Advancing Cybersecurity for the Connected Vehicle Industry
WASHINGTON, DC, UNITED STATES, February 11, 2025 /EINPresswire.com/ -- The Automotive Information Sharing and Analysis Center (Auto-ISAC) today announced the public release of its groundbreaking Auto-ISAC Software Bill of Materials (SBOM) Informational Report with effective practices to enhance the software security of automotive vehicles, products, and technology. The report can be obtained through the Auto-ISAC’s public website at www.automotiveisac.com.
A Software Bill of Materials (SBOM) is a
“Software touches every part of our lives today, including in vehicles. One basic requirement for ensuring cybersecurity is to thoroughly understand the way a software application works. An accurate and detailed software inventory is the foundation for many cybersecurity functions,” said Faye Francy, Executive Director, Auto-ISAC. “This report is the result of years of collaboration between 54 Auto-ISAC automakers and suppliers, supplemented by extensive feedback from numerous member companies.”
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) is one of the most visible and active promoters of the SBOM, which is a cybersecurity concept in the early stages of adoption worldwide.
The automotive industry is rapidly advancing the SBOM as a cybersecurity practice. Increasingly, SBOMs are viewed as critical to managing risk in a complex and software-driven supply chain. Automotive companies view SBOMs as an important aid in vulnerability management for development teams and other supply chain participants. With a shared understanding of which components are included, potential risks arising from vulnerabilities can be more quickly identified, analyzed, and treated by software designers and cybersecurity teams.
To move forward, the Auto-ISAC formed its Software Bill of Materials Work Group (SBOM WG) to support the auto industry’s operations in SBOM implementation. The work group of industry software experts performed multiple workshops and exercises to facilitate hands-on SBOM development and testing activities. In 2022, after identifying specific industry needs, the work group created a document for its members focusing on formats and requirements. Armed with this knowledge, the SBOM WG subsequently further assessed automotive operations and produced the public report issued today.
SBOMs, while extraordinarily complex, are a powerful tool for timely awareness and diagnosis in vulnerability management. Extensions of SBOMs in the future, including machine-readable alerts and automation as well as more advanced automated communications such as Vulnerability Exploitability eXchange (VEX), have great promise for faster and less labor-intensive vulnerability management.
One major overarching concern of the auto industry is the safety of the public including drivers, passengers, other road users, and pedestrians. As a result, the auto industry historically has been a leader in safety innovation. Cybersecurity has been recognized as a critical contributor to safety, and that importance is reflected in this newest automotive SBOM report.
About Auto-ISAC
The Auto-ISAC was formed by automakers in 2015 to establish a global information-sharing community to address vehicle cybersecurity and operate as a central hub for sharing, tracking, and analyzing intelligence about emerging cybersecurity risks. Auto-ISAC members represent more than 99 percent of light-duty vehicles on the road in North America. Members also include heavy-duty vehicles, commercial fleets, carriers, and suppliers. For more information, please visit www.automotiveisac.com and follow us @autoisac.
No comments:
Post a Comment