Auto-ISAC signs cybersecurity agreement with DHS
The Auto-ISAC has signed a Cooperative Research and Development Agreement (CRADA) with the U.S. Department of Homeland Security (DHS) to collaborate and improve vehicle cyber-threat information sharing and analysis.
Private sector companies sign a CRADA with DHS to participate in the Cyber Information Sharing and Collaboration Program (CISCP), the department's flagship program for public-private multi-directional cybersecurity information sharing and analytic collaboration about cyber threats, incidents, and vulnerabilities.
"This relationship with DHS provides our cybersecurity experts the opportunity to work with their counterparts in the federal government to increase information sharing and analysis," said Jeff Massimila of General Motors, who also serves as the Auto-ISAC's Chair.
The agreement could facilitate access to DHS' National Cybersecurity and Communication Integration Center (NCCIC), a security operations watch center. The agreement also provides ISAC personnel with eligibility for security clearances to view classified threat information.
"CISCP is a bi-directional information sharing program providing increased value for our Auto-ISAC members," said Faye Francy, Auto-ISAC Executive Director.
"As the automotive industry continues to prepare for an increasingly interconnected future, the ability to collaborate with DHS and other private sector companies markedly increases our ability to detect and prevent vehicle cybersecurity threats," continued Francy.
The Auto-ISAC joins other Information Sharing and Analysis Centers (ISACs) and private sector companies already working with DHS to tackle today's cybersecurity challenges.
CISCP partners voluntarily submit indicators of observed cyber threats and information about cyber incidents and identified vulnerabilities, done in an anonymized, aggregated fashion. Data submitted to CISCP falls under the Protected Critical Infrastructure Information Program and are statutorily exempt from regulatory use or any disclosure under the Freedom of Information Act or state Sunshine Laws.
Auto-ISAC was established in 2015, when Global Automakers, the Alliance of Automobile Manufacturers, and 15 automakers joined forces to establish a global community to foster collaboration in order to create a safe, efficient, secure, and resilient connected vehicle ecosystem. Auto-ISAC shares and analyzes timely and actionable intelligence about emerging cybersecurity risks to the vehicle. It also works to develop and mature vehicle cybersecurity capabilities across the industry through initiatives like its Best Practices and information exchanges.
Membership is open to light- and heavy-duty vehicle OEMs and suppliers, and commercial vehicle sector entities such as fleets and carriers. Partnerships are open to security solutions providers, industry associations, research consortia, government agencies, and academia.