The auto industry has published its first set of cybersecurity best
practices, as it attempts to combat rising and future threats
facing the connected car.
The best practices are designed to provide guidance
on how individual companies can enhance automotive cybersecurity, focusing on
seven key areas in particular.
“It’s expected that by the
mid-2020s, virtually all new vehicles will have data connections.”
Areas with best practice guidelines include
governance, risk assessment and management, security by design, threat
detection and protection, incident response, awareness and training, and
collaboration and engagement with appropriate third parties.
More than 50 automotive experts from around the
world participated in creating the guidelines on behalf of the Automotive
Information Sharing and Analysis Center (Auto-ISAC).
The working group – which includes members from
nearly all of the major automakers operating in North America – was set up in
late 2015 to share vulnerability information, carry out analysis and develop
solutions that are beneficial to both the industry and its customers.
As reported by Forbes, it’s expected that by the mid-2020s,
virtually all new vehicles will have data connections. Risks for connected cars
could range from data theft to ransomware and – in the case of autonomous
vehicles – cars being remotely controlled and crashed.
“Automakers are committed to being proactive and
will not wait for cyber threats to materialize into safety risks,” said
Auto-ISAC chairman Tom Stricker of Toyota.
“The best practices initiative represents this
commitment to proactive collaboration that our industry made when we stood up
the Auto-ISAC last year. I’m proud of the way we have united in our endeavor to
minimize the risks our consumers might face from cybersecurity and privacy
threats.”
As ESET senior security researcher Stephen Cobb wrote last week, ‘jackware’, or ransomware in
vehicles, is still a theoretical threat and not yet ‘in the wild’. But as the
modern car adapts and evolves to include more onboard technology, best
practices like these could prove crucial in fighting cybercrime in the
industry.
To read Auto-ISAC’s findings in more depth, view the report’s Executive Summary.