Vendor Risk Management

Automotive Cybersecurity: A Sneak Peek At An RSA 2016 Presentation

Melissa Stevens | February 24, 2016

Automotive cybersecurity wasn’t even thought about 15 years ago—but today, it’s a well-understood and critical problem. The crux of the issue is due to the fact that cars have hundreds of millions of lines of code, which are run by computers. These changes—along with the development of, the transition to, and experimentation with higher tech vehicles, like driverless cars—mark a whole new era of transportation.

All of these changes are very exciting, but as more computerized functions make their way into the automotive industry, more security issues arise and there is a far greater chance that something could (and more than likely will) go wrong. A number of recent public reports from security researchers have demonstrated that hackers can manipulate vehicles by making them speed up or slow down or do other things that are out of the driver’s control. What’s more is that it has been proven that these individuals can do these things remotely and don’t have to have physical access to the vehicles to tamper with them. This raises some obvious and important questions, starting with, “Are the manufacturers considering these issues when they’re building these cars?”

This topic will form the basis of an RSA panel session moderated by our VP of business development, Jacob Olcott. (You can learn more about it and add it to your RSA schedule here.) Jacob will lead a team of panelists on the implications and ramifications of automotive cybersecurity and, more specifically, will examine whether there is a need for cybersecurity ratings in the automotive industry in the same way that there are crash-test ratings.

Pressing Questions About Automotive Cybersecurity

Download Guide: 12 Cybersecurity Metrics Your Vendors And You Should Be Watching
  • Is a cyber ratings organization needed for the automotive industry? What role would this organization play, and what degree of influence would they have in the industry?
  • What role should the government play in automotive cybersecurity? Should legislation—like the cybersecurity proposal from Sen. Markey and Sen. Blumenthal—be passed and enacted into law? Is this an example of thoughtful legislation or government overreach? Additionally, should there be a minimum industry-accepted standard for cybersecurity practices that automotive groups must follow?
  • What are the responsibilities of the automotive industry? Should vehicle manufacturers develop rating systems for third-party hardware and software developers to use in order to demonstrate their trustworthiness? In other words, how can supply chain risk be mitigated so manufacturers can ensure that their vendors meet their standards and requirements for cybersafety?
  • Are there best practices that can be gleaned from other sectors? Which industries have successfully mitigated cyber risks with emerging technologies?
  • Is there something that is unique about cybersecurity in the automotive context that is different from other Internet of Things (IoT) applications? In other words, should life-and-death IoT applications be more heavily regulated and examined, both in the public and private sector?
  • Could the existing five-star crash-test rating system be leveraged in the cybersecurity context? What changes would need to be made to that system to include cybersecurity?
  • Would consumers look at cybersecurity ratings before purchasing a vehicle? How could awareness be raised on this topic to bring it to a degree of importance?

Join The Discussion

If this topic interests you, we invite you to join us on Wednesday, March 2, from 8-8:50 a.m., in Moscone West, Room 2016, for a lively and important session on the question, “Do We Need Cyber Ratings For The Auto Industry?”

Whether or not you can attend the session, we invite you to voice your opinion on the topic by tweeting us @BitSight with your thoughts on automotive cybersecurity. We’ll be retweeting your thoughts over the next week.

Download Guide: 12

 

Suggested Posts

Mitigating Risk in Your Expanding Digital Ecosystem

As time goes on, organizations are taking on more and more new digital transformation initiatives to become increasingly agile and boost productivity — dramatically transforming the number of digital touchpoints employees interact with on...

READ MORE »

FBI Alerts Companies of Cyber Attacks Aimed at Supply Chains

Earlier this month, ZDNet broke the news that the FBI had sent a cybersecurity alert to the U.S. private sector warning of an ongoing hacking campaign against supply chain software providers. According to the FBI, hackers are attempting to...

READ MORE »

Guide: Fourth-Party Cyber Risk & Management

In today’s interconnected world, supply chains are growing exponentially. As a result, third-party risk has become a big focus for senior management. But what about the vendors that your suppliers rely on and the threat of fourth-party...

READ MORE »

Subscribe to get security news and updates in your inbox.