Members of the Automotive Information Sharing and Analysis Center (Auto-ISAC) released an overview of comprehensive Automotive Cybersecurity Best Practices developed as a proactive measure to further enhance vehicle cybersecurity throughout the industry.
The creation of Best Practices follows the release of the Framework for Automotive Cybersecurity Best Practices jointly released by the Alliance of Automobile Manufacturers and the Association of Global Automakers in January 2016. The Auto-ISAC coordinated with both organizations throughout the Best Practices development.
Over five months, more than 50 automotive cybersecurity experts from around the world have participated in the development of these Best Practices to advance automotive cybersecurity capabilities. The effort began in early 2016 when the 15 automaker members of the Auto-ISAC formed a working group to examine all cybersecurity aspects of the motor vehicle ecosystem.
The Best Practices include seven functions. The Framework defined five guiding principles that affecting motor vehicle cybersecurity that are applied in the Best Practices as Functions:
- Security by design
- Risk assessment and management
- Threat detection and protection
- Incident response
- Collaboration and engagement with appropriate third parties
- Awareness and training
These seven Functions cover the diverse factors affecting cybersecurity across the motor vehicle ecosystem. The Functions influence each other, and many Best Practices have applicability across Functions and vehicle lifecycle phases.
The Best Practices are grounded in ISO, NIST and other established cybersecurity frameworks but are tailored to the motor vehicle. Auto-ISAC members have committed to continuously enhancing the Best Practices over time to keep pace with the constantly evolving cyber landscape.
The Auto-ISAC is developing supplemental Best Practice materials to benefit members and appropriate industry stakeholders. Additional Best Practice materials include a Reference Model that organizes all Best Practices, and Best Practice Guides that provide supporting information and implementation guidance.