The Automotive Information Sharing and Analysis Center (“Auto-ISAC”) has released a set of cybersecurity best practices for the automotive industry. The best practices are primarily geared toward automakers, but note that suppliers of motor vehicle components might also benefit from implementing them.
The best practices include seven functions, each of which includes several recommendations: (1) governance; (2) risk assessment and management; (3) security by design; (4) threat detection and protection; (5) incident response; (6) training and awareness; and (7) collaboration and engagement with appropriate third parties. The recommendations incorporate established cybersecurity resources and standards from organizations such as the International Organization for Standardization and National Institute of Standards and Technology.
Given the variation among automakers, the best practices do not prescribe specific technical or organizational solutions, and are only “suggested measures.” The Auto-ISAC also commits to updating the best practices over time to “reflect the constantly evolving cyber landscape.”