A collaborative effort by the world’s automotive industry has published its ‘Best Practices’ to provide deep technical and organizational breadth to support, develop, and improve defenses against potential cybersecurity threats to the motor vehicle ecosystem.
New technology has paved the way for major advances in vehicle safety, emissions reduction and fuel economy, and current vehicles do more to keep drivers secure and connected than ever before. However, connected vehicles must be designed and manufactured with security in mind. Members of the Automotive Information Sharing and Analysis Center (Auto-ISAC) have released an overview of comprehensive Automotive Cybersecurity Best Practices, developed as a proactive measure to further enhance vehicle cybersecurity throughout the industry. Over five months, more than 50 automotive cybersecurity experts from around the world have participated in the development of these Best Practices to advance automotive cybersecurity capabilities. The effort began in early 2016, when the 15 auto maker members of the Auto-ISAC formed a working group to examine all cybersecurity aspects of the motor vehicle ecosystem.
Auto-ISAC was formed in July 2015 in a collective effort by the Alliance of Automobile Manufacturers and the Association of Global Automakers to establish a secure platform for sharing, tracking and analyzing intelligence about cyber threats and potential vulnerabilities. Auto-ISAC operates as a central hub that allows members to anonymously submit and receive information to help them more effectively counter cyber threats in real time. The Best Practices are grounded in ISO, NIST and other established cybersecurity frameworks, but are tailored to the motor vehicle. Auto-ISAC members have committed to continuously enhancing the Best Practices over time to keep pace with the constantly evolving cyber landscape.
The Best Practices provide guidance to assist an organization’s development in seven key topic areas, including:
Governance aligns a vehicle cybersecurity program to an organization’s broader mission and objectives;
Risk assessment and management mitigates the potential impact of cybersecurity vulnerabilities by developing processes for identification, categorization, prioritization, and the treatment of risks;
Security by Design follows secure design principles in developing a secure vehicle, as well as the integration of cybersecurity features, during the product development process;
Threat detection and protection detects threats, vulnerabilities and incidents to proactively monitor environments and mitigate risk;
Incident response enables auto makers to respond to a vehicle cyber incident in a reliable and expeditious manner;
Awareness and training cultivates a cybersecurity culture and ensures individuals understand their role and responsibility in promoting vehicle cybersecurity;
Collaboration and engagement with appropriate third parties enhances cyber threat awareness and attack response.
“Auto makers are committed to being proactive and will not wait for cyberthreats to materialize into safety risks,” said Auto-ISAC chairman Tom Stricker of Toyota. “The Best Practices initiative represents this commitment to proactive collaboration that our industry made when we stood up the Auto-ISAC last year. I’m proud of the way we have united in our endeavor to minimize the risks our consumers might face from cybersecurity and privacy threats.”
