Automotive Industry Working on Best Practices List to Provide Security for Connected Cars
The notion of someone effectively seizing control of a car remotely and turning it into a rolling hammer filled with flammable liquid—oh yeah, and at least one human passenger—is the stuff of nightmares. Recently, the Automotive Information Sharing and Analysis Center (Auto-ISAC) brought out a new string of best practices to put to use in a bid to keep people safe from hacking while driving.
Auto-ISAC's measures come from the combined efforts of over 50 automotive cybersecurity experts working together over the space of five months, and yielded a set of noteworthy practices to bear in mind. The practices, in turn, are broken down into seven key fields:
- Security by design
- Risk assessment
- Threat detection
- Incident response
- Collaboration with third parties
- Awareness and training
Each of these key fields comes with a set of practices contained within. Governance, for example, includes points like “communicate oversight responsibility to all appropriate internal stakeholders,” while risk assessment calls for such things as “establish a decision process to manage identified risks” and “include the supply chain in risk assessments.” This all may sound like Dilbert-grade obfuscation, but there's actually quite a bit of value contained in these.
For instance, the “security by design” section calls for “layer(ing) cybersecurity defenses to achieve defense-in-depth.” That basically means to have several protective measures in place at once in order to allow the best chance at fending off a hacker. That's a strategy often mirrored in the real world by those who use a Teridion Cloud Router (TCR) system as a means to divert an incoming distributed denial of service (DDoS) attack, followed by a firewall system to prevent intrusion and encryption on internal data to make the produce of a theft almost worthless.
It's the kind of thing we desperately need. After all, the self-driving car is no longer the stuff of science fiction dreams. Indeed, we may well all be putting these systems to work soon enough. Being protected against outside intrusion, the kind of thing that can turn our car into a weapon at any time, is a clear necessity.
Best principles generated from Auto-ISAC should prove a sound starting point to build a future of protected connectivity in cars. That's good news for drivers and for anyone else on the road, especially if this is just a starting point that yields maximum protection against hacking.
Edited by Peter Bernstein