Connected Cars: One’s Detection is Another’s Prevention

Automobiles are benefiting from a wave of technology innovation, producing vehicles that are safer, cleaner and smarter – thanks in large part to automotive and information systems that provide more connectivity — just what consumers are demanding. And with all these new technologies and increased features comes potential vulnerabilities that could impact our vehicles and potentially our personal information. This increased potential risk of cyber intrusion and the promise of more interconnectedness demands action today. Today, automotive manufacturers and suppliers are working together in addressing emerging cyber security threats across the connected vehicle ecosystem.

Automakers proactively joined together in 2015, and formed a global information sharing community, the Auto Information Sharing and Analysis Center (Auto-ISAC), to address vehicle cyber security risks. An ISAC is a nonprofit organization that provides a central resource for gathering information on cyber threats by providing two-way sharing of information across the industry and with key stakeholders. The Auto-ISAC is member-driven and governed by a Board of Directors composed of leaders from across the global automotive community. Its members represent 98 percent of all cars on the road in North America and covers representatives from across 7 countries.

The focus is for the private automotive industry to work together and to leverage government and other strategic partners to create a safe, efficient, secure and resilient global automotive transportation system.

America’s automobile industry is one of the most powerful engines driving the US economy. The greater automobile industry extends well beyond the iconic names of auto companies familiar to us all. Auto manufacturing depends on thousands of companies supplying parts, components and materials, as well as a vast retail and vehicle maintenance network of dealers.

Now, through Auto-ISAC, the industry has established an environment for operational sharing of cyber threats intelligence to ensure global automotive growth and vitality. It operates as a central hub for sharing, tracking and analyzing intelligence about potential cyber threats, vulnerabilities and incidents related to the connected vehicle. Its secure intelligence sharing portal allows members to anonymously submit and receive information that helps them more effectively respond to cyber threats, vulnerabilities, and incidents due to nefarious security events. The unique ability of Auto-ISAC to effectively provide threat intelligence to protect the automotive sector has become an operational requirement for global automotive industry.

Information sharing is conducted in a secure, private manner that fosters collaboration and communication for the mutual benefit of the automotive community. This information, shared in real time, is anonymized and provides actionable intelligence for participants across the global automotive industry. This "crowd sourcing" provides a unique and one-of-a-kind environment that fosters timely and actionable intelligence in near real-time. Additionally, this learning and collaborative environment builds the skills and knowledge of our automotive companies to ensure our industry is resilient in the face of this constant threat.

Automakers are taking many actions to have strong cybersecurity protections, including implementing security features in every stage of the design and manufacturing process, partnering with public and private research groups to share solutions and participating in multiple cyber forums on emerging issues.

One of the first actions of Auto-ISAC was to provide industry with a roadmap to manage in this new environment. Called the Automotive Cybersecurity Best Practices Executive Summary, it outlines informational guides that cover organizational and technical aspects of vehicle cybersecurity, including incident response, collaboration and engagement with appropriate third parties, governance, risk management, security by design, threat detection and protection, and training and awareness. Our members and subject-matter experts work together to build these guides and is a key member benefit.

Protecting drivers from cyber threats is a new challenge for the automotive industry – one that differs from traditional safety, quality, compliance, and reliability challenges that have been tackled in the past. To secure connected vehicles, all involved in the vehicles manufacturing must be proactive and informed.

That is manifested in Auto-ISAC’s ability to share timely, anonymized, and actionable intelligence among participants across the global automotive industry. This information sharing is conducted in a secure, private manner that fosters collaboration and communication for the mutual benefit of the automotive community.

Auto-ISAC has global representation from members headquartered across North America, Europe, and Asia. It is a member of the National Council of ISACs and as such coordinates with 24 critical infrastructure ISACs covering areas like healthcare and aviation, telecommunications and financial services.

Auto-ISAC’s focus and dedication to sharing global threat information to better protect automotive companies, their customers and the auto sector is vital, as one company’s detection of a potential attack may mean another company’s prevention of a security breach. Cybersecurity is a global team sport requiring all hands-on deck!

Author of the article

Faye Francy, Executive Director, Auto-ISAC