Automobile Industry Gears Up For Cyber-Threat Intel-Sharing
A year in the making, the automobile industry's new intelligence sharing and analysis center (ISAC) is now official and revving up to begin disseminating and exchanging cyber threat information later this year.
Heightened concerns over the safety of a rapidly emerging generation of networked vehicles initially led the Alliance of Automobile Manufacturers and the Association of Global Automakers to first begin mulling an ISAC in July of 2014, when they announced plans to address security weaknesses and vulnerabilities in vehicle automation and networking features that could put cars at risk of being hacked for sabotage or other purposes.
More than 60% of all new vehicles by 2016 are expected to be connected to the Internet, so the official launch of an automobile ISAC comes at a crucial time. Meanwhile, security researchers have been hacking away at networked cars to find bugs before the bad guys do, as the auto industry has remained relatively mum publicly on the topic of cybersecurity threats to their vehicles.
SPONSOR VIDEO, MOUSEOVER FOR SOUND
Officials from the Alliance of Automobile Manufacturers -- of which 12 major carmakers, such as BMW Group, Fiat Chrysler, Ford, General Motors, Mazda, and Toyota are members -- and the Association of Global Automakers -- which includes Honda, Nissan, Subaru, and others -- Booz Allen Hamilton, and SAE International, today announced that the auto industry's ISAC is now officially close to going live. Word of the ISAC came in conjunction with the 2015 SAE Battelle Cyber Auto Challenge in Detroit, where students work with automakers and government agencies on secure system design via hands-on cybersecurity activities.
Rob Strassburger, vice president of vehicle safety and harmonization for the Alliance of Automobile Manufacturers, said the ISAC will provide a central hub for cyber threat information and analysis, as well as vulnerabilities found in vehicles and their associated networks. "Automakers around the world will receive this information from the ISAC," he said.
The ISAC initially will not include suppliers from the auto industry, but it will extend to them as well as telecommunications and other technology providers as the ISAC matures, he said.
Meanwhile, the auto industry has been working on other cybersecurity initiatives aimed at locking down vehicle security and safety, according to Paul Scullion, safety manager with Association of Global Automakers. "An ISAC will bring insights on the threat landscape. Sharing of threats is just one piece," he said. Carmakers also are conducting research and development in "secure by design" features and functions, he said.
Several industry efforts also are underway, he noted: hackathons, a cybersecurity task force, and research with the National Institute of Standards and Technology (NIST), among other efforts, Scullion said. "OEMs are engaged with third-party security vendors and academia" to develop vehicle-specific technologies, he said.
Among the security technologies on the horizon for vehicles: enhanced network firewalls, software monitoring, and the ability to deny malicious traffic from bad guys to the car. "Privacy is another issue automakers are taking steps to address," Scullion said.
So just what type of intel would automakers share via the ISAC? Vulnerabilities and threats hitting them, for example, which of course likely will get anonymized. "Threat data could be nation-state, it could be a code vulnerability," said Jon Allen, principal for commercial solutions at Booz Allen Hamilton, the contractor who helped the auto industry set up the ISAC