Exploits & Vulnerabilities
CISA Releases Automotive Cybersecurity Guide
The guide helps Transportation System Sector partners understand the cyber-physical risks related to AVs and discusses mitigation strategies they can implement.
US’s Cybersecurity and Infrastructure Security Agency (CISA) recently published the Autonomous Vehicle Security Guide, providing Transportation System Sector partners a comprehensive framework to understand cyber-physical threats related to autonomous ground vehicles (AGVs).
The guide contains an exhaustive explanation of how enterprises can identity AV risks based on the attack vectors, target, consequences, and outcomes related to a specific attack. It also lays out a baseline for conceptualizing attack sequences and predicting the attack’s effects.
CISA also identified various strategies that stakeholders can use to mitigate cyber risks. Some of the recommendations include:
- Reporting cyber-physical threats and vulnerabilities;
- Ensuring physical access points to networks and systems are secure;
- Adopting and implementing system security guidance, best practices, and design principles;
- Developing and implementing an insider threat mitigation program;
- Avoiding connecting non-manufacturer, unsecured, or unknown devices to vehicle systems; and
- Ensure personnel understand advanced driver-assistance systems (ADAS)
“Securing AVs, like any other CPS, requires a multi-layered approach that evaluates threats to the enterprise, such as compromised proprietary data or operational disruptions, and to assets, such as an AV itself. Organizational resilience will increasingly rely on a converged approach to physical security and cybersecurity,” the agency explained.
It is vital for enterprises to also prioritize communication, coordination, and collaboration across the supply chain to improve their organization operations and create more optimized strategies to minimize cyber risks.
As the automotive industry continues to evolve and introduce more advanced technologies, ground vehicles are becoming a bigger part of our connected systems, changing the way we live. These ground-breaking automobiles offer numerous benefits, but they also come with potential risks to enterprises, people, and assets.
Apart from a working knowledge of various risk mitigation strategies to protect autonomous vehicles, organizations must understand the threat vectors they need to secure to protect their operations, autonomous vehicles, and consumers.
To learn more about how enterprises can enhance and future-proof their vehicles and ecosystem, read Identifying Cybersecurity Focus Areas in Connected Cars Based on WP.29 UN R155 Attack Vectors and Beyond. This comprehensive research gives an extensive look into existing connected car ecosystems. It also offers recommended guidelines and approaches to better protect the vehicles of the future.