Booz Allen may not be a name that immediately comes to mind when thinking about automotive cybersecurity, but it should as the company has a practice that looks specifically at security. A team of automotive and cybersecurity experts work with automotive original equipment manufacturers to conduct organizational assessments identifying the risks and opportunities for vehicle cybersecurity, as well as at technical vulnerabilities associated with the connected car.
During the course of an 18-month review, Booz Allen looked at the back office of IT infrastructure at automotive OEMs and in-vehicle connected car security. The concerns go beyond those topics though. The connected car can provide a great deal of data for analysis and this is very powerful to OEMs for their future planning. This data is also susceptible to privacy issues that need to be appropriately addressed in order to keep all the information that is collected from vehicles secure. The entire supply chain is also a concern – as information is shared across suppliers there is more opportunity for malicious access to data and the vehicle. The importance of the supply chain considerations should not be underestimated as this is a threat that can impact all automotive OEMs.
Historically, within the OEMs many different departments touched different aspects of cybersecurity. Unfortunately, those with malicious intent don’t align with this organizational structure and simply attack the vehicle, company or supply chain as a whole. As a result, OEMs are implementing organization structures to centralize responsibility related to cybersecurity.
In July, the Alliance of Automobile Manufactures announced the creation of the Automotive Information Sharing and Analysis Center. Booz Allen was instrumental in setting up the ISAC, along with the 11 automotive OEM members – BMW, FCA, Ford, GM, Jaguar/LandRover, Mazda, Mercedes-Benz, Mitsubishi Motors, Toyota, Volkswagen and Volvo. This is a nonprofit organization currently being formalized, and is expected to have a more detailed structure announced within the next 90 days.
The members are set to have the ability to anonymously share data with the other OEMs in order to identify cross-industry and supply chain risks. The use of data analytics to identify specific vulnerabilities and opportunities to address them is a key foundation of the organization. OEMs coming together to share data is a big step forward as the automotive industry is not normally associated with open sharing across the vehicle brands. Learn more about the organization.
Like what you read? Follow me on Twitter!
Claudia Bacco, Managing Director – EMEA for RCR Wireless News, has spent her entire career in telecom, IT and security. Having experience as an operator, software and hardware vendor and as a well-known industry analyst, she has many opinions on the market. She’ll be sharing those opinions along with ongoing trend analysis for RCR Wireless News.
