First Cybersecurity Guidelines Issued For Auto Industry

As driving and technology get further and further intertwined with one another, the way we think about vehicle safety needs to change. We’ve already seen incidents of even the best technology in newer vehicles being misused, misunderstood, or even malfunctioning in some cases. (The most recent examples coming from Tesla since they’ve began rolling out their “autopilot” feature.)

Auto manufacturers are starting to take steps to make sure that the technology that’s being added to our cars is safe. This is an important consideration when you look at it in a big picture sense. It may be irritating or possibly even expensive when cyber security issues pop up in relation to your phone or home computer, but it can be a genuine safety hazard on the road. The industry has taken note and responded in kind.

In July of 2016, the Automotive Information Sharing and Analysis Center offered up its first set of guidelines pertaining to cyber security in the automotive industry. The main focus of the guidelines is to be a preemptive measure against the potential future threats to cyber security as they relate to vehicles. The seven major areas that included in the study, which we’ll go over in the second section, include the following:

• Governance.
• Risk assessment.
• Secure design.
• Threat detection.
• Response.
• Awareness.
• Collaboration.

Unpacking The Details: New Cybersecurity Standards.

Governance - Clearly defined oversight and regulatory standards for cybersecurity in vehicles. Dedication of proper resources and clearly defined organizational roles and responsibilities. Make sure compliance standards are met, both internally and externally.

Assessment & Management - Assessment goals include minimizing any potential damage that could result from vulnerabilities. This includes a standard protocol for action, documentation, monitoring and re-evaluation throughout the process.

Security by Design - Incorporating software security measures with hardware and standard features, testing for vulnerabilities, minimizing network access, and evaluation of various risks, including data privacy and personal information.

Threat Detection - Evaluate security in terms of known threats, monitor potential threats and regularly scan for vulnerabilities. Report and document on threats.

Response - Form an incident documentation plan that includes everything from the initial response to the resolution. Provide test-case scenarios to make sure that an incident response team is ready for response. Correction of issue and notification of appropriate parties.

Awareness - General training and awareness training to understand the possible threats of cybersecurity issues and how to appropriately handle them. Establish clear roles and responsibilities throughout the company culture in regard to vehicle cybersecurity.

Collaboration - Coordinate with third parties to ensure maximum safety across all segments of the industry. Review and provide relevant data to the appropriate agencies such as Homeland Security, the FBI and the National Highway Traffic Safety Administration.