Vendor Risk Management

Automotive Cybersecurity: A Sneak Peek At An RSA 2016 Presentation

Melissa Stevens | February 24, 2016

Automotive cybersecurity wasn’t even thought about 15 years ago—but today, it’s a well-understood and critical problem. The crux of the issue is due to the fact that cars have hundreds of millions of lines of code, which are run by computers. These changes—along with the development of, the transition to, and experimentation with higher tech vehicles, like driverless cars—mark a whole new era of transportation.

All of these changes are very exciting, but as more computerized functions make their way into the automotive industry, more security issues arise and there is a far greater chance that something could (and more than likely will) go wrong. A number of recent public reports from security researchers have demonstrated that hackers can manipulate vehicles by making them speed up or slow down or do other things that are out of the driver’s control. What’s more is that it has been proven that these individuals can do these things remotely and don’t have to have physical access to the vehicles to tamper with them. This raises some obvious and important questions, starting with, “Are the manufacturers considering these issues when they’re building these cars?”

This topic will form the basis of an RSA panel session moderated by our VP of business development, Jacob Olcott. (You can learn more about it and add it to your RSA schedule here.) Jacob will lead a team of panelists on the implications and ramifications of automotive cybersecurity and, more specifically, will examine whether there is a need for cybersecurity ratings in the automotive industry in the same way that there are crash-test ratings.

Pressing Questions About Automotive Cybersecurity

Download Guide: 12 Cybersecurity Metrics Your Vendors And You Should Be Watching
  • Is a cyber ratings organization needed for the automotive industry? What role would this organization play, and what degree of influence would they have in the industry?
  • What role should the government play in automotive cybersecurity? Should legislation—like the cybersecurity proposal from Sen. Markey and Sen. Blumenthal—be passed and enacted into law? Is this an example of thoughtful legislation or government overreach? Additionally, should there be a minimum industry-accepted standard for cybersecurity practices that automotive groups must follow?
  • What are the responsibilities of the automotive industry? Should vehicle manufacturers develop rating systems for third-party hardware and software developers to use in order to demonstrate their trustworthiness? In other words, how can supply chain risk be mitigated so manufacturers can ensure that their vendors meet their standards and requirements for cybersafety?
  • Are there best practices that can be gleaned from other sectors? Which industries have successfully mitigated cyber risks with emerging technologies?
  • Is there something that is unique about cybersecurity in the automotive context that is different from other Internet of Things (IoT) applications? In other words, should life-and-death IoT applications be more heavily regulated and examined, both in the public and private sector?
  • Could the existing five-star crash-test rating system be leveraged in the cybersecurity context? What changes would need to be made to that system to include cybersecurity?
  • Would consumers look at cybersecurity ratings before purchasing a vehicle? How could awareness be raised on this topic to bring it to a degree of importance?

Join The Discussion

If this topic interests you, we invite you to join us on Wednesday, March 2, from 8-8:50 a.m., in Moscone West, Room 2016, for a lively and important session on the question, “Do We Need Cyber Ratings For The Auto Industry?”

Whether or not you can attend the session, we invite you to voice your opinion on the topic by tweeting us @BitSight with your thoughts on automotive cybersecurity. We’ll be retweeting your thoughts over the next week.

Download Guide: 12

 

Suggested Posts

Third-Party Risk Management Best Practices for Enterprise

Companies are becoming increasingly reliant on third-party relationships, and cyber attacks originating in the systems of third parties are on the rise.

READ MORE »

Airbus Incident Shines Spotlight on Third-Party Vendor Security Risks

2019 has been a year of high-profile attacks, and, as we predicted, it’s only getting worse. That’s certainly the case for Airbus.

READ MORE »

A Vendor Risk Management Questionnaire Template

IT Risk Assessment Questions for Third Parties

Digital relationships with third-party vendors increase opportunities for growth, but they also increase opportunities for cyberattacks — a recent study found that 61% of U.S. companies said...

READ MORE »

Subscribe to get security news and updates in your inbox.