Advancing Cybersecurity for the Connected Vehicle Industry

Washington, DC – February  11, 2025 – The Automotive Information Sharing and Analysis Center (Auto-ISAC) today announced the public release of its groundbreaking Auto-ISAC Software Bill of Materials (SBOM) Informational Report with effective practices to enhance the software security of automotive vehicles, products, and technology. The report can be obtained through the Auto-ISAC’s public website at www.automotiveisac.com.

A Software Bill of Materials (SBOM) is a structured, hierarchical list of software libraries and other components that make up a software product. The Auto-ISAC SBOM Informational Report details key insights and guidance specifically tailored for the automotive industry to enhance transparency and knowledge of software products, while helping different parts of an organization collaborate more effectively through sharing the same understanding of software products.

“Software touches every part of our lives today, including in vehicles. One basic requirement for ensuring cybersecurity is to thoroughly understand the way a software application works. An accurate and detailed software inventory is the foundation for many cybersecurity functions,” said Faye Francy, Executive Director, Auto-ISAC. “This report is the result of years of collaboration between 54 Auto-ISAC automakers and suppliers, supplemented by extensive feedback from numerous member companies.”

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) is one of the most visible and active promoters of the SBOM, which is a cybersecurity concept in the early stages of adoption worldwide.

The automotive industry is rapidly advancing the SBOM as a cybersecurity practice. Increasingly, SBOMs are viewed as critical to managing risk in a complex and software-driven supply chain. Automotive companies view SBOMs as an important aid in vulnerability management for development teams and other supply chain participants. With a shared understanding of which components are included, potential risks arising from vulnerabilities can be more quickly identified, analyzed, and treated by software designers and cybersecurity teams.

To move forward, the Auto-ISAC formed its Software Bill of Materials Work Group (SBOM WG) to support the auto industry’s operations in SBOM implementation. The work group of industry software experts performed multiple workshops and exercises to facilitate hands-on SBOM development and testing activities. In 2022, after identifying specific industry needs, the work group created a document for its members focusing on formats and requirements. Armed with this knowledge, the SBOM WG subsequently further assessed automotive operations and produced the public report issued today.

SBOMs, while extraordinarily complex, are a powerful tool for timely awareness and diagnosis in vulnerability management. Extensions of SBOMs in the future, including machine-readable alerts and automation as well as more advanced automated communications such as Vulnerability Exploitability eXchange (VEX), have great promise for faster and less labor-intensive vulnerability management.

One major overarching concern of the auto industry is the safety of the public including drivers, passengers, other road users, and pedestrians. As a result, the auto industry historically has been a leader in safety innovation. Cybersecurity has been recognized as a critical contributor to safety, and that importance is reflected in this newest automotive SBOM report.

About Auto-ISAC

The Auto-ISAC was formed by automakers in 2015 to establish a global information-sharing community to address vehicle cybersecurity and operate as a central hub for sharing, tracking, and analyzing intelligence about emerging cybersecurity risks. Auto-ISAC members represent more than 99 percent of light-duty vehicles on the road in North America. Members also include heavy-duty vehicles, commercial fleets, carriers, and suppliers. For more information, please visit www.automotiveisac.com and follow us @autoisac.             

 #  #  #

Media Contact:

Michael Shokouhi

Auto-ISAC Business Operations and Communications

michaelshokouhi@automotiveisac.com

Advancing Cybersecurity for the Connected Vehicle Industry

 Washington, DC – January 22, 2025 – The Automotive Information Sharing and Analysis Center (Auto-ISAC) is pleased to announce the promotion of Josh Poster to Director of Intelligence & Analysis, effective January 1, 2025. This newly created role reflects Auto-ISAC’s ongoing commitment to strengthening the cybersecurity posture of the connected vehicle ecosystem.

With over two decades of experience in intelligence, Poster has developed expertise in the rapidly evolving fields of cyber threat intelligence, critical infrastructure protection, and operational resilience. For more than ten years, he has focused on leveraging intelligence to proactively safeguard the availability, integrity, and reliability of complex cyber systems and networks.

Faye Francy, Executive Director of Auto-ISAC, praised Poster’s contributions: “In our global cybersecurity network, the need to provide timely, actionable threat intelligence is paramount. Josh has been instrumental in enhancing our vigilance, and he is widely respected across the Auto-ISAC. His leadership and insight will continue to drive our mission forward.” Poster will report directly to Francy in his new role.

As a recognized ambassador for Auto-ISAC, Poster is highly regarded within the ISAC community. His service as an elected officer of the National Council of ISACs underscores his leadership and the respect he commands among peers.

Commenting on his new position, Poster said, “The Auto-ISAC plays a crucial role in providing cybersecurity intelligence to a community that is deeply committed to protecting the automotive sector. Our work involves continuously assessing the threat landscape, collecting intelligence from our global members and external sources, and sharing it within a secure and trusted environment. We remain vigilant and proactive, focused on emerging threats and trends.”

As Director of Intelligence & Analysis, Poster will oversee the organization’s information-sharing resources and manage the members-only Reporting Exchange and Discussion (RED) Platform. This secure platform enables Auto-ISAC members to share intelligence, vulnerabilities, and incident information to help strengthen the industry's collective cybersecurity posture. Poster will also lead efforts to aggregate data and identify emerging threats, ensuring that Auto-ISAC members are always prepared for evolving challenges.

Poster joined Auto-ISAC in 2018 as Program Operations Manager, where he expanded and supervised operational capabilities. In 2020, he transitioned to the role of Intelligence & Analysis Operations Manager, where he contributed significantly to the development of key reports and resources. Notably, he played a leading role in producing the annual Automotive Threat Report, which offers a comprehensive analysis of the global automotive cyber threat landscape, informed by Auto-ISAC’s Intelligence & Analysis staff and expert members from its Product Working Group and IT/OT Working Group.

Additionally, Poster was instrumental in the creation of the Automotive Threat Matrix (ATM), a cybersecurity knowledge base that catalogs adversary tactics and techniques based on real-world observations of automotive cyberattacks and peer-reviewed exploit research.

Before joining Auto-ISAC, Poster served as Operations Manager for the Surface and Public Transportation ISACs and worked as a Senior Analyst at Electronic Warfare Associates and Information & Infrastructure Technologies.

Poster holds a Bachelor’s degree in Anthropology from the University of North Carolina Greensboro and has earned various certifications in physical security, cybersecurity, continuity of operations, and exercise program development.

The Auto-ISAC is a global, member-driven community dedicated to advancing cybersecurity within the automotive industry. The organization serves as a central hub for sharing, tracking, and analyzing emerging cybersecurity risks affecting connected vehicles. Auto-ISAC’s members represent more than 99 percent of car and light-duty vehicle manufacturers in North America, as well as heavy-duty vehicles, commercial fleets, carriers, and suppliers.

 For more information, visit www.automotiveisac.com and follow us on Twitter at @autoisac.

 #  #  #

Media Contacts:

Michael Shokouhi

Auto-ISAC Business Operations and Communications

michaelshokouhi@automotiveisac.com

     Advancing Cybersecurity of the Connected Vehicle across the Industry    

Washington, DC – November  17, 2024 – The Automotive Information Sharing and Analysis Center (Auto-ISAC) announces that NCC Group and Zscaler, both leaders in cybersecurity solutions, are new strategic partners who will be engaging with the group’s automotive sector members.

“As pioneers in automotive cyber security, NCC Group is determined to continue playing a role in advancing security and safety in this rapidly evolving sector. Partnerships like this are so important to achieve our vision of creating a more secure digital future, and we are looking forward to supporting Auto-ISAC to help assure the resilience and continuity of the global automotive industry,” said Andy Davis, Global Research Practice Director, NCC Group.

NCC Group provides specialized cyber security services for the transport sector, including aerospace, automotive, rail, and maritime. NCC Group offers extensive automotive experience, insights, and services ranging from bespoke vehicle security testing and regulatory compliance expertise to helping manufacturers manage complex global supply chains and address diverse threats.

“Zscaler’s partner ecosystem includes a network of partners who offer solutions, services, software, and more to make secure digital transformation possible,” said Deepak Patel, Senior Director OT/IoT Security, Zscaler. “We are thrilled to partner with the Auto-ISAC and its members to deliver support on security matters.”      

Zscaler extends zero trust security into the automotive and transportation industry and helps accelerate digital transformation for both manufacturers and automakers. A zero-trust architecture helps simplify security and enables new business models for automotive leaders. 

“Third-party security organizations are important and valued contributors, and automakers have long engaged these providers to develop vehicle-specific security technologies and practices,” said Faye Francy, Executive Director of the Auto-ISAC. “Zscaler and NCC Group are leaders in cyber security solutions with powerful global capabilities, and as partners they can help us create an even more resilient digital future.”

Since 2015, the Auto-ISAC has operated as a global information-sharing community for vehicle cybersecurity, providing a central hub for sharing, tracking, and analyzing intelligence about emerging automotive cybersecurity risks.

Auto-ISAC members represent more than 99 percent of light-duty vehicles on the road in North America. Members also include heavy-duty vehicles, commercial fleets, carriers, and suppliers. For more information, please visit www.automotiveisac.com and follow us @autoisac.                                                    

 #  #  #

About NCC Group

NCC Group is a people-powered, tech-enabled global cyber security and software escrow business. Driven by a collective purpose to create a more secure digital future, approximately 2,000 colleagues across Europe, North America, and Asia Pacific harness their collective insight, intelligence, and innovation to deliver cyber resilience for over 14,000 clients across the public and private sectors. With decades of experience and a rich heritage, NCC Group is committed to developing sustainable solutions that continue to meet clients’ current and future cyber security challenges. For more information visit www.nccgroup.com/uk.

Media Contacts:

Michael Shokouhi

Auto-ISAC Business Operations and Communications

michaelshokouhi@automotiveisac.com

Zscaler

Natalia Wodecki, Sr. Director, Global Integrated Communications & PR

press@zscaler.com

Advancing Cybersecurity of the Connected Vehicle across the Industry

Washington, DC – November 13, 2024 – The Automotive Information Sharing and Analysis Center (Auto-ISAC) announces that Thomas L. Farmer has been selected as the organization’s first Director of Operations, effective September 30, 2024, to help orchestrate the diverse business functions of the growing and active cybersecurity group.

Farmer brings extensive security knowledge and leadership skills to his new responsibilities. He has more than 20 years’ experience in national transportation security matters, including cybersecurity, and has served as a general manager at a federal government security agency.

Faye Francy, Executive Director, Auto-ISAC, expressed confidence in Farmer saying, “Our organization is dynamic with many moving parts, and Tom brings a strong understanding of how organizations operate and thrive, along with a deep expertise in security. He will play a crucial role in our success by managing daily activities and overseeing essential functions, including membership and partnership, legal, contracting, supplier management, and finance.” In his new position, Farmer will report directly to Francy.

Automakers formed the Auto-ISAC in 2015 to establish a global information-sharing community for vehicle cybersecurity. In the past decade the organization, now comprised of more than 80 members globally, has grown and expanded both its reach and scope of impact. Recently, the group launched its European Union Division and its comprehensive Automotive Cybersecurity Training (ACT) program. Work products include assessments of cybersecurity risk and threats to connected vehicles, Best Practices Guides, the Automotive Threat Matrix, Annual Automotive Threat Assessment, and monthly Community Calls. Auto-ISAC members are actively engaged in an Executive Committee, 14 issue-focused Work Groups, four Standing Committees, and two Affinity Groups.

As Director of Operations, Farmer will ensure that Auto-ISAC’s operations are coordinated, unified, and productive in supporting continuously the accomplishment of a diverse and multi-faceted mission. One key focus will be providing support to the Legal Work Group.

According to Farmer, “I have been privileged to work with this team during much of this year and gain a true appreciation for the knowledge, capabilities, and dedication of the staff. In this new role, my focus is on people, policies, procedures, and productivity – to do all I can to optimize efficiency and effectiveness and deliver positive outcomes across the Auto-ISAC’s mission-essential functions and extensive international scope.”

Previously, Farmer founded Warning Track Consulting and, in that capacity, provided security consulting services to the ISAC for approximately 8 months.

Farmer served 13 years at the Association of American Railroads (AAR) from 2010-2023. As Assistant Vice President of Security at AAR, he was responsible for assuring preparedness for a spectrum of threats, including cyber-attacks and terrorism. In that role, he fostered excellent relationships with the range of federal agencies responsible for security and defense.

As Acting General Manager/Deputy General Manager of the Mass Transit Division at the Transportation Security Administration (TSA) from 2006-2010, he advanced public/private initiatives to share information on threats to mass transit and passenger rail systems across the nation and risk mitigation priorities for prevention and response. Earlier in his tenure with TSA, he served for two years as legislative counsel.

Since 2019, Farmer has been the elected Chair of TSA’s Surface Transportation Security Advisory Committee, the members of which are appointed by the agency’s Administrator, and he will continue to chair this committee while at Auto-ISAC. He also serves in the All Hazards Consortium’s Sensitive Information Sharing Environment that supports emergency preparedness and response – across critical infrastructure sectors and in government. Further, Tom led the Critical Infrastructure Cross-Sector Council as elected Chair during 2013-2018.

Prior to those positions, Farmer served honorably and with distinction in the U.S. Air Force as a Judge Advocate and in the U.S. Army as a tactical intelligence officer.

He earned a Master of Arts in National Security Affairs at the Institute of World Politics in Washington, DC. He was awarded a Juris Doctorate from St. John’s University School of Law and a Bachelor of Arts in Communications from Seton Hall University.

# # #

About Auto-ISAC

The Auto-ISAC was formed by automakers in 2015 to establish a global information-sharing community to address vehicle cybersecurity and operate as a central hub for sharing, tracking, and analyzing intelligence about emerging cybersecurity risks. Auto-ISAC members represent more than 99 percent of light-duty vehicles on the road in North America. Members also include heavy-duty vehicles, commercial fleets, carriers, and suppliers. For more information, please visit www.automotiveisac.com and follow us@autoisac.

Media contact

Michael Shokouhi

michaelshokouhi@automotiveisac.com

Attendance, Engagement, Substantive Sessions, and Awards

Washington, DC – November  12, 2024 – The Automotive Information Sharing and Analysis Center (Auto-ISAC) reported today that its 8th Annual Summit achieved unprecedented milestones and broke new ground at the event held in October in Detroit.

“Our Summit is the centerpiece of much of what we do at Auto-ISAC. By uniting industry leaders and cybersecurity experts, we foster cooperation and develop solutions that drive automotive innovation securely,” said Kevin Tierney, Chairman, Auto-ISAC, and Chief Cybersecurity Officer at General Motors. “This year, we achieved several milestones for attendance and engagement.”

Auto-ISAC’s Summit grows as the must-attend cybersecurity event for the automotive sector.

The number of Summit registrants reached a record high of 563. This signal event, held annually, is the one US cybersecurity conference where automakers, manufacturers of commercial trucks, and suppliers are broadly represented on stage to share their perspectives. The Summit line-up included speakers from 18 automakers and suppliers, plus more than a dozen leading cybersecurity providers. Attendees included chief information security officers (CISOs), information technology (IT) and operational technology (OT) professionals, cyber threat analysts, researchers, and leaders in the legal, regulatory and policy fields.

The inaugural Auto-ISAC Member of the Year award is given for exceptional leadership in information sharing.

International Motors, LLC* (“International”, previously known as Navistar, Inc.) earned the Member of the Year Information Sharing Excellence Award in recognition of the company’s remarkable efforts supporting the Auto-ISAC’s mission to “collaborate with global members, identify and assess cybersecurity threats, provide best practices to the automotive industry, and ultimately ensure a safer experience for consumers.”

“International joined Auto-ISAC to work collaboratively with organizations across the sector towards the advancement of cybersecurity. In this collaborative effort, we confirmed that collective resilience enhances and motivates the furtherance of our company’s own readiness stance – much to the delight of our customers, dealers, suppliers and employees,” remarked Nicolas Guibert de Bruet, Chief Technical Engineer – Operational Safety and Security, International. “We are honored to receive this award recognizing an outstanding level of engagement and support that made lasting impacts on automotive cybersecurity.”

According to Auto-ISAC, International exemplifies the commitment to proactive engagement and cooperation and consistently demonstrates dedication to the cybersecurity mission in the automotive industry by sharing critical intelligence—whether it’s Indicators of Compromise (IOCs) through Auto-ISAC’s Threat Indicator Report Exchange (TIRE), insightful intelligence reports, Requests for Information (RFIs) on the Reporting Exchange & Discussion (RED) platform, or timely communications that inform awareness and proactive measures to mitigate risk.

Auto-ISAC’s Summit has become an established platform for government policy leaders.

Each year, government policymakers address the conference to share their news and perspectives. 2024 Summit speakers included:

• Representative Debbie Dingell (D-MI). 

• Sophie Shulman, Deputy Administrator, U.S. National Highway Traffic Safety Administration.

• Elizabeth Cannon, Executive Director, Office of Information and Communications Technology and Services, U.S. Department of Commerce.

• Reuben C. Coleman, Assistant Special Agent in Charge (ASAC), FBI Detroit. 

2024 Auto-ISAC Cybersecurity Summit Overview

The Summit advanced the theme of “Revving Up Resilience: Security Meets Innovation” and the agenda covered four fundamental areas:  building cyber-ready ecosystems, innovating security, technological horizons, and reimagining cybersecurity practices. Highlights included: 

• Titanium host, Booz Allen Hamilton, led a panel of auto industry CISOs on securing a software-defined vehicle ecosystem.

• John McElroy, host of Autoline, summarized global auto trends that can impact cybersecurity.

• Auto-ISAC Work Groups for CISOs, IT/OT, Legal, and Software Bill of Materials presented key findings from their focused efforts to        support sustained cybersecurity enhancement.

• New developments in the Automotive Cybersecurity Training (ACT) program were reviewed and described, highlighting another key        element of industry commitment.

• VicOne and Block Harbor named team, “greaterthan”, the winner of the Capture the Flag Challenge that recognizes excellence in            cybersecurity.

#  #  #

About Auto-ISAC

The Auto-ISAC was formed by automakers in 2015 to establish a global information-sharing community to address vehicle cybersecurity and operate as a central hub for sharing, tracking, and analyzing intelligence about emerging cybersecurity risks. Auto-ISAC members represent more than 99 percent of light-duty vehicles on the road in North America. Members also include heavy-duty vehicles, commercial fleets, carriers, and suppliers. For more information, please visit www.automotiveisac.com and follow us@autoisac.                                                    

Media contact

Auto-ISAC

Michael Shokouhi

michaelshokouhi@automotiveisac.com

 *International Motors, LLC is d/b/a International Motors USA LLC in Illinois, Missouri, New Jersey, Ohio, Texas, and Utah.

Three days of content-rich briefings, new developments and approaches

Washington, DC – October  17, 2024 – The Automotive Information Sharing and Analysis Center (Auto-ISAC), the leading automotive cybersecurity group, announced today the full agenda for its 8th Annual Summit which will showcase automotive executives, cybersecurity experts, and government leaders.

Produced by the Auto-ISAC, the 2024 Annual Cybersecurity Summit will be held in Detroit, MI on October 21-23 at the MGM Grand Detroit. Both digital and in-person participation is available.

The Summit theme is “Revving Up Resilience: Security Meets Innovation.” The event is open to manufacturers of autos and commercial trucks, suppliers, and cybersecurity experts. Attendees include CISOs, IT, OT, analysts, researchers, and leaders in legal, regulatory and policy fields.

“Ground-breaking advancements continually shape automotive cybersecurity. Resilience is an evolutionary process demanding constant adaptation to an ever-changing environment. Our summit provides a quick yet substantive knowledge boost and that is why many attendees participate every year,” said Kevin Tierney, Chairman, Auto-ISAC, and Chief Cybersecurity Officer at General Motors. “This is the one US cybersecurity conference each year where automakers and suppliers are broadly represented on stage to share their perspectives. We actively learn from each other.”

The Summit will be emceed by Auto-ISAC Officers Kevin Tierney, GM; Tim Gieger, Ford; Josh Davis, Toyota; and Stephen Roberts, Honda.

Emily Helmke, Vice President, Global Commercial Markets, Booz Allen, our Titanium sponsor will be opening the Summit proceedings.

The Summit line-up includes speakers from 18 automakers and suppliers, along with more than a dozen leading cybersecurity providers. Government policymakers who will speak include: 

• Sophie Shulman, Deputy Administrator, National Highway Traffic Safety Administration, on Driving Cyber Resilience: NHTSA's Role in a Secure Automotive Future.

• Rep. Debbie Dingell (D-MI) on legislative cybersecurity leadership. 

• Elizabeth Cannon, Executive Director of the Office of Information and Communications Technology and Services (OICTS), U.S. Department of Commerce, on Securing the Information and Communications Technology and Services Supply Chain: Connected Vehicles.

• Reuben C. Coleman, Assistant Special Agent in Charge (ASAC), FBI Detroit, on Building Meaningful Alliances Between FBI and the Automotive Industry. 

The Summit agenda covers four themes:  building cyber-ready ecosystems,  innovating security,  technological horizons, and reimagining cybersecurity practices. 

Titanium host, Booz Allen Hamilton, will moderate a panel of automotive CISOs on securing a software-defined vehicle ecosystem. Additional Summit sessions include: 

·      The role of automation and artificial intelligence in threat detection.

·      Key findings from the Auto-ISAC Software Bill of Materials (SBOM) Working Group, along with insights from Working Groups for CISOs,         IT/OT and Legal.

·      Global perspectives and updates on UN Type Approval regulations.

·      New developments in the Automotive Cybersecurity Training (ACT) program.

·      Plus, sessions on supply chains, zero trust, vehicle Security Operations Centers (vSOCs), threat assessment and risk analysis (TARA)            and more.  

To conclude the Summit, VicOne and Block Harbor will present the winner of the Capture the Flag Challenge that recognizes excellence in cybersecurity.  

The Auto-ISAC was formed by automakers in 2015 to establish a global information-sharing community to address vehicle cybersecurity and operate as a central hub for sharing, tracking, and analyzing intelligence about emerging cybersecurity risks.  

Auto-ISAC members represent more than 99 percent of light-duty vehicles on the road in North America. Members also include heavy-duty vehicles, commercial fleets, carriers, and suppliers. For more information, please visit www.automotiveisac.com and follow us @autoisac.                                                    

Media Contact:

Michael Shokouhi

Auto-ISAC Business Operations and Communications

michaelshokouhi@automotiveisac.com 

#  #  #

Advancing Cybersecurity of the Connected Vehicle across the Industry

 Washington, DC – April 9, 2024 – The Automotive Information Sharing and Analysis Center (Auto-ISAC) is delighted to announce a significant development in its leadership team. Dr. Martin Emele, formerly the Vice President of Cybersecurity Public Affairs and Governmental Relations at the Bosch Group and serving as the European Director since June 15, 2021, will transfer to Auto-ISAC and assume a full-time position as the European Director at Auto-ISAC Europe, effective July 1, 2024.

Dr. Emele's transition from Bosch to Auto-ISAC marks a pivotal moment in strengthening the organization's European presence and advancing cybersecurity initiatives within the automotive industry. With over 15 years of dedicated experience in automotive cybersecurity, Dr. Emele brings a wealth of knowledge and strategic insight to his new role.

In his new full-time capacity, Dr. Emele will spearhead the establishment and growth of the European Branch of Auto-ISAC. His vision is to foster a collaborative environment where automotive OEMs, suppliers, and other stakeholders work together to address security concerns efficiently. Dr. Emele emphasized the importance of global cooperation in combating cyber threats, stating, "We must unite as a global community to enhance our customers' protection and bolster organizational resilience because attackers don’t stop at borders."

Under Dr. Emele's continued leadership, Auto-ISAC Europe will prioritize acquisition of new European members and building strong partnerships with European cybersecurity companies, industry associations, and government agencies. This includes close collaboration with entities such as the Federal Office for Information Security (BSI), the European Union Agency for Cybersecurity (ENISA), European Automobile Manufacturer Association (ACEA) and the European Association of Automotive Suppliers (CLEPA).

Kevin Tierney, Chairman, Auto-ISAC, and Chief Cybersecurity Officer at General Motors, expressed confidence in Dr. Emele's appointment, stating, "Dr. Emele's transition to a full-time role at Auto-ISAC reflects our commitment to fostering top-tier talent within our organization. His leadership and expertise will be instrumental in driving collaborative efforts to strengthen cybersecurity practices across Europe."

Auto-ISAC reaffirms its commitment to promoting cybersecurity best practices and information sharing globally. Dr. Martin Emele's appointment as European Director heralds a new chapter in Auto-ISAC's journey towards enhancing cybersecurity resilience in the automotive industry.

The Auto-ISAC was formed by automakers in August 2015 to establish a global information-sharing community to address vehicle cybersecurity, and operates as a central hub for sharing, tracking, and analyzing intelligence about emerging cybersecurity risks. Its secure intelligence-sharing portal allows members to anonymously submit and receive information that helps them more effectively respond to cyber threats.

Auto-ISAC’s 2024 Europe Cybersecurity Summit is scheduled for June 11-13, 2024, and hosted by BMW in the BMW-Welt in Munich, Germany. To register or become a sponsor of the Summit, please visit 2024 Europe Cybersecurity Summit.    

Auto-ISAC’s 8th Annual Cybersecurity Summit is scheduled for October 22-23, 2024, hosted by Booz Allen Hamilton in Detroit, MI and virtually. To register or become a sponsor of the Summit, please visit 2024 Auto-ISAC Cybersecurity Summit.

Auto-ISAC members represent more than 99 percent of light-duty vehicles on the road in North America. Members also include heavy-duty vehicles, commercial fleets, carriers, and suppliers. For more information, please visit www.automotiveisac.com and follow us @autoisac.                                                    

Media Contact:

Michael Shokouhi

Auto-ISAC Business Operations and Communications

michaelshokouhi@automotiveisac.com

Advancing Cybersecurity of the Connected Vehicle across the Industry

Washington, DC – March 27, 2024 – The Automotive Information Sharing and Analysis Center (Auto-ISAC), renowned for its leadership in automotive cybersecurity information sharing, introduces the Automotive Threat Matrix (ATM).  This innovative initiative marks a significant leap forward in bolstering the assessment of automotive threats and risks, as well as the classification and sharing of cyber threat intelligence across the automotive industry.

Crafted by esteemed automotive security subject matter experts from Auto-ISAC's Member and Partner network, the Automotive Threat Matrix (ATM) represents a pioneering effort.  Modeled after the acclaimed MITRE ATT&CK™ framework, ATM offers a standardized taxonomy meticulously tailored for automotive-specific adversarial cyber tactics and techniques.

“In the realm of automotive cybersecurity, shared understanding accelerates industry maturation and speed of response to cyber-attacks, both of which are vital to staying ahead of emerging threats," stated Kevin Tierney, Chair, Auto-ISAC, and Chief Cybersecurity Officer at General Motors. "ATM represents a significant advancement in our ongoing mission to enhance automotive cybersecurity governance, providing stakeholders with a standard taxonomy to communicate and act more effectively."

What Can It Do?

• Expedited Threat Intelligence: ATM accelerates the categorization of vehicle-specific threat intelligence, facilitating the swift identification of emerging attack techniques targeting vehicles.

• Streamlined Governance: ATM enhances all aspects of automotive cybersecurity governance, encompassing threat assessment, intelligence sharing, incident response, compliance reporting, and execution of penetration testing.

• Compliance Abstraction: ATM serves as a useful abstraction for compliance reporting, aiding in fulfilling automotive cybersecurity regulatory requirements such as UN Regulation 155 and current as well as future legislative requirements.

• Enhanced Threat Detection: ATM, based upon real-world attacker tactics and techniques, can help identify attack paths and inform the design of intrusion detection systems.

ATM is available online at https://atm.automotiveisac.com/

The Auto-ISAC was formed by automakers in August 2015 to establish a global information-sharing community to address vehicle cybersecurity, and operates as a central hub for sharing, tracking, and analyzing intelligence about emerging cybersecurity risks. Its secure intelligence-sharing portal allows members to anonymously submit and receive information that helps them more effectively respond to cyber threats.

Auto-ISAC’s 2024 Europe Cybersecurity Summit is scheduled for June 11-13, 2024, hosted by BMW in Munich, Germany. To register or become a sponsor of the Summit, please visit 2024 Europe Cybersecurity Summit.    

Auto-ISAC members represent more than 99 percent of light-duty vehicles on the road in North America. Members also include heavy-duty vehicles, commercial fleets, carriers, and suppliers. For more information, please visit www.automotiveisac.com and follow us @autoisac.                                                    

Media Contact:

Michael Shokouhi

Auto-ISAC Business Operations and Communications

michaelshokouhi@automotiveisac.com

Advancing Cybersecurity of the Connected Vehicle across the Industry

Washington, DC – March 19, 2024 – The Automotive Information Sharing and Analysis Center (Auto-ISAC) welcomes Dana Incorporated as a new member, along with Dellfer as a new strategic partner.

Dana is a leader in the design and manufacture of highly efficient propulsion and energy-management solutions that power vehicles and machines in all mobility markets across the globe. 

“The Auto-ISAC is global and covers diverse parts of the automotive sector. We welcome companies like Dana that prioritize innovation and see the value of collaboration. Our community is active, sharing knowledge and approaches that help us enhance vehicle cybersecurity. Dana will add their important perspectives,” said Kevin Tierney, Chair, Auto-ISAC, and Chief Cybersecurity Officer at General Motors.

Dana is shaping sustainable progress through its conventional and clean-energy solutions that support nearly every vehicle manufacturer with drive and motion systems; electrodynamic technologies, including software and controls, along with thermal, sealing, and digital solutions.

“At Dana we take product cybersecurity very seriously and strive to improve our product cybersecurity posture. Auto-ISAC is a great platform for the automotive cybersecurity community to come together and share cybersecurity intelligence and best practices. I believe this will benefit Dana as a Tier 1 supplier, as well as the mobility industry,” said Dr. Di Jin, Dana’s Global Head of Product Cybersecurity.

The Auto-ISAC also announces that Dellfer is joining its Strategic Partner Program, which was established for companies that sell connected vehicle cybersecurity products and services.

Dellfer takes a unique approach to protecting Internet of Things (IoT) devices used in auto components, such as electronics, actuators, and sensors used to gather information and inform decisions and actions. 

Dellfer provides software development tools which can automatically examine source or assembly code to discover poor programming, extraneous code, Common Weakness Enumerations (“CWEs”) and Common Vulnerabilities and Exposures (“CVEs”) in code. Dellfer’s toolkit enables an organization to find those flaws and rapidly eliminate them. 

James Blaisdell, CEO of Dellfer stated: “The Dellfer team is committed to advancing the cybersecurity landscape for connected vehicles. We are eager to collaborate with Auto-ISAC members to enhance the security of vital open-source software components used within the industry. Our focus is on ensuring the highest standards of cyber safety and resilience. Being part of this initiative allows us to contribute significantly to protecting automakers from evolving cyber threats, and we are proud to support this mission and look forward to making a substantial impact together.”

As a strategic partner, Dellfer intends to work with the Auto-ISAC to identify commonly used open-source software and use its tools to eliminate errors and weaknesses.  This clean version of the software will be provided exclusively to members of the Auto-ISAC. Dellfer will also provide two supporting workshops for members.

"Strategic partnerships are integral to the vitality of our Auto-ISAC community, enriching our collective strength through collaborative efforts," remarked Faye Francy, Executive Director of the Auto-ISAC. "Dellfer's commitment to enhancing cybersecurity through innovative approaches aligns seamlessly with our mission. By leveraging their expertise and tailored solutions, our members gain invaluable resources, fortifying our industry against emerging threats."

The Auto-ISAC was formed by automakers in August 2015 to establish a global information-sharing community to address vehicle cybersecurity, and operates as a central hub for sharing, tracking, and analyzing intelligence about emerging cybersecurity risks. Its secure intelligence-sharing portal allows members to anonymously submit and receive information that helps them more effectively respond to cyber threats.

Auto-ISAC’s 2024 Europe Cybersecurity Summit is scheduled for June 11-13, 2024, hosted by BMW in Munich, Germany. To register or become a sponsor of the Summit, please visit 2024 Europe Cybersecurity Summit.    

Auto-ISAC members represent more than 99 percent of light-duty vehicles on the road in North America. Members also include heavy-duty vehicles, commercial fleets, carriers, and suppliers. For more information, please visit www.automotiveisac.com and follow us @autoisac.                                                    

About Dana Incorporated

Dana is a leader in the design and manufacture of highly efficient propulsion and energy-management solutions that power vehicles and machines in all mobility markets across the globe. The company is shaping sustainable progress through its conventional and clean-energy solutions that support nearly every vehicle manufacturer with drive and motion systems; electrodynamic technologies, including software and controls; and thermal, sealing, and digital solutions.

Based in Maumee, Ohio, USA, the company reported sales of $10.6 billion in 2023 with 42,000 people in 31 countries across six continents. With a history dating to 1904, Dana was named among the "World's Most Ethical Companies" for 2023 and 2024 by Ethisphere and as one of "America's Most Responsible Companies 2023" by Newsweek. The company is driven by a high-performance culture that focuses on valuing others, inspiring innovation, growing responsibly, and winning together, earning it global recognition as a top employer. Learn more at dana.com.

About Dellfer

Dellfer is an IoT cybersecurity software company that empowers device manufacturers to embed protection against unknown threats and thwart intrusions with unmatched visibility, speed, and accuracy. It meets the connected world’s need for a new, holistic cybersecurity approach that can effectively and efficiently harden IoT devices and keep them from becoming vectors for successful attacks.

Media Contacts:

Michael Shokouhi

Auto-ISAC Business Operations and Communications

michaelshokouhi@automotiveisac.com

202-507-6219

Dana Incorporated

Craig Barber

craig.barber@dana.com

419-887-5166

Dellfer

Shawn Lorenz

Shawn@dellfer.com

415-761-3850

Advancing Cybersecurity of the Connected Vehicle across the Industry

Washington, DC – March  5, 2024 – The Automotive Information Sharing and Analysis Center (Auto-ISAC) welcomes Amazon and PHINIA as new members, bringing the total number of members to 77.

Amazon.com, Inc. is an American multinational technology company that focuses on e-commerce, cloud computing, digital streaming, and artificial intelligence. Amazon engages with automakers, Tier-1 suppliers, auto-tech start-ups, partners, and industry organizations to help support industry security.

PHINIA Inc. develops fuel systems, electrical systems and aftermarket solutions designed to keep combustion engines operating at peak performance, as cleanly and efficiently as possible, while at the same time investing in future technologies that will unlock the potential of alternative fuels.

“We are proud that leading companies in their fields are joining the Auto-ISAC, where sharing information and proven solutions is an everyday priority. Everyone who joins the Auto-ISAC wants to actively learn from others within our community, where the ability to call global manufacturers and service providers directly to discuss a range of cybersecurity topics benefits the entire automotive industry,” said Kevin Tierney, Chair, Auto-ISAC, and Chief Cybersecurity Officer at General Motors.

“Amazon’s participation in the Auto-ISAC reinforces our commitment to automotive cybersecurity as an essential part of our work with automotive customers across the vehicle journey through research and analytics, customer experiences, innovation, and the development of new features and services, such as securely integrating AI capabilities running in the vehicle and in the cloud,” said Wendy Bauer, Vice President and General Manager of Automotive & Manufacturing at AWS. “As the industry transitions to more software-defined experiences, safety and security is more important than ever. Connecting with automaker and Tier- 1 security experts across the Auto-ISAC community will help us all engage faster, resulting in improvements to standards and practices and ultimately making the vehicle a more secure environment.”

Through its membership, Amazon teams will collaborate with Auto-ISAC members to help remain up to date on automotive vehicle cybersecurity, including potential threats and vulnerabilities, and help shape the industry’s path to a software-defined future. They will also work with Amazon to explore best practices for secure-by-design in-vehicle infotainment solutions that integrate AI and are capable of running in the cloud or at the edge.  More broadly, Amazon continues to dive deep with customers and industry partners to build and deliver innovative solutions for the automotive industry.

The Auto-ISAC was formed by automakers in August 2015 to establish a global information-sharing community to address vehicle cybersecurity. The Auto-ISAC operates a central hub for sharing, tracking, and analyzing intelligence about emerging cybersecurity risks. Its secure intelligence-sharing portal allows members to anonymously submit and receive information that helps them more effectively respond to cyber threats.

As resources for its community of cyber professionals, the Auto-ISAC offers educational programs, Best Practices, a monthly community call, an annual Summit in both the United States and Europe, analytic reports and more.

Auto-ISAC’s 2024 Europe Cybersecurity Summit is scheduled for June 11-13, 2024, hosted by BMW in Munich, Germany. To register or become a sponsor of the Summit, please visit 2024 Europe Cybersecurity Summit.    

The Auto-ISAC also provides opportunities for different disciplines and function areas to collaborate on shared priorities. The Information Technology (IT) and Operational Technology (OT) Working Group creates a forum for technical experts to share actionable intelligence regarding cybersecurity challenges, threats, and risk mitigation methods that build the resiliency of the connected vehicle.  Working Groups for CISO Executives and for Analysts address their specific agendas on a bi-weekly basis. And, the Commercial Vehicle Affinity Group, the Supplier Affinity Group, and the Japan Working Group meet monthly.

Auto-ISAC members represent more than 99 percent of light-duty vehicles on the road in North America. Members also include heavy-duty vehicles, commercial fleets, carriers, and suppliers. For more information, please visit www.automotiveisac.com and follow us @autoisac.   

About PHINIA

PHINIA is an independent, market-leading, premium solutions and components provider with over 100 years of manufacturing expertise and industry relationships, with a strong brand portfolio that includes DELPHI®, DELCO REMY® and HARTRIDGE®. With 13,200 employees across 44 locations in 20 countries, PHINIA is headquartered in Auburn Hills, Michigan, USA. (DELCO REMY is a registered trademark of General Motors LLC licensed to PHINIA Technologies Inc.)

Media Contacts:

Michael Shokouhi

Auto-ISAC Business Operations and Communications

michaelshokouhi@automotiveisac.com

Amazon

Frank Filiatrault

PR Manager – AWS Automotive & Manufacturing

fffiliat@amazon.com

PHINIA

Jo Donnelly

External Communications Manager, PHINIA

jdonnelly@phinia.com