Identifying best practice for automotive cyber security

The objective of the fourth Principle, ‘Enhance Automotive Cybersecurity’, is to explore and employ ways to collectively address cyber threats that could present unreasonable safety or security risks. This includes the development of best practices to secure the motor vehicle ecosystem.

To further this objective, the Automotive Information Sharing and Analysis Center (Auto-ISAC) has undertaken the task of creating and maintaining a series of Automotive Cybersecurity Best Practices. The Best Practices cover organisational and technical aspects of vehicle cyber security including governance, risk management, security by design, threat detection, incident response, training and collaboration with appropriate third parties.

The Best Practices focus on product cyber security within the motor vehicle ecosystem and across the vehicle lifecycle. They refer primarily to US light duty, on-road vehicles but are applicable to other automotive markets, including heavy duty and commercial vehicles. The Best Practices content intentionally leaves room for flexibility to allow for individualised implementation and to support international application by global automakers.

While participating automakers share a common commitment to vehicle cyber security, their electrical architectures, connected services, and organisational compositions vary. Accordingly, the Best Practices do not prescribe specific technical or organisational solutions.

The Auto-ISAC will update the Best Practices over time to address emerging cyber security areas and reflect the constantly evolving cyber landscape.

The full Automotive Cybersecurity Best Practices document can be downloaded below.