Tag Archive for: connected cars

Until fairly recently, you might not have considered vehicles to be major cybersecurity targets. But with the rise in connected and autonomous cars, hackers and other cyber criminals can break into the systems that run these vehicles and wreak havoc.

“With all of the connectivity available comes cyber risk,” says Faye Francy, executive director of the Automotive Information Sharing and Analysis Center (Auto-ISAC), an industry-driven community to share and analyze intelligence about emerging cybersecurity risks to vehicles.

Technology has a long tradition of racing ahead of oversight, and the automotive industry is still catching up to the speed of change. Updates to the ISO 26262 functional safety standard were recently made in December 2018 and touch on cybersecurity, but expect to see more emphasis on this topic in the future. That’ll be especially true as automotive connectivity and complexity escalates, and the development of autonomous vehicles (addressed by another safety standard, ISO/PAS 21448, or Safety Of The Intended Functionality (SOTIF), which has incidentally sparked its own upcoming conference in Germany) progresses.

As an additional resource, Auto-ISAC aims to enhance vehicle cybersecurity capabilities across the global automotive industry, including light- and heavy-duty vehicle original equipment manufacturers (OEMs), suppliers and the commercial vehicle sector.

“The Auto-ISAC is the go-to organization that facilitates cybersecurity resiliency for the global automotive industry,” Francy says. Automakers worldwide joined together in 2015 to form the nonprofit community to address growing vehicle cybersecurity risks.

A Shared Responsibility

The focus of Auto-ISAC is to foster collaboration for mitigating the risks of cyber attacks and to create a safe, efficient, secure and resilient global connected vehicle ecosystem,” Francy says. Members use a secure intelligence-sharing portal to anonymously share information that helps them more effectively respond to cyber threats, vulnerabilities and incidents.

The 49 members includes all major automakers across North America, Europe, and Asia, as well as suppliers to the heavy-duty trucking and commercial vehicle sector. In 2017, the Auto-ISAC established a Strategic Partnership Program to enable ongoing coordination with key stakeholders including partners, government regulatory agencies and law enforcement.

One of the key accomplishments of the Auto-ISAC is its Best Practices initiative, which focuses on developing guidelines organizations can use to advance their vehicle cybersecurity programs, Francy says. The members conceive, write and develop Best Practice guides that are in various stages of review.

The guides cover organizational and technical aspects of vehicle cybersecurity including incident response, collaboration and engagement with third parties, governance, risk management, security by design, threat detection and protection, and training and awareness.

“These guides are released to the community to help the automotive industry stakeholders mature,” Francy says. Currently there are three guides available to the public on the Auto-ISAC Web site: Incident Response, Third Party Collaboration, and Engagement and Governance.

Evolving Recommendations

The digital age has introduced connected, advanced automotive capabilities for consumers, such as driver assist, navigation and hands-free calling. But this also introduces the possibility of risk such as hacker attacks.

“We have moved from a more physical analog attack surface to a digital, networked environment,” Francy says. “This provides different opportunities for the bad actors, due to the increase in innovative technologies and the interconnectedness” of the ecosystem.

Fortunately, the industry has taken a number of actions to identify and thwart cyber threats, including implementing security features in every stage of the design and manufacturing process, collaborating with public and private research groups to share solutions, and participating in multiple cyber forums on emerging issues. There is, of course, much more work to be done.

Automotive companies can learn from the Auto-ISAC leadership as it builds and leads a community of best practices, Francy says. The organization conducts an annual tabletop exercise, quarterly workshops and monthly analyst calls with members. It also leads virtual, monthly community calls and runs an annual Vehicle Cybersecurity Summit.

Auto-ISAC partnership programs “are developed to cultivate relationships beyond our membership, with the common goal to enhance vehicle cybersecurity and develop a vibrant and robust information-sharing community,” Francy says.

Learn how a Fortune 100 semiconductor company is meeting the challenges of functional safety standards for its automotive-related technology with Jama Connect by downloading our paper.

Author Bob Violino is a freelance writer who covers a variety of technology and business topics. Follow him on Twitter.


I was recently a panelist at the C3 Connected Mobility PDXchange event. We discussed everything from autonomous cars, to smart monitors for babies, to the ethics of new technology. It was a great opportunity to learn from a wide range of experts within the mobility space, but what really stood out to me is that there are so many more questions surrounding the future than there are ideas around solutions.

There were, however, some cool examples of where new technology in the mobility space can take small steps toward making the world a better place.

As an example, the startup BabyBit is partnering with Jaguar Land Rover to prevent the heatstroke deaths of children in automobiles. If a child is left in a car, the air conditioning system could automatically turn on to prevent overheating. There are countless examples of small companies like BabyBit who are building single-point solutions.

The real challenges are seen when we look at the ecosystem as a whole, and especially when we start talking about infrastructure improvements.

Recently, Transportation Secretary Anthony Foxx was in Portland as part of his tour of the final seven cities being considered for a $40 million “smart cities” grant. He said,  “Too often in these programs we think incrementally. But this is really a time for moonshots.”

I agree. By continuing to make small, incremental changes, we are ensuring a continuation of disconnected, disparate systems. It’s time to start the work of reinventing our transportation infrastructure with a focus on the connection between technology and community. It’s time to think big.

Making a monumental change in how we think about mobility will require innovation in how we build products and systems. New business models need to be explored and new types of partnerships forged. Public-Private Partnerships (P3s) have seen success around the world but still remain untested here in the U.S.; constantly changing political environments, big divides in federal and state funding, competing motivations and lack of ownership all play a role.

As new types of partnerships are explored, these key challenges need to be considered.

  • Government moves too slow and technology companies move too fast. Procurement takes too long, is too burdensome and leaves little room for learning and adjusting. Technology companies often start building before truly understanding the entire impact and are quick to pivot in a new direction. We need a middle ground. While we can’t take a minimum viable product approach to infrastructure changes, we do need to think about how we can build alignment from the beginning, learn as we go, and quickly adjust as necessary.
  • The lack of common language and communication tools. Email, Word, Excel, Sharepoint and countless other standard office utility tools being used to manage these projects simply will not cut it. In order to align around programs of this size and complexity, there needs to be common tools and methodologies used. As decisions are made, real-time impact analysis should be completed and respective parties brought in. There is too much at stake to make changes without knowing who and what will be impacted.
  • Competing priorities lead to misalignment throughout. Get aligned around common goals, be clear about competing interests and work to maintain that alignment throughout the life of your projects. Don’t step in and out of project plans only to check in at the milestones and the sign offs. Be transparent as changes in priorities are made.
  • Data management. There are the technical challenges such as data capture, normalization and fusion, but also questions around who will actually own the data. Data ownership has long been considered a part of a company’s IP. Outside of personal information, I suggest an open-source mindset when it comes to data. Normalize from the outset and move toward common goals to determine what the data will be used for.

We are at an interesting intersection (pun intended). New technology is allowing us to think bigger about what our future can look like, and while we may have more questions than answers right now, we can’t slow down.

We have the chance to reinvent how we approach the future of mobility. This isn’t a time to sit back and wait for all the answers before moving forward. It’s a time to be bold. It’s a time for moonshots.