A lot is happening in the Automotive industry these days. It has to do with connectivity, autonomous driving, autonomous parking, and so on.
All these have one thing in common: they are producing extremely large amounts of data which needs to be processed in the backend by very powerful computers.
When we talk connectivity, we MUST talk about cybersecurity.
This is why the Automotive industry has started to take this very seriously:
- We have the ISO/SAE AWI 21434 : Road Vehicles — Cybersecurity engineering which is in the preparation stage
- We have the European Automobile Manufacturers’ Association (ACEA) who have released the “Principles of Automobile Cybersecurity“
- BMW Group,
- DAF Trucks,
- Fiat Chrysler Automobiles,
- Ford of Europe,
- Hyundai Motor Europe,
- Jaguar Land Rover,
- Opel Group,
- PSA Group,
- Renault Group,
- Toyota Motor Europe,
- Volkswagen Group,
- Volvo Cars, and
- Volvo Group
ACEA and its members have identified a set of six key principles to enhance the protection of connected and automated vehicles against cyber threats.
1. Cultivating a cybersecurity culture
2. Adopting a cybersecurity life cycle for vehicle development
3. Assessing security functions through testing phases: self-auditing & testing
4. Managing a security update policy
5. Providing incident response and recovery
6. Improving information sharing amongst industry actors
These principles take account of the recommendations of the European Union Agency for Network and Information Security (ENISA), the guidelines of the UNECE Informal Working group
on Intelligent Transport Systems and Automated Driving (IWG ITS/AD), and the US Automotive Information Sharing and Analysis Centre’s (Auto-ISAC) best practices.3 This proactive approach
demonstrates the automobile industry’s commitment to continue to ensure user safety. Furthermore, ACEA members are currently involved in UN and German Institute for Standardisation (DIN) working groups drafting two documents of crucial importance:
• An international ISO/SAE standard on cybersecurity (ISO 21434);
• A recommendation which will be presented to the UNECE/WP.29 World Forum for Harmonisation of Vehicle Regulations.
What do all these mean?
Cybersecurity in automotive is not new. It started more than 5 years ago. I wrote about it and I will continue to write.
But, until recently these topics were things which “don’t happen to us”.
Now, all manufacturers have started to take this very seriously because a recall due to security problems is even more expensive than replacing some hardware in the car.
Back to ACEA now.
I really like their approach, but in my opinion, it is coming too late.
I created with Magility a Cybersecurity Management System (a framework) which describes how to introduce and implement cybersecurity in the entire company.
Because CSMS is more generic, it is better, if done right. 🙂
ACEA is also very good, but it is exclusively focused on cars and their internal architecture. Which is not bad at all.
At some point also CSMS would have to focus its Cybersecurity Program to use one framework or another.
I am very happy to see that I and Magility came up with something very good and solid, even before the big guys started to think about it.
If you are interested in finding out more on CSMS, drop me a note.
© Copyright 2017 Sorin Mustaca, All rights Reserved. Written For: Sorin Mustaca on Cybersecurity
Check www.endpoint-cybersecurity.com for seeing the consulting services we offer.
Visit www.itsecuritynews.info for latest security news in English
Besuchen Sie de.itsecuritynews.info für IT Sicherheits News auf Deutsch