Automotive Cybersecurity: A Sneak Peek At An RSA 2016 Presentation

Melissa Stevens | February 24, 2016 | tag: Vendor Risk Management

Automotive cybersecurity wasn’t even thought about 15 years ago—but today, it’s a well-understood and critical problem. The crux of the issue is due to the fact that cars have hundreds of millions of lines of code, which are run by computers. These changes—along with the development of, the transition to, and experimentation with higher tech vehicles, like driverless cars—mark a whole new era of transportation.

All of these changes are very exciting, but as more computerized functions make their way into the automotive industry, more security issues arise and there is a far greater chance that something could (and more than likely will) go wrong. A number of recent public reports from security researchers have demonstrated that hackers can manipulate vehicles by making them speed up or slow down or do other things that are out of the driver’s control. What’s more is that it has been proven that these individuals can do these things remotely and don’t have to have physical access to the vehicles to tamper with them. This raises some obvious and important questions, starting with, “Are the manufacturers considering these issues when they’re building these cars?”

This topic will form the basis of an RSA panel session moderated by our VP of business development, Jacob Olcott. (You can learn more about it and add it to your RSA schedule here.) Jacob will lead a team of panelists on the implications and ramifications of automotive cybersecurity and, more specifically, will examine whether there is a need for cybersecurity ratings in the automotive industry in the same way that there are crash-test ratings.

Pressing Questions About Automotive Cybersecurity

Download Guide: 12 Cybersecurity Metrics Your Vendors And You Should Be Watching
  • Is a cyber ratings organization needed for the automotive industry? What role would this organization play, and what degree of influence would they have in the industry?
  • What role should the government play in automotive cybersecurity? Should legislation—like the cybersecurity proposal from Sen. Markey and Sen. Blumenthal—be passed and enacted into law? Is this an example of thoughtful legislation or government overreach? Additionally, should there be a minimum industry-accepted standard for cybersecurity practices that automotive groups must follow?
  • What are the responsibilities of the automotive industry? Should vehicle manufacturers develop rating systems for third-party hardware and software developers to use in order to demonstrate their trustworthiness? In other words, how can supply chain risk be mitigated so manufacturers can ensure that their vendors meet their standards and requirements for cybersafety?
  • Are there best practices that can be gleaned from other sectors? Which industries have successfully mitigated cyber risks with emerging technologies?
  • Is there something that is unique about cybersecurity in the automotive context that is different from other Internet of Things (IoT) applications? In other words, should life-and-death IoT applications be more heavily regulated and examined, both in the public and private sector?
  • Could the existing five-star crash-test rating system be leveraged in the cybersecurity context? What changes would need to be made to that system to include cybersecurity?
  • Would consumers look at cybersecurity ratings before purchasing a vehicle? How could awareness be raised on this topic to bring it to a degree of importance?

Join The Discussion

If this topic interests you, we invite you to join us on Wednesday, March 2, from 8-8:50 a.m., in Moscone West, Room 2016, for a lively and important session on the question, “Do We Need Cyber Ratings For The Auto Industry?”

Whether or not you can attend the session, we invite you to voice your opinion on the topic by tweeting us @BitSight with your thoughts on automotive cybersecurity. We’ll be retweeting your thoughts over the next week.

Download Guide: 12


Suggested Posts

BitSight Integrates With ServiceNow to Reduce Risk Throughout Vendor Management Programs

Organizations rely on third-parties to keep competitive in the marketplace. The EY global third-party risk management survey highlights that in 2019–20, over 33% of the 246 global companies surveyed were managing and monitoring...


5 Best Practices for Conducting Cyber Security Assessments

Third parties are essential to helping your business grow and stay competitive. But if you’re not careful, your trusted partnerships can introduce unwanted cyber risk and overhead into your organization.


5 Tips to Improve Cyber Security Monitoring of Your Vendors

What’s the biggest struggle your vendor risk managers face when establishing cyber security monitoring processes? From sudden increases in the use of third-parties by your organization, to not knowing which vendors might be impacted by...


Get the Weekly Cybersecurity Newsletter.