Auto engineers are incorporating security solutions into vehicles from the first stages of design and production, and their security testing never stops.
As cars and other forms of transportation increasingly incorporate in-vehicle computer systems to help with everything from safety to navigation, cyber-security is among the industry’s top priorities and the auto industry is working continuously to enhance vehicle security features.
- Vehicle hardware has built-in security features that help protect safety critical systems, and auto control systems are isolated from communications-based functions like navigation and satellite radio.
- Automakers use proven security techniques to help prevent unauthorized access to software, and software updates require special codes.
- Like many industries, auto engineers use “threat modeling” and simulated attacks with the latest methods to test security and to help design controls to enhance data integrity.
Automotive cyber experts have developed best practices through the Automotive Information Sharing and Analysis Center (Auto-ISAC), launched in 2015 to stay ahead of cyber threats.
The Automotive Cybersecurity Best Practices cover organizational and technical aspects of vehicle cybersecurity in these seven function areas:
Together, these seven functions cover the diverse factors affecting cybersecurity across the connected vehicle ecosystem. The functions influence each other, and many Best Practices have applicability across functions and vehicle lifecycle phases. The Auto-ISAC is also developing supplemental Best Practice Guides to provide ISAC members and appropriate industry stakeholders with additional information and implementation guidance.
Visit the Auto-ISAC website for more information.
Automotive collaboration and partnerships are sharing solutions, seeking fresh approaches and monitoring new developments.
To help deepen our shared knowledge of automotive cybersecurity technologies and best practices, automakers engage with the cybersecurity community, working together with government, private-sector firms, standards organizations, academia, research and testing facilities, cyber challenges and more.