Updating catalyst control center
Best Practices focus on processes for identifying, categorizing, prioritizing, and treating cybersecurity risks that could lead to safety and data security issues.Risk management processes can help automakers identify and protect critical assets, assist in the development of protective measures, and support operational risk decisions.While Members share a common commitment to vehicle cybersecurity, their electrical architectures, connected services, and organizational compositions vary.Accordingly, the Best Practices do not prescribe specific technical or organizational solutions.The Functions influence each other, and many Best Practices have applicability across Functions and vehicle lifecycle phases.Auto-ISAC is developing supplemental Best Practice Guides to provide Members and appropriate industry stakeholders additional information and implementation guidance for each of the seven functional areas: Effective governance aligns a vehicle cybersecurity program with an organization’s broader mission and objectives.Auto-ISAC will update the Best Practices over time to address emerging cybersecurity areas and reflect the constantly evolving cyber landscape. The Best Practices adhere to a risk-based approach to help automakers and industry stakeholders manage and mitigate vehicle cybersecurity risk.
The Best Practices emphasize risk management, including the identification of risks and implementation of reasonable risk-reduction measures.
This document is an Executive Summary of the Best Practices content. light-duty, on-road vehicles but are applicable to other automotive markets, including heavy-duty and commercial vehicles, and broader connected vehicle ecosystem stakeholders.
The Best Practices focus on product cybersecurity within the motor vehicle ecosystem and across the vehicle lifecycle. The Best Practices content intentionally leaves room for flexibility to allow for individualized implementation and to support international application by global organizations.
Best Practices for Governance and Accountability include: Governance and Accountability Best Practices leverage guidelines included in ISO/IEC 27001—Information Security Management and other cybersecurity management references.
Risk assessment and management strategies mitigate the potential impact of cybersecurity vulnerabilities.