Automotive Security Best Practices

Tuesday, July 26, 2016 @ 05:07 PM gHale


Automobiles are the ultimate mobile device with computing power capable of boosting safety and fuel economy while reducing emissions.

The problem is, automobiles, while maintaining strong wireless communications capabilities, do not have the most secure systems. As a matter of fact, they are a security nightmare.

RELATED STORIES
Zero Days in BMW Web Portal
SUV Hack via Wi-Fi
Radio Attack Breaks into Autos
Vehicles that Communicate through Intersections

That is why members of the Automotive Information Sharing and Analysis Center (Auto-ISAC) released an overview of comprehensive Automotive Cybersecurity Best Practices developed as a proactive measure to further enhance vehicle cybersecurity.

Over 50 automotive cybersecurity experts from around the world participated in the development of these best practices. The effort began in early 2016 when the 15 automaker members of the Auto-ISAC formed a working group to examine all cybersecurity aspects of the motor vehicle ecosystem.

“These Best Practices can guide effective risk management at the product level and further enhance the security and resiliency of the automotive industry,” according to the best practices overview.

The best practices provide guidance to assist an organization’s development in seven key topic areas, including:
1. Governance: Aligns a vehicle cybersecurity program to an organization’s broader mission and objectives
2. Risk assessment and management: Mitigates the potential impact of cybersecurity vulnerabilities by developing processes for identification, categorization, prioritization, and treatment of cybersecurity risks
3. Security by design: Follows secure design principles in developing a secure vehicle, as well as the integration of cybersecurity features during the product development process
4. Threat detection and protection: Detects threats, vulnerabilities, and incidents to proactively monitor environments and mitigate risk
5. Incident response: Enables automakers to respond to a vehicle cyber incident in a reliable and expeditious manner
6. Awareness and training: Cultivates a culture of cybersecurity and ensures individuals understand their role and responsibility in promoting vehicle cybersecurity
7. Collaboration and engagement with appropriate third parties: Enhances cyber threat awareness and attack response

The best practices are there to provide deep technical and organizational breadth to support, develop, and improve defenses against potential cybersecurity threats of the motor vehicle ecosystem.

They have a basis from ISO, NIST and other established cybersecurity frameworks but end up tailored to the motor vehicle.

Auto-ISAC members have committed to continuously enhancing them over time to keep pace with the dynamic cyber landscape.