The automobile industry’s new intelligence sharing and analysis center (ISAC) will let automakers exchange threat information to better secure vehicles.
The announcement comes amidst growing concerns over vehicular safety. Self-driving cars aren’t the only targets, as all the automation systems and controls in passenger cars are increasingly networked. More than 60 percent of all new vehicles by 2016 are expected to have the ability to connect to the Internet. The new ISAC would help members address security weaknesses and vulnerabilities that could result in sabotage or other types of damage. There haven’t been any publicized attacks against automobiles as of yet, but the possibility exists.
As security researchers Charlie Miller and Chris Valasek have shown in recent years, it is possible to exploit issues in the vehicle’s network to take control of the vehicle, such as disabling the brakes or taking control of speed away from the driver.
“Hey Auto ISAC people. I’m here if you want to reach out. People who do real actual car hacking can and will help,” Chris Valasek, director of vehicle security research at IOActive wrote on Twitter.
Many automakers are investing in secure development and other security initiatives. There are several hackathons and consortiums bringing visibility into the problem. In fact, the Auto ISAC was announced at the 2015 SAE Battelle CyberAuto Challenge in Detroit. The group I am the Cavalry has been working with automakers to help raise awareness about security issues affecting automobiles. Craig Smith, a reverse engineer with Open Garages and a member of The Cavalry, gave RSA Conference 2015 attendees in San Francisco hands-on experience with automative computers by controlling a SuperTuxKart in The Sandbox.
The new ISAC includes some of the biggest automakers in the world. BMW Group, Fiat Chrysler, Ford, General Motors, Mazda, and Toyota, will participate in the ISAC as members of the Alliance of Automobile Manufacturers. Honda, Nissan, Subaru, and others will participate as members of the Association of Global Automakers. The ISAC initially will not include suppliers, although plans are underway to eventually to extend membership to suppliers, telecommunications firms, and other technology providers.
The ISAC will act as a central hub for information and analysis and provide timely sharing of cyber-threat information and potential vulnerabilities in motor vehicle electronics or associated in-vehicle networks. Members will have access to information about vulnerabilities and actual attacks. The ISAC will begin operations later this year, said Robert Strassburger, vice-president of vehicle safety at the Alliance of Automobile Manufacturers. Booz Allen Hamilton helped set up the ISAC.
The automobile industry is just the latest sector to form an ISAC. FS-ISAC, consisting of financial services organizations, is perhaps one of the better known ones. Shortly after the crippling malware attacks against major stores and consumer brands last year, the retail industry formed the R-CISC, the Retail Cyber Intelligence Sharing Center.
“As automakers prepare for an increasing interconnected future, we have the opportunity to anticipate and prepare for the complexities and challenges that the future may bring,” Strassburger said.