As motor vehicles become increasingly connected and interconnected to the broader transportation ecosystem, the auto industry is focused on developing security solutions across the entire vehicle lifecycle - from the first stages of design and production to long after the vehicle is sold. As cars and other forms of transportation increasingly rely on sophisticated hardware and software, digital architectures and connectivity to help with everything from safety to navigation, cybersecurity is among the industry’s top priorities. This is a constantly evolving field and the auto industry is working continuously to adapt, evolve and enhance vehicle security features in accordance with best practices.

One of the first initiatives of the Automotive Information Sharing and Analysis Center (Auto-ISAC) following its launch in 2015 was to bring together the best minds in automotive cybersecurity to develop Best Practices for this sector.

The Automotive Cybersecurity Best Practices cover organizational and technical aspects of vehicle cybersecurity in the seven function areas below. Find out more about best practices .

Auto-ISAC Collaboration starts with the auto sector. In 2015, automakers worked with government stakeholders to proactively launch the Automotive Information Sharing and Analysis Center (Auto-ISAC). Comprised of global automakers, suppliers, and commercial vehicles, the Auto-ISAC provides a forum to share information, as well as partner with vendors, associations, researchers, government and academia to build relationships beyond the membership. This broad reach and stakeholder community contributed to the development of the industry Best Practices and provides a diverse set of partners to drive continuous improvement across the sector. Through the National Council of ISACs, the Auto-ISAC coordinates with many of the other 20 ISACs for sectors like surface transportation, communications and information technology.

Government Automakers work closely with the Department of Homeland Security (DHS) through the Cybersecurity and Infrastructure Security Agency (CISA) to help the industry identify current risks while working collaboratively to develop the tools and capabilities necessary to secure future technologies. Within the Department of Transportation, automakers coordinate with the National Highway Traffic Safety Administration (NHTSA), charged with automotive safety including cybersecurity. In DOT’s Intelligent Transportation Systems Office, automakers are working on cybersecurity and connected vehicles. The auto industry also works with partners at the Department of Commerce, including the National Institute of Standards and Technology (NIST) on a cybersecurity framework, as well as the National Telecommunications and Information Administration (NTIA) on their Multi-stakeholder Collaboration engagements. For example, automakers work with NTIA on Vulnerability Research Disclosure, which aims to improve coordination between industry cybersecurity stakeholders and the valuable work being done by security researchers.

Standards Organizations Experts at the world’s largest automotive standards bodies – the International Organization for Standardization (ISO) and the Society of Automotive Engineers (SAE) – have joined forces to develop a unified international standard for automotive cybersecurity. This first of its kind, joint- international standard will provide all global automotive stakeholders a baseline of risk management and security practices to management vehicle security from concept to decommissioning. This important effort builds on prior work by both organizations. For example, SAE developed the Cybersecurity Guidebook for Cyber-Physical Vehicle Systems and formed a Vehicle Electrical System Security Committee to help ensure electronic control system safety. SAE also updated the OBD standard to harden vehicles against potentially compromised external devices or connections to the OBD II connector.