Educate employees on security awareness, roles, and responsibilities.
Collaboration and engagementwith appropriate third parties (Available to industry stakeholders)
Outline how the organization manages vulnerability disclosure from external parties.
Emphasize secure connections to, from, and within the vehicle.
The Best Practices are not intended to, nor should be interpreted to, obligate individual Members of Auto-ISAC, Auto Alliance, or Global Automakers to take specific action or measures. Each automaker has unique needs and capabilities with respect to cybersecurity. Therefore, the Best Practices may not be applicable to some organizations or parts of organizations. Accordingly, these Best Practices offer suggested measures.
. Auto-ISAC plans to periodically update this Guide to adapt to the evolving automotive cybersecurity landscape.
Improve incident response plans over time based on lessons learned.
Threat Detection and Protection Best Practices leverageNIST 800137: Information Security Continuous Monitoring for Federal Information Systems and Organizations, ISO/IEC 30111: Vulnerability Handling Procedures, and other established resources.
Risk assessment and management strategies mitigate the potential impact of cybersecurity vulnerabilities. Best Practices focus on processes for identifying, categorizing, prioritizing, and treating cybersecurity risks that could lead to safety and data security issues. Risk management processes can help automakers identify and protect critical assets, assist in the development of protective measures, and support operational risk decisions. Risk Assessment and Management Best Practices include:
The Best Practices expand on the Framework for Automotive Cybersecurity Best Practices (Framework) published in January 2016 by the Alliance of Automobile Manufacturers (Auto Alliance) and the Association of Global Automakers (Global Automakers). Auto-ISAC closely collaborates with the two industry associations throughout Best Practices development. These Best Practices follow a precedent set by other ISACs and similar organizations that have developed Best Practices for their respective industries.
(Available to public after registration) The purpose of this Guide is to assist automakers, suppliers and auto industry stakeholders as they design, mature and operate their vehicle cyber incident response capabilities.
Form partnerships and collaborative agreements to enhance vehicle cybersecurity.
Incident Response Best Practices leverageNIST SP 80061: Computer Security Incident Handling Guide, ISO/IEC 27035:2011 Information security incident management, and other established resources.
Perform software-level vulnerability testing, including software unit and integration testing.
Test and validate security systems at the vehicle level.
Review information and data using a standardized classification process before release to third parties.
Section 3: Key Cybersecurity Functions
Living. Auto-ISAC plans to periodically update this Executive Summary and Best Practices content to adapt to the evolving automotive risk landscape.
Authenticate and validate all software updates, regardless of the update method.
Establish a decision process to manage identified risks.
Support anomaly detection for vehicle operations systems, vehicle services, and other connected functions, with considerations for privacy.
The Auto-ISAC sets to demonstrate the industrys proactive collaboration to protect consumer safety through vehicle cyber security.Our Method: Define best practices for securing the vehicle ecosystem, and provide guidance to implement the guidelines.
Identify trust boundaries and protect them using security controls.
The Best Practices focus on product cybersecurity within the motor vehicle ecosystem and across the vehicle lifecycle. They refer primarily to U.S. light-duty, on-road vehicles but are applicable to other automotive markets, including heavy-duty and commercial vehicles, and broader connected vehicle ecosystem stakeholders. The Best Practices content intentionally leaves room for flexibility to allow for individualized implementation and to support international application by global organizations.
Engage with academic institutions and cybersecurity researchers, who serve as an additional resource on threat identification and mitigation.
(Available to the public after registration.) The purpose of this Guide is to assist heavy and light-duty vehicle OEMs, suppliers, and auto industry stakeholders with collaborating and engaging appropriate third parties as part of their vehicle cybersecurity activities.
Risk Assessment Best Practices leverageNIST 800-30: Guide for Conducting Risk Assessmentsand other established resources.
Perform periodic testing and incident simulations to promote incident response team preparation.
Training and awareness programs help cultivate a culture of security and enforce vehicle cybersecurity responsibilities. The Best Practices emphasize training and awareness programs throughout an organization to strengthen stakeholders understanding of cybersecurity risks. Training and Awareness Best Practices include:
Cybersecurity experts agree that a future vehicle with zero risk is unobtainable and unrealistic. The Best Practices emphasize risk management, including the identification of risks and implementation of reasonable risk-reduction measures.
Assess risk and disposition of identified threats and vulnerabilities using a defined process consistent with overall risk management procedures.
The Best Practices are written for use by OEMs, suppliers, and the commercial vehicle sector. They may also be applicable to other vehicle cybersecurity stakeholders, including dealers and aftermarket suppliers.
Effective governance aligns a vehicle cybersecurity program with an organizations broader mission and objectives. Furthermore, strong governance can help to foster and sustain a culture of cybersecurity. Best Practices do not dictate a particular model of vehicle cybersecurity governance but provide considerations for organizational design to align functional roles and responsibilities. Best Practices for Governance and Accountability include:
Restore standard vehicle functionality and enterprise operations; address long-term implications of a vehicle cyber incident.
Test hardware and software to evaluate product integrity and security as part of component testing.
Promote timely and appropriate action to remediate a vehicle cyber incident.
Include IT, mobile, and vehicle-specific cybersecurity awareness.
Consider and understand appropriate methods of attack surface reduction.
While Members share a common commitment to vehicle cybersecurity, their electrical architectures, connected services, and organizational compositions vary. Accordingly, the Best Practices do not prescribe specific technical or organizational solutions.
Dedicate appropriate resources to cybersecurity activities across the enterprise.
. Companies have the autonomy and ability to select and voluntarily adopt practices based on their respective risk landscapes and organizational structures.
The Best Practices do not form an assessment or compliance framework, and do not mandate prescriptive requirements. Each automaker will determine if and/or how to apply the Best Practices internally.
Include security design reviews in the development process.
The Best Practices provide guidance on how individual companies can implement the Enhance Automotive Cybersecurity Principle within their respective organizations. This document is an Executive Summary of the Best Practices content.
The purpose of the Guides is to assist automotive industry stakeholders with identifying, prioritizing, treating, and monitoring vehicle cybersecurity risks. The Guides provide forward-looking guidance without being prescriptive or restrictive. These best practices are:
Consider data privacy risks and requirements in accordance with the Consumer Privacy Protection Principles for Vehicle Technologies and Services.
Key Cybersecurity Function (Function)
Together, these seven Functions cover the diverse factors affecting cybersecurity across the connected vehicle ecosystem. The Functions influence each other, and many Best Practices have applicability across Functions and vehicle lifecycle phases.
Notify appropriate internal and external stakeholders of a vehicle cyber incident.
Consider commensurate security risks early on and at key stages in the design process.
. These practices are forward-looking and voluntarily implemented over time, as appropriate.
Tailor training and awareness programs to roles.
Document the incident response lifecycle, from identification and containment through remediation and recovery.
Limit network interactions and help ensure appropriate separation of environments.
Establish a process to confirm compliance by critical suppliers to verify security requirements, guidelines, and trainings.
Include the supply chain in risk assessments.
Not Required. Organizations have the autonomy and ability to select and voluntarily adopt practices based on their respective risk landscapes.
The Best Practices include seven Functions:
Identify threats and vulnerabilities through various means, including routine scanning and testing of the highest risk areas.
Contain an incident to eliminate or lessen its severity.
Identify and address potential threats and attack targets in the design process.
Layer cybersecurity defenses to achieve defense-in-depth.
Find out more about joining the Auto-ISAC as a member or partner.
Aspirational. These practices are forward-looking, and voluntarily implemented over time, as appropriate.
In addition, the Best Practices scope and content reflect a thorough review and benchmark of other ISAC and industry Best Practices that address information technology, supply chains, and manufacturing security. The Best Practices do not restate existing Best Practices for these areas.
Establish governance processes to ensure compliance with regulations, internal policies, and external commitments.
Ensure an incident response team is in place to coordinate an enterprise-wide response to a vehicle cyber incident.
Document a process for reporting and communicating risks to appropriate stakeholders.
Functionally align the organization to address vehicle cybersecurity, with defined roles and responsibilities across the organization.
An incident response plan documents processes to inform a response to cybersecurity incidents affecting the motor vehicle ecosystem. Best Practices include protocols for recovering from cybersecurity incidents in a reliable and expeditious manner, and ways to ensure continuous process improvement. Best Practices for Incident Response and Recovery include:
Terms referenced in this Executive Summary are defined in the below table.
Include a risk assessment in the initial vehicle development stage, and reevaluate at each stage of the vehicle lifecycle.
Determine actual and potential fleet wide impact of a vehicle cyber incident.
Secure vehicle design involves the integration of hardware and software cybersecurity features during the product development process. Best Practices for Security by Design include:
As vehicles become increasingly connected and autonomous, the security and integrity of automotive systems is a top priority for the automotive industry. The Proactive Safety Principles released in January 2016 demonstrate the automotive industrys commitment to collaboratively enhance the safety of the traveling public. The objective of the fourth Principle, Enhance Automotive Cybersecurity, is to explore and employ ways to collectively address cyber threats that could present unreasonable safety or security risks. This includes the development of Best Practices to secure the motor vehicle ecosystem.
Training and Awareness Best Practices leverage _NIST SP 80050: Building an Information Technology Security Awareness and Training Program other established cybersecurity training resources.
Auto-ISAC will update the Best Practices over time to address emerging cybersecurity areas and reflect the constantly evolving cyber landscape. Please see Section 2.1 for more information.
Incident response(Available to industry stakeholders)
Engage with governmental bodies, including the National Highway Traffic Safety Administration, NIST, Department of Homeland Security, United States Computer Emergency Readiness Team, Federal Bureau of Investigation, and others.
A statement that identifies a management or technical activity to enhance vehicle cybersecurity.
Governance and Accountability Best Practices leverage guidelines included inISO/IEC 27001Information Security Managementand other cybersecurity management references.
Report threats and vulnerabilities to appropriate third parties based on internal processes.
Security by Design Best Practices leverageSAE J3061: Cybersecurity Guidebook for Cyber-Physical Vehicle Systems, NIST 80064: Security Considerations in the Systems Development Lifecycle, NIST SP 800121 Guide to Bluetooth Security, NIST SP127: Guide to Securing WiMAX Wireless Communications, ISO 17799: Mobile Phone Security, and other established resources.
Inform risk-based decisions with threat monitoring to reduce enterprise risk by understanding and anticipating current and emerging threats.
Define executive oversight for product security.
Communicate oversight responsibility to all appropriate internal stakeholders.
Identify and validate where in the vehicle an incident originated.
Members of Auto-ISAC are committed to updating of the Best Practices over time as the motor vehicle ecosystems risk landscape evolves.
Cybersecurity is a priority for Auto-ISAC Members and stakeholders across the motor vehicle ecosystem. These Best Practices can guide effective risk management at the product level and further enhance the security and resiliency of the automotive industry.
Proactive cybersecurity through the detection of threats, vulnerabilities, and incidents empowers automakers to mitigate associated risk and consequences. Threat detection processes raise awareness of suspicious activity, enabling proactive remediation and recovery activities. Best Practices for Threat Detection and Protection include:
Engage with industry bodies, such as Auto-ISAC, Auto Alliance, Global Automakers, and others.
Monitor and evaluate changes in identified risks as part of a risk assessment feedback loop.
The Best Practices incorporate concepts from other Best Practices, standards and frameworks created by NHTSA, the National Institute of Standards and Technology (NIST), International Organization for Standardization (ISO), SAE International, and other organizations. Many of the Best Practices either build on established ideas in those references or are adapted to address unique dimensions of the motor vehicle ecosystem Specific documents are referenced inSection 4.0: Best Practices Overview.
Auto-ISAC is developing supplemental Best Practice Guides to provide Members and appropriate industry stakeholders additional information and implementation guidance for each of the seven functional areas:
A guide on a specific Function that provides additional details and implementation guidance.
Establish training programs for internal stakeholders across the motor vehicle ecosystem.
Our Best Practice Guides are implementation guides on key cyber functions, developed by a best practice working group. We have completed two Best Practice Guides to date.
Defending against cyber attacks often requires collaboration among multiple stakeholders to enhance cyber threat awareness and cyber attack response. When faced with cybersecurity challenges, the industry is committed to engaging with third parties, including peer organizations, suppliers, cybersecurity researchers, government agencies, and Auto-ISAC, as appropriate. Best Practices for Collaboration and Engagement with Third Parties include:
To further this objective, the Automotive Information Sharing and Analysis Center (Auto-ISAC) has undertaken the task of creating and maintaining a series of Automotive Cybersecurity Best Practices (Best Practices). The Best Practices cover organizational and technical aspects of vehicle cybersecurity, including governance, risk management, security by design, threat detection, incident response, training, and collaboration with appropriate third parties.
The highest level of Best Practice categorization. Functions guide management of vehicle cyber risk.
The Best Practices adhere to a risk-based approach to help automakers and industry stakeholders manage and mitigate vehicle cybersecurity risk. This risk-based approach enables all organizations regardless of size, vehicle technology, or cybersecurity maturityto tailor Best Practice implementation in a manner appropriate to their systems, services, and organizational structures.
We released a Best Practices Executive Summary in July 2015 that is available to the public. The Best Practice Executive Summary is a high-level document defining key cyber functions and best practices.
Collaboration and Engagement Best Practices leverageNIST SP 800150: Guide to Cyber Threat Information Sharing,ISO/IEC 27010:2012 – Information security management for inter-sector and inter-organizational communications, and other established resources.
Establish standardized processes to identify, measure, and prioritize sources of cybersecurity risk.