Cyber Security is Officially on the Automotive Agenda

Home > Insight > News > Cyber Security is Officially on the Automotive Agenda >

24th August 2016

The Automotive Information Sharing and Analysis Centre (Auto-ISAC) has published its first ever best practice guide, to ‘collectively address cyber threats that could present unreasonable safety or security risks.’

Cyber security in car IT, Auto-ISAC, auto industry supply chain and logisticsAuto-ISAC has followed the precedent set by other ISACs and developed a set of Best Practices aimed at securing the motor vehicle ecosystem.

The publication of these Best Practices Follows the January 2016 release of The Proactive Safety Principles, in which Auto-ISAC demonstrated the automotive industry’s dedication to collaboratively enhancing the safety of the travelling public.

The Best Practices expand these principles into workable organisational and technical methods of vehicle security across seven key functions: governance, risk management, security by design, threat detection, incident response, training and collaboration with appropriate third parties.


The growing problem of cyber security

The executive summary accompanying the Best Practices states: “As vehicles become increasingly connected and autonomous, the security and integrity of automotive systems is a top priority for the automotive industry.”

This acknowledges that, as with any computer, the sophisticated systems on which cars increasingly rely for superior performance and reliability also increase their vulnerability to cyber attack.

The Auto-ISAC Best Practices focus on product cyber security within the vehicle ecosystem to directly address this problem. By adhering to a risk-based approach, car manufacturers and industry stakeholders can manage and mitigate the cyber security threats to vehicles.

This approach allows all related organisations to tailor the Best Practice implementation to suit their systems, services and organisational structures. It also works regardless of company size, vehicle technology and cyber security maturity level.


Best Practices; not assessment or compliance framework

The Best Practices incorporate concepts from several other established standards and frameworks created by the International Organisation for Standardization (ISO), National Institute of Standards and Technology (NIST), SAE International and others.

However, they do not constitute a formal assessment, compliance framework or mandate prescriptive requirements. Instead, each organisation must determine how to apply the Best Practices internally to suit their own needs and the needs of their customers.

Many of the Best Practices do build on established ideas within the recognised standards or are adapted to address the unique elements of the motor vehicle ecosystem. In addition, the scope of these practices reflects others that address information technology, supply chains and manufacturing security.


Contact a Sovereign Auto industry expert for free cyber security advice:





If you would like to find out more about Sovereign please get in touch.

You may also like

14th June 2018

Sovereign - delivering IT services & support

Technology is continually advancing and transforming the way you work. Businesses need IT to react quickly to change and help drive opportunity. Sovereign can help make it happen.