ameri resources

Need an office in metro Detroit, Alabama or Toronto? Office suites, meeting rooms, virtual offices, network access

free downloads
NORTH AMERICA: "Autos: North America Build Still Seen Above Expectations in Q2 2017" report

NORTH AMERICA: "Autos: North America Build Still Seen Above Expectations in Q2 2017" report. 8-page report by BAIRD.

proceed to download

back to index backAMERItalk March,  2017

The Top Six Takeaways from Auto-ISAC's and NHTSA’s Cybersecurity Best Practices

As cars continue to rely more and more on systems that closely resemble those that run mobile phones and personal computers, it’s no surprise that the original equipment manufacturers (OEMs) and suppliers of car parts need to make major adjustments.

While meeting these evolving demands on the production end, OEMs and suppliers also need to carefully navigate the new legal and compliance landmines that come with the shifting emphasis on cybersecurity.

The modern-day car is less a computer on wheels and more a network of several computers on wheels. The individual computers control everything from the car’s stereo system to its breaking, and even ignition systems.

Our cars are collecting more and more information about our daily lives and personal interactions. It’s estimated that by 2020, some 250 million connected cars will be using over 200 sensors each to collect this information. As a result, the importance of privacy and security of connected cars has become a top priority for carmakers and suppliers alike.

The reality is that absolute security can never be guaranteed in complex systems such as telematics and infotainment systems in cars. Automakers and suppliers involved in developing these systems need to stay constantly vigilant in order to keep cars safe from cyberattacks. With that in mind, we’ve compiled the top 6 takeaways from the National Highway Transportation Safety Administration’s recent Cybersecurity Best Practices for Modern Vehicles and the Auto Information Sharing and Analysis Center’s Automotive Cybersecurity Best Practices.

1. Practice security by design.”

This is a concept recently espoused by federal regulators, namely, the NHTSA and the Federal Trade Commission, as well as industry self-regulatory organizations. With security by design, a company addresses data security controls day 1,” while products, components, and devices are still on the drawing board. Data security practices evolve over time, and the days of building it first and then layering security on top are now over. Security by designs should include the following during the design and development phases:

• Risk assessments
• Security design reviews
• Addressing potential threats and attack targets
• Product testing
• Secure computing, software development, and networking practices

2. Practice privacy by design.”

Privacy focuses on the right and desire of individuals to keep information about themselves confidential. During the design process, companies should understand and identify:

• What personal information will be collected by a component or device;
• What notice should be provided to or consent obtained from consumers before collecting that personal information;
• How the personal information should be used
• Are those intended uses legal
• With whom will the personal information be shared
• Is that sharing appropriate and legal.

With this information identified, the company can reconcile privacy requirements with security safeguards during the design and development process.

3. Establish an appropriate data security governance model.

Regulators, courts, and juries are demanding that executives senior management become involved in and accountable for data security. While the precise governance model will depend on the organization, companies should actively consider what level of executive oversight is appropriate, and then document those conclusions in a data security governance policy. This will help by both enhancing the data security of vehicles and component parts, and also bolstering the company’s defenses in the event of a security incident or investigation.

4. Address the entire supply chain.

Whether it is the finished vehicle or a component part, most companies relevant to the data security ecosystem will rely on suppliers that play a role in data security. Hardware, software, development tools, assembly, integration, and testing may all be provided by one or more suppliers. Companies impacted by this scenario should conduct appropriate due diligence and risk assessments with respect to its suppliers at the beginning and throughout the relationship. Contractual provisions should also be utilized to address data security requirements for the relevant suppliers.

5. Incident response and recovery.

Companies should develop and implement a security incident response plan. These plans identify what the organization should do if it or its products are the victim of a data security incident — a potential or actual breach of security impacting the confidentiality, integrity, or availability of data. The plan should address not only the company’s own networks, but also its products, if any of them impact the confidentiality or security of data. An incident response team should be in place to coordinate an enterprise-wide response to a cybersecurity incident. The plan should be periodically tested through incident simulations in order to promote response team preparedness.

6. Education and awareness.

An educated workforce is crucial to improving the cybersecurity posture of motor vehicles. Cybersecurity educational activities should not be limited to the current workforce or technical individuals, but should also enrich the future workforce and non-technical individuals.

Source: FOLEY - GAI

previous page

go top
search our site



Other articles from the same issue (March,  2017).

Autos: US Sales Solid in February; Demand Drivers Firmly in Place
play read on

WardsAuto: VW Reveals New Product, Sales Strategies for U.S.
play read on

NAFTA unlikely to hurt Mexico car production, says Renault-Nissan CEO
play read on

The Top Six Takeaways from Auto-ISAC's and NHTSA’s Cybersecurity Best Practices
play read on

Automotive industry insights from the suppliers’ perspective
play read on

NAFTA 2.0: Keeping Calm and Driving on for Canadian Auto Industry
play read on

Ontario Promotes Auto Parts Competitiveness
play read on

How Manufacturers Can Get Faster, More Flexible, and Cheaper
play read on

Are You and Your Supply Chain Ready for Import Tariffs?
play read on

State of the American Workplace
play read on

Real Estate Solutions Needed for Tech-Driven Auto Industry
play read on

3 Ways a New Customs Agreement Makes it Easier to Meet Global Demand
play read on

Your Guide to Claiming the R&D Tax Credit
play read on

What CFOs Need to Know About Corporate Tax Planning
play read on

Employers Invest Heavily When Hiring Foreign Talent
play read on

Commentary: What now? U.S. trade without TPP
play read on

U.S. Will Reclaim Global Supply Chain, Trump Trade Aide Says
play read on

Supreme Court Reins in International Supplier Liability under U.S. Patent Law
play read on

International Location Report: Expectations for a Steady Canadian Economy in 2017
play read on

Will US Workers Have Right Skills for Jobs of the Future?
play read on

When America Was Most Innovative, and Why
play read on

ISM: Strong Demand For U.S. Manufactured Goods Continues
play read on

Closing the skills gap: Creating workforce-development programs that work for everyone
play read on

U.S. Pass-through Entities - Tax Reform Changes?
play read on

Canada’s Free Trade Agreements Strategy
play read on

Canadian Tax Adviser
play read on

Canadian economy to grow by 2 per cent in 2017, RBC forecasts
play read on

U.S. Cutting Tool 2017 Consumption up 8.7% in January
play read on

Manufacturing Technology Orders Dropped in January
play read on

Our Free eJournals

To visit GlobalAutoExperts Directory, click here.

©2008 | HCI Group, Ltd.
101 West Big Beaver Road, Suite 1400 | Troy, MI 48084 USA
USA Tel: +1.248.687.1060 | USA Fax: +1.248.927.0347
Fax UK: +44.(0)845.127.4765 | Fax Europe: +31.20.524.1659 | Fax Asia: +852.3015.8120