The Auto-ISAC has signed a cooperative research and development agreement (CRADA) with the U.S. Department of Homeland Security (DHS) to collaborate and improve vehicle cyber-threat information sharing and analysis.
Private-sector companies sign a CRADA with DHS to participate in the Cyber Information Sharing and Collaboration Program (CISCP), the department’s flagship program for public-private multi-directional cybersecurity information sharing and analytic collaboration about cyber threats, incidents and vulnerabilities.
“This relationship with DHS provides our cybersecurity experts the opportunity to work with their counterparts in the federal government to increase information sharing and analysis,” said Jeff Massimila of General Motors, who also serves as the Auto-ISAC’s chair.
The agreement could facilitate access to DHS’s National Cybersecurity and Communication Integration Center (NCCIC), a security operations watch center. The agreement also provides ISAC personnel with eligibility for security clearances to view classified threat information.
“CISCP is a bi-directional information-sharing program providing increased value for our Auto-ISAC members,” said Faye Francy, Auto-ISAC executive director.
“As the automotive industry continues to prepare for an increasingly interconnected future, the ability to collaborate with DHS and other private-sector companies markedly increases our ability to detect and prevent vehicle cybersecurity threats,” said Francy.
The Auto-ISAC joins other Information Sharing and Analysis Centers (ISACs) and private-sector companies already working with DHS to tackle today’s cybersecurity challenges.
CISCP partners voluntarily submit indicators of observed cyber threats and information about cyber incidents and identified vulnerabilities, done in an anonymized, aggregated fashion. Data submitted to CISCP falls under the Protected Critical Infrastructure Information Program and are statutorily exempt from regulatory use or any disclosure under the Freedom of Information Act or state Sunshine Laws.
One key component of the agreement is the ability of representatives of the Auto-ISAC to sit side-by-side with government, other ISAC partners and companies to share and analyze information and block cyber threats before damaging compromises occur. CISCP analysts examine the submission in collaboration with both government and industry partners and produce accurate, relevant, timely and actionable analytical products. There are a number of valuable products available to the partners through the program to include: indicator bulletins, analysis report, priority alert and recommended practices. In addition, CISCP hosts analyst-to-analyst technical threat exchanges and analyst training events that allow for classified and unclassified briefings.
Vehicle cybersecurity is a critical foundation for the future of the connected vehicle. Through the establishment of Auto-ISAC, there is a central hub for members to share, track and analyze intelligence about potential cyber threats, vulnerabilities and incidents related in and around the connected vehicle.