Each passing month, modern vehicles become more and more connected as new improved and more advanced cars and trucks reach consumers.
The so-called Internet of things (IoT), or the vast network of physical devices, various electronics, software, etc. that are all connected and exchange data, reached consumer vehicles a while ago. But the connectivity aspect has been intensified in vehicles in the past few years -- and the progression of the modern car into a main component of the IoT is showing no signs of slowing down.
Alongside the ever-increasing connectivity component of modern cars is the similarly increasing cyber security risk that coincides with vehicles becoming part of the IoT.
With security risks in mind, the Automotive Information Sharing and Analysis Center (Auto-ISAC) released its Automotive Cybersecurity Best Practices in July 2016. Auto giants collectively established the Automotive Information Sharing and Analysis Center (Auto-ISAC) in 2015 to collaboratively share and track cyber threats and subsequently increase vehicle security.
The Alliance of Automobile Manufacturers, a trade association of 12 vehicle manufacturers headquartered in Washington, D.C., touted the release of industry best practices, detailing how more than 50 automotive cybersecurity experts from across the globe participated in the five-month long endeavor of forming the guidelines.
— Auto Alliance (@auto_alliance) July 21, 2016
Automotive Cybersecurity Best Practices
The collaborative Best Practices offer in-depth cyber security guidance for vehicle manufacturers across seven different key topic areas:
- Governance: Guidance on aligning cybersecurity goals alongside broader goals to "foster and sustain a culture of cybersecurity."
- Risk assessment and management: Guidance to help mitigate the impact of potential cybersecurity vulnerabilities.
- Security by design: Guidance on maintaining secure design principles and integrating cybersecurity features.
- Threat detection and protection: Guidance on monitoring environments and averting threats.
- Incident response: Guidance on preparation of incident reporting and reaction.
- Awareness and training: Guidance on furthering vehicle cybersecurity through understanding.
- Collaboration and engagement with appropriate third parties: Guidance on cooperating "to enhance cyber threat awareness and cyber attack response."