The Information Sharing and Analysis Council for the motor vehicle industry published a set of cybersecurity best practices Thursday.
The Auto-ISAC guidance recommends a fairly standard set of precautions — baking in security at the earliest stages of software development; standardized risk management procedures; proactive network defenses; and incident response planning, among others.
“It’s a high-level document,” said Jon Allen, a principal at Booz Allen Hamilton and acting executive director of the Auto-ISAC.
He said there would be more detailed “playbooks,” bearing down on individual areas such as risk management. “This is what the industry needs to focus on as it prepares the playbooks,” he said.
He said the best practices “will be updated as the threats evolve.”
“This isn’t a ‘check the box’ exercise,” he said, “It’s not about compliance.”
The aim is to develop “a culture of cybersecurity” in the member companies. “You can’t engineer your way out of this,” he said. “Every time you improve your security, the adversary adapts. The only solution was a culture where security was ‘baked’ into everything.”