The Auto-ISAC is an information sharing and analysis centre established by automakers in 2015 to address vehicle cybersecurity risks. The focus of the Auto-ISAC is to foster collaboration to ensure a safe, efficient, secure and resilient global connected vehicle ecosystem. Membership includes light- and heavy-duty vehicles, suppliers and the commercial vehicle sector (such as carriers and fleets), with Auto-ISAC active in seven countries across North America, Europe and Asia - the largest connected car markets in the world. ISACs, or Information Sharing and Analysis Centres, were created by a US Presidential Directive that requested the public and private sectors to create a partnership to share information about threats. Today, there are 24 ISACs. Auto-ISAC is a member of the National Council of ISACs (NCI), which is a coordinating body designed to maximise information flow across the private sectors.
Auto-ISAC is aimed at a range of companies in the global automotive industry, including OEMs and suppliers. By bringing together market leaders, the centre creates a confidential community where industry leaders and cybersecurity experts come together to collaborate towards a smarter and safer future. It is more important than ever before that we share things such as autonomous information and real-time cybersecurity intelligence, whilst raising awareness of the high-risk cyber threats.
I speak to Faye Francy, the organisation's first Executive Director and an expert in the field of cybersecurity, who is responsible for overseeing Auto-ISAC’s day-to-day operations. I ask her whether we have seen the end of the traditional automotive era, to which she replies: “Our digital age has changed most of what and how we do business today. Each company must address how that impacts their products and services and automotive is certainly one of those industries with major change afoot. Cybersecurity is a focus for the automotive industry and it complements traditional topics such as vehicle safety, quality, compliance and reliability, known and done well by the automakers.” It is evident that, as we progress into this connected era, we must prepare for the challenges that lie ahead as we are already starting to see cyber attacks on first generation connected vehicles. “The industry continues to prepare for an increasingly interconnected future, anticipating and acting to address the complexities and challenges that it may bring,” adds Francy. “This connectivity introduces cyber risk and one mechanism to address that business risk is the Auto ISAC.”
Although they may now be aware of emerging trends and innovations, established automakers have struggled to approach the connected market in the same way as software specialists. As well as being unable to adapt and evolve as quickly as companies with advanced software experience, automakers are at threat of cyber attacks, which will prey on the lack of security and experience within the business. Francy explains that “flexibility in cybersecurity is vital for any industry to thrive and grow. The automobile industry, while facing unprecedented changes, is working to address the challenges that cyber threats present. This is reflected in the industry's action to proactively come together to establish the Auto ISAC and build the best practices.”
It is vital that the automotive industry finds a way to tackle and prevent cyber attacks from getting in the way of connected vehicle development, as the car has become a ‘mobile on wheels’, which sources data from in and around the vehicle to communicate with the ecosystem and create a third living space for drivers and passengers inside. If automakers do not take the correct precautions, consumers will be at great physical risk if there is a glitch or hack within the vehicle. There has already been a number of examples of cyber attacks on a range of systems within the car: from infotainment systems to vehicle control systems and this will only continue to worsen if nothing is done.
Francy believes that automakers are now becoming committed to strong cybersecurity protections in the global connected vehicle ecosystem. “Because connectivity introduces cyber risk, automakers have addressed this issue,” she says, “including implementing security features in every stage of the design and manufacturing process, collaborating with public and private groups to share solutions, and participating in multiple cyber forums on emerging issues. As a result, vehicle cybersecurity is a critical foundation for the future of the connected vehicle.” Through the establishment of Auto-ISAC, there is finally a central hub for members to share, track and analyse intelligence about potential cyber threats, vulnerabilities and incidents related in and around the connected vehicle.
As the industry aims towards a new era of connectivity, it is important that everyone in it works together to achieve a safe environment in which to operate, for both businesses and customers. Yes, the future of connected vehicles is exciting, through great unconstrained possibilities that will transport our lives, but safety must always come first. “The unique ability of the Auto ISAC to effectively provide threat intelligence to help protect the connected vehicle has become an operational requirement for the global automotive industry. All of those involved in connected vehicles manufacturing - light- and heavy-duty vehicles their suppliers and commercial vehicle companies - are committed to strong cyber security protections,” adds Francy.
Although competition is healthy in any kind of market, there must be precautions in place within the software and automotive industries that ensure safety. Through a body such as Auto-ISAC, there can be healthy competition in the connected market with the combined understanding that businesses cannot get carried away without focusing on cybersecurity. “The Auto-ISAC’s focus and dedication to continue to share global threat intelligence to better protect the connected vehicle and their customers is vital,” echoes Francy. “One company’s detection of a potential attack may mean another company’s prevention of a security breach. Auto ISAC members agree not to compete on cybersecurity, but rather to develop best practices and collaborate and coordinate on global cybersecurity issues.”
Until recently, the automotive industry had failed to get the best out of the IT that has been available. Thanks to this significant shift through utilising the influx of technology into the sector, we are seeing software spread across multiple layers of the industry from the warehouse to autonomous software. Francy explains to me that the automotive industry is now leveraging the best of IT across the spectrum: “IT is omnipresent in the design, manufacturing and operations of connected vehicles today,” she says. “Each manufacturer's engineers, IT, operations and suppliers work to deploy the most effective software and hardware to complement the connected vehicle, ensuring consumer needs are met and providing strong cybersecurity protections.” But above all, standardisation and harmonisation is one of the main factors in the development of automotive technology. Without this, we will fail as a collective to reach the industry's expectations in a safe and sustainable manner. “Standards enhance the quality, reliability and interoperability of technology, and in the case of cyber, help industry to address global issues,” Francy concludes. “Cybersecurity knows no geopolitical boundaries; hence standardisation and harmonisation is an imperative.”