The Canberra Institute of Technology (CIT) has unveiled its new $5 million 'Cyber Security Centre for Excellence', a hub set to address security concerns over the rise of high-tech connected cars, like modern electric vehicles, which experts say could be used as surveillance devices.
According to a spokesperson for the Canberra Institute of Technology (CIT), the new TAFE course “delivers education and training to prepare the electric vehicle service and support workforce to meet the rapid growth of electric vehicle use in Australia.”
While concerns over Chinese-built connected cars have been a global issue for the past couple of years, a CIT spokesperson told Drive, the new cybersecurity course "relates to all EV types, regardless of where they are manufactured”.
“Cyber security awareness is embedded in EV training, including safe diagnostics practices, understanding connected systems, and recognising the importance of secure updates,” a CIT spokesperson explained.
Additionally, the Institute said the new TAFE centre will complement "these efforts, through building national sovereign capability in cyber defence, data protection and supply chain risk management".
This news comes as various industry experts have called for the Australian Government to strengthen the country's cybersecurity industry, as well as its privacy laws.
Speaking at the 2025 Australian Financial Review Cyber Summit, Alastair MacGibbon, the chief strategy officer at Australian-based tech security company CyberCX, stated that Chinese-built electric cars pose a significant security threat.
“Those cars that we talk about, whether they’re electric or not, are listening devices, and they’re surveillance devices in terms of cameras,” MacGibbon stated.
In early January 2025, former US President Joe Biden and his administration banned Chinese and Russian software from new autonomous and connected cars, effective from 2027 and 2029, respectively.
While industry concerns relate to Chinese-built cars, various connected cars sold by Western brands can also collect a driver’s private data, which can then be shared with other third-party organisations, such as insurers or data brokers.
In an exclusive Drive story, Privacy Commissioner Carly Kind from the Office of the Australian Information Commissioner (OAIC) – the national regulator for privacy information – said most Australians are unaware of what type of data is harvested by car makers.
“Data increasingly collected by cameras, microphones, sensors and connected phones and apps can include personal and sensitive data, such as visits to medical providers or adherence to road rules,” Commissioner Kind told Drive.
“Many Australians may not expect that data is even being collected, let alone used or shared with insurers for the purposes of assessing their premiums,” she added.
‘Paint an intimate picture’
According to Alex Hoffmann, the industry lead for logistics and transport at CyberCX, a “standard new car in Australia now has more lines of code than a Boeing 747”.
“Wherever we are using internet-connected devices, we’re creating data about ourselves that the manufacturer of that device can potentially access and share,” he explained.
When asked what kind of information car makers can collect, Hoffman warned, “Modern cars track and store a lot of information about drivers and car owners, including where they live, where they work, and when they travel and how long for”.
“This information can paint a pretty intimate picture of someone's life.”
'Does not require consumers to understand'
While car brands have to legally disclose their privacy terms and conditions, the problem stems from the fact that the security information is buried in the fine print that most consumers skip over during the buying process.
Further compounding the issue is the fact that Australian laws are ambiguous when it comes to consumer consent.
Melbourne University law professor Jeanie Patterson told Drive, “In [Australian] law, consent can be found in conduct that indicates agreement – such as ticking a box, or signing your name, consent might even be found in using a website.”
“Consent in law does not necessarily require the consumers to have understood what they were consenting to – or even that they knew they were consenting. How many times do you click 'I agree?',” she added.
'We need our laws to hold businesses accountable'
While Australian privacy laws are currently in the process of being reformed, Chandi Gupta, the Deputy CEO and Digital Policy Director of consumer advocacy group CHOICE, told Drive, “We need our laws to hold businesses accountable for how they collect and use ur personal information.”
In response to the possible security threat and privacy violation, Commissioner Kind from the OAIC acknowledged that current legislation needs to be addressed.
“As new technologies create new opportunities for data to be created, used and shared, including to the disadvantage and harm of the Australian community, it is becoming clear that our current legal framework is not fit for purpose,” she told Drive.
“We are prioritising regulatory action that addresses activities that pose a significant potential for harm to individuals [which] includes practices that impact [an] individual's choice and control through opaque terms and conditions of service.”
Ethan Cardinal graduated with a Journalism degree in 2020 from La Trobe University and has been working in the fashion industry as a freelance writer prior to joining Drive in 2023. Ethan greatly enjoys investigating and reporting on the cross sections between automotive, lifestyle and culture. Ethan relishes the opportunity to explore how deep cars are intertwined within different industries and how they could affect both casual readers and car enthusiasts.
