Auto-ISAC has signed a Cooperative Research and Development Agreement (CRADA) with the U.S. Department of Homeland Security (DHS) to collaborate and improve vehicle cyber-threat information sharing and analysis.
As the automotive industry continues to prepare for an increasingly interconnected future, it has become critical to detect and prevent vehicle cybersecurity threats, in this quest various entities working in this field have been collaborating with each other.
Auto-ISAC facilitates sharing of timely and actionable information pertaining to cybersecurity threats affecting the automotive industry. It was established in 2015, when Global Automakers, the Alliance of Automobile Manufacturers and 15 automakers joined forces.
Private sector companies sign a CRADA with DHS to participate in the Cyber Information Sharing and Collaboration Program (CISCP), the department’s flagship program for public-private multi-directional cybersecurity information sharing and analytic collaboration about cyber threats, incidents, and vulnerabilities.
The agreement could facilitate access to DHS’ National Cybersecurity and Communication Integration Center (NCCIC), a security operations watch center. The agreement also provides ISAC personnel with eligibility for security clearances to view classified threat information.
The Auto-ISAC joins other Information Sharing and Analysis Centers (ISACs) and private sector companies already working with DHS to tackle today’s cybersecurity challenges.
CISCP partners voluntarily submit indicators of observed cyber threats and information about cyber incidents and identified vulnerabilities, done in an anonymized, aggregated fashion. Data submitted to CISCP falls under the Protected Critical Infrastructure Information Program and are statutorily exempt from regulatory use or any disclosure under the Freedom of Information Act or state Sunshine Laws.
One key component of the agreement is the ability of representatives of the Auto-ISAC to sit side-by-side with government, other ISAC partners and companies to share and analyze information and block cyber threats before damaging compromises occur.
CISCP analysts examine the submission in collaboration with both government and industry partners and produce accurate, relevant, timely and actionable analytical products. There are a number of valuable products available to the partners through the program to include: Indicator Bulletins, Analysis Report, Priority Alert, and Recommended Practices.
In addition, CISCP hosts analyst-to-analyst technical threat exchanges and analyst training events that allow for classified and unclassified briefings.