The auto industry has published its first set of cybersecurity best practices, as it attempts to combat rising and future threats facing the connected car.
The best practices are designed to provide guidance on how individual companies can enhance automotive cybersecurity, focusing on seven key areas in particular.
“IT’S EXPECTED THAT BY THE MID-2020s, VIRTUALLY ALL NEW VEHICLES WILL HAVE DATA CONNECTIONS.”
Areas with best practice guidelines include governance, risk assessment and management, security by design, threat detection and protection, incident response, awareness and training, and collaboration and engagement with appropriate third parties.
More than 50 automotive experts from around the world participated in creating the guidelines on behalf of the Automotive Information Sharing and Analysis Center (Auto-ISAC).
The working group – which includes members from nearly all of the major automakers operating in North America – was set up in late 2015 to share vulnerability information, carry out analysis and develop solutions that are beneficial to both the industry and its customers.
As reported by Forbes, it’s expected that by the mid-2020s, virtually all new vehicles will have data connections. Risks for connected cars could range from data theft to ransomware and – in the case of autonomous vehicles – cars being remotely controlled and crashed.
“Automakers are committed to being proactive and will not wait for cyber threats to materialize into safety risks,” said Auto-ISAC chairman Tom Stricker of Toyota.
“The best practices initiative represents this commitment to proactive collaboration that our industry made when we stood up the Auto-ISAC last year. I’m proud of the way we have united in our endeavor to minimize the risks our consumers might face from cybersecurity and privacy threats.”
As ESET senior security researcher Stephen Cobb wrote last week, ‘jackware’, or ransomware in vehicles, is still a theoretical threat and not yet ‘in the wild’. But as the modern car adapts and evolves to include more onboard technology, best practices like these could prove crucial in fighting cybercrime in the industry.
To read Auto-ISAC’s findings in more depth, view the report’s Executive Summary.
by Narinder Purba, ESET We Live Security