SOUTHFIELD – Connected vehicles must be designed and manufactured with security in mind, warns a report released Thursday that offers ways in which the auto industry can protect itself from hackers.
The report, researched over five months by more than 50 auto cybersecurity experts, was released by the Automotive Information Sharing and Analysis Center based in Washington D.C., with offices in Southfield. The effort began in early 2016 when the 15 automaker members of the Auto-ISAC formed a working group to examine cybersecurity threats posed by heavily connected cars and trucks.
“Automakers are committed to being proactive and will not wait for cyber threats to materialize into safety risks,” said Auto-ISAC Chairman Tom Stricker of Toyota. “The Best Practices initiative represents this commitment to proactive collaboration that our industry made when we stood up the Auto-ISAC last year. I’m proud of the way we have united in our endeavor to minimize the risks our consumers might face from cybersecurity and privacy threats.”
The report comes a day before the inaugural Automotive Cybersecurity Summit is scheduled to be held in Detroit on July 22. The centerpiece of this day-long summit will be the keynote addresses by U.S. Transportation Secretary Anthony Foxx, the country’s top transportation official, and GM Chairman and CEO Mary Barra, the chief of the country’s largest automaker.
The Executive Summary of the Best Practices has been released publicly on the Auto-ISAC website. The Best Practices provide guidance to assist an organization’s development in seven key topic areas, including:
- Governance: Aligns a vehicle cybersecurity program to an organization’s broader mission and objectives.
- Risk assessment and management: Mitigates the potential impact of cybersecurity vulnerabilities by developing processes for identification, categorization, prioritization, and treatment of cybersecurity risks.
- Security by Design: Follows secure design principles in developing a secure vehicle, as well as the integration of cybersecurity features during the product development process.
- Threat detection and protection: Detects threats, vulnerabilities, and incidents to proactively monitor environments and mitigate risk.
- Incident response: Enables automakers to respond to a vehicle cyber incident in a reliable and expeditious manner.
- Awareness and training: Cultivates a culture of cybersecurity and ensures individuals understand their role and responsibility in promoting vehicle cybersecurity.
- Collaboration and engagement with appropriate third parties: Enhances cyber threat awareness and attack response.
The Best Practices provide deep technical and organizational breadth to support, develop, and improve defenses against potential cybersecurity threats of the motor vehicle ecosystem. They are grounded in ISO, NIST and other established cybersecurity frameworks but are tailored to the motor vehicle. Auto-ISAC members have committed to continuously enhancing the Best Practices over time to keep pace with the constantly evolving cyber landscape.