The system is equipped with more than 2,000 sets of machines and more than 200 sets of systems, and if the machine is manually checked one by one whether antivirus software is installed, the workload is huge and inefficient. With the help of AI technology, you can quickly capture relevant information by simply issuing instructions. In addition, the technology can also retrieve popular vulnerability information on the Internet, analyze recent security alert trends, and generate corresponding reports.
We have 16 factories in the country. At Changsha Super Truck Factory, we have introduced advanced technologies such as 5G, AI, AR, VR, etc. With the help of AI technology, we have achieved intelligent monitoring of more than 10 scenarios, such as speeding, not wearing seat belts, entering the factory without wearing work clothes, not wearing a work hat, smoking illegally, etc. Once the system detects such violations, it will immediately issue an alarm and accurately send the alert information to the relevant security personnel or security and environmental protection personnel, and locate the specific violator.
Traditionally, the security sector is often seen as a purely input sector. However, in the context of digital transformation, we believe that security has a lot of value as not only a responsibility to ensure security. We integrate and analyze security data across the Group to support multiple business areas.
For example, personnel stability. We make relevant data available to HR, especially for key personnel. When the system identifies that there are headhunters contacting key personnel, or that they have the intention to change jobs, it will generate a report and feedback it to the human resources department so that appeasement measures can be taken in a timely manner.
Source: Speaker material
The second is power cost control. At present, many enterprises are actively promoting cost reduction and efficiency improvement, and our company is no exception. In daily operations, we found that there were cases where employees left work after 10 o’clock but the computers were not turned off, resulting in power waste. To this end, we monitor through the system, once it is found that the computer is still on after 10 o’clock, the system will automatically pop up a prompt box to inform the user that it will automatically shut down after 60 seconds. Through this initiative, we can save a lot of electricity bills every month.
The third is evidence investigation and traceability. We have the ability to trace back and trace the leakage of core information such as code leaks, important document leaks, and meeting minutes that may occur within the company, such as sensitive content related to company strategy that is leaked shortly after the meeting. Even if the information is leaked in special scenarios such as airplanes, we can trace the source through technical means to ensure the company’s information security.
Fourth, personnel behavior analysis. In enterprise management, many companies are promoting personnel optimization. However, the optimizer needs to have sufficient evidence and cannot do it arbitrarily. For example, to optimize an employee, you need to provide tangible evidence. We provide this relevant evidence to the relevant departments to provide detailed information about the specific behavior of employees during working hours.
This shows that the work that can be carried out in the field of security is rich and diverse. The above are only 4 typical scenarios, but in fact, we have implemented more than 10 applications in similar scenarios. When we aggregate and integrate various types of security data, the value it generates in different business areas is immeasurable.
In terms of overseas business, enterprises generally face many difficulties. So, how should enterprises carry out overseas work? The primary task of going overseas is legal interpretation, which is also the most expensive link for many enterprises in the process of going overseas. Domestic laws usually set bottom line requirements, and enterprises can meet the standards if they meet a certain percentage; However, foreign laws, especially in the EU, have ex post facto accountability mechanisms. Therefore, many companies invest a lot of energy in compliance before going overseas.
After successfully going overseas, we are committed to building a global security network and subdividing it into four parts: overseas factory construction, overseas factory operation and maintenance, product selection and the formulation of overseas operation and maintenance personnel capability standards.
In terms of overseas factory construction, our idea is to adopt an asset-light model as much as possible. The subscription model is adopted for services that can be obtained through subscription, and the equipment that can be leased is selected to reduce the purchase of fixed assets as much as possible.
In terms of data security and cross-border data management, enterprises need to strictly comply with local laws and regulations. At present, we adopt a “one country, one policy” policy framework. For example, in countries and regions such as the European Union, Saudi Arabia, and Vietnam, data cannot be transferred across borders. To this end, we set up local institutions or data centers, or rent local vendor resources, and the local operation team is responsible for the relevant operations.
In the process of going overseas, enterprises need to design effective data security protection mechanisms. There are four main models of going to sea. The first is the product export model, where enterprises produce products in China and sell them to overseas markets; the second is the cross-border M&A model, in which enterprises acquire local brands or assets through overseas mergers and acquisitions and achieve global operations; The third is the overseas factory construction model, where enterprises set up production bases overseas to radiate the surrounding regional markets, and the investment scale of this model is large, and it is necessary to focus on solving data compliance issues to ensure that sensitive data does not leave the country. Fourth, the Internet service model, Internet companies provide global services through cross-border networks.
As a manufacturing enterprise, we choose the third model. Due to the asset-intensive nature of manufacturing, data localization requirements need to be strictly adhered to, but not all data is prohibited from leaving the country, and it needs to be enforced in conjunction with local laws. For example, Saudi Arabia has a special requirement that companies hire a certain percentage of Saudi employees when setting up a company locally, which may not be explicitly written into legal documents, but is a necessary condition for actual implementation.
In terms of overseas O&M, we adopt a centralized O&M model. Although the company’s business systems are located all over the world, the main systems are located in Beijing, China. All security equipment is interconnected and docked through the company’s internal network, and all security incidents are connected to the AI operation platform for analysis and handling.
In product selection, it is necessary to strictly follow the compliance requirements of the target market. For example, in the EU market, products must comply with CE certification standards, and products that do not meet the requirements must not be put into the market, otherwise they will face high compliance risks.
Capacity building for overseas O&M personnel is also crucial. We adopt the “Sunflower” operation and maintenance model to ensure 24×7 hours of uninterrupted operation and maintenance services. At the same time, we pay attention to the language proficiency training of O&M personnel to improve the efficiency and quality of overseas O&M work.
In the future, we will continue to deepen the application of safety GPT technology, integrate more AI engines to strengthen the capabilities of OSOC and VSOC, and strive to achieve a leap in the capabilities of assisted driving in these two operation centers. In the three core areas of data security, application security, and code security, we will increase investment and innovation. Last year, we implemented full AI auditing of Java language code, which significantly saved human resources. At the same time, we are also continuously optimizing the vehicle safety protection system to better support the overseas expansion of our business and meet the growing safety needs of overseas vehicles.
(The above content comes from the keynote speech on “Cybersecurity Challenges and Thoughts in the Era of Intelligent Connected Vehicles” delivered by Zhang Zhiqiang, Head of Global Information Security & DPO/Head of Network Security Department of Ouhui New Energy/Tencent Cloud TVP Industry Ambassador/TWT Architect Judge, at the 4th China Internet of Vehicles Security Conference on June 19, 2025.) )
