GuardKnox Blogs

Automotive Cybersecurity Market - What are the Legislators doing?

Written by Jillian Goldberg | September 19, 2017

Cybersecurity has recently become a more significant issue. From the recent WannaCry ransomware attack, to the many instances of identity theft constantly surfacing in the news, it is obvious that we cannot afford to be reactive when it comes to cybersecurity. It is especially essential that we be proactive about this in regards to automotive cybersecurity.

The threats of such cyber attacks can be deadly. When one considers the fact that the vehicle is the smallest unit in which our entire family is gathered, this issue takes on entirely new importance. In the past few years, cybersecurity experts have warned auto makers about vehicle vulnerabilities which have shown how relatively easy it is to tamper with safety-related vehicle systems. Automakers, suppliers, legislators and other key stakeholders have recently taken essential steps to proactively address this very real threat.

To learn more about how we see the “bigger picture” of the current threats, read our detailed industry report on automotive cybersecurity threats here. But simply speaking, it is clear that the more “connected” the vehicles become, the more vulnerable they become. As vehicles gradually gain more “autonomous” functionalities, they will become more reliant on “connectivity” and therefore increase their potential to cyber threat exposure.

One of the primary functions (most important responsibilities) of a government is to keep its citizens safe – and in the U.S., dozens of agencies and offices exist which are dedicated to this goal. Additionally, the government has recently started to make some huge strides in the field of automotive cybersecurity and safety.

A Lot has been Done in the Automotive Cyber Security US Market!

NHTSA published “Cybersecurity Best Practices for Modern Vehicles” in October of 2016. This is an excellent start to the conversation around cybersecurity and regulations.

The House of Representatives Bill 701, which was introduced in January 2017, directs the National Highway Traffic Safety Administration, or NHTSA, to start studying vehicle cybersecurity; the bill is also called the “Security and Privacy in Your Car Study Act of 2017” or the “SPY Car Study Act of 2017.”

Just last week, the House unanimously passed the SELF DRIVE Act, sending a signal that lawmakers on both sides are ready to tackle the issues surrounding autonomous vehicles head-on.

Also, the US Department of Transportation, in cooperation with NHTSA, released new guidance just last week regarding autonomous driving entitled, “Automated Driving Systems (ADS): A Vision for Safety 2.0.

There has been a lot of other amazing activities happening around this issue; from the creation of the Auto ISAC, bringing industry leaders, including OEM’s, Tier 1 Suppliers, and more together to approach the issue, to the passing of new legislation. GuardKnox is committed to being a part of these advances in automotive cybersecurity.

Recent Initiatives to Regulate Auto Cybersecurity Outside the US

Governments around the world are starting to take notice and put in place actionable rules for vehicle cybersecurity.

One such sign is a study from the European Union Agency for Network and Information Security, or ENISA, that starts to identify best practices for automotive cybersecurity. Officials agree that this study will help promote safety for drivers and passengers. The study “lists sensitive assets … and corresponding threats” is a risk assessment that starts to lay the groundwork for protecting cars and other vehicles from digital attacks. The ENISA study approaches this from three distinct categories: Policy and standards, Organizational measures, and Security functions.

Just across the pond, the UK government is also working on standards, with a brand new release in August titled “The Key Principles of Vehicle Cybersecurity for Connected and Automated Vehicles” that includes “awareness and training” as a goal, as well as a “culture of security” that is meant to promote better outcomes and spur vigilance on applying cybersecurity to the automotive sector.

Automotive Cyber Security Innovation is Moving Fast and Legislation wants to Keep Up

A group called Consumer Watchdog has been at the forefront of the push to create more standards for smart vehicles, and Director John Simpson has been routinely releasing statements on the issue. We are the Calvary is another organization that is focused on issues where computer security intersects public safety and human life. They have published an important article about the 5 key elements that the automotive industry should comply with in order to keep the public safe.

Many of these advocates meet at regional events to plan strategy and talk about the future of the automotive cyber security market. Over the summer, Blackhat USA in Las Vegas and the J P Morgan Auto Conference in New York City offered opportunities to evaluate the world of connected vehicles; events like Washington D.C. CyberWeek and a Sixth Automotive Cybersecurity Summit in Silicon Valley are planned for the fall.

 

GuardKnox at D.C. Cyberweek Event

We, at GuardKnox, are going to be at the D.C. CyberWeek event, to host a roundtable discussion on automotive cyber security. The event will allow experts from all relevant disciplines to collaborate on figuring out the best way forward and to capitalize on the advances currently taking place. 

Sign up here to receive the documentation from our round table event. 

If you plan on being in Washington D.C. during DC CyberWeek, please let us know. For more information on the day’s speakers and to learn more, please visit splashthat.autocyber.com. We look forward to learning how we can work together to plan for a safer and more connected future of transportation.

If you won’t be able to attend the DC CyberWeek event, click here to register to receive our Summary Report of key takeaways discussed at the round table.

To Get our Industry Report on Automotive Cybersecurity Threats, click here.