Auto-ISAC Adds Four Additional Cybersecurity Companies

Apr 26, 2019

SC Pressroom Cybersecurity's leading news distribution network

WASHINGTON,-- The Automotive Information Sharing and Analysis Center (Auto-ISAC) welcomes two new members BlackBerry and Verizon and, two new strategic partners Pen Test Partners and Regulus.

The inclusion of these four companies increases the strength of the Auto-ISAC's position as the voice of the global auto cybersecurity information sharing community that works to prevent cyber threats to the connected vehicle.

The Auto-ISAC was formed by automakers in 2015 to promote collaboration between suppliers, commercial vehicle companies and automobile manufacturers around vehicle cybersecurity issues. Additionally, the Auto-ISAC has a strategic partner program that brings great value to our membership collaborating with innovators who support learning and sharing tools and techniques in managing the emerging complexity of automotive cybersecurity.

"BlackBerry, Verizon, Pen Test Partners and Regulus all play critical roles in supporting building the resiliency of our connected vehicle ecosystem, and their contribution to the Auto-ISAC is key to our industry's success," said Jeff Massimilla of General Motors, who serves as the Auto-ISAC's Chairman. "Collectively, these companies will contribute valuable information to drive the industry's proactive work to incorporate strong security measures into every phase of the vehicle lifecycle."

The Auto-ISAC operates as a central hub to share and analyze intelligence about emerging cybersecurity risks. The focus of the Auto-ISAC is to foster global collaboration for mitigating the risks of a cyber-attack and to create a safe, efficient, secure and resilient global connected vehicle ecosystem.

Geoff Wood of Harman and chairman of the organization's Affiliate Advisory Board, which represents non‑OEM members, said, "We all play a key role in the cybersecurity of connected vehicles. Sharing and analyzing cyber risk information benefits everyone and it is an important step welcoming these companies to contribute to our intelligence gathering actions."

A key action by the Auto-ISAC is the publishing of the automotive cybersecurity best practice guides that cover organizational and technical aspects of vehicle cybersecurity. Currently, three of the guides are available to the public: incident response, governance and collaboration and engagement with appropriate third parties. Additional guides are forthcoming: security-by-design, risk management, threat detection and protection, and training and awareness.

The Auto-ISAC has global representation. Its members represent more than 99 percent of light-duty vehicles on the road in North America. Members also include heavy-duty vehicles, commercial fleets and carriers and suppliers. Its annual Summit, hosted by Toyota, is scheduled for October 23-24, 2019, in Plano, TX. For more information, please visit www.automotiveisac.com and follow us @autoisac.

BlackBerry is trusted by automakers and Tier 1s around the world to protect hardware, software, applications, and end-to-end systems from cyberattacks. Its pedigree in safety, security, and continued innovation has led to BlackBerry's QNX technology being embedded in more than 120 million vehicles on the road today. It is used by the top seven automotive Tier 1s, and by 40+ OEMs including Audi, BMW, Ford, GM, Honda, Hyundai, Jaguar Land Rover, KIA, Maserati, Mercedes-Benz, Porsche, Toyota, and Volkswagen. The company partners with automotive Tier 1s, like Aptiv, Denso, Panasonic and Visteon, and silicon partners, such as Intel, Qualcomm, Nvidia, and Renesas. 

Pen Test Partners conduct automotive security research, provide deep hardware-level penetration testing and train internal automotive penetration teams. Recent research has involved aftermarket car alarms and vehicle trackers, leading to arbitrary remote CAN injection and related privacy issues. Past work has uncovered issues with telematics platforms, TCUs and mobile apps. We've also invested in a state-of-the-art automotive testing facility, helping the investigation into the security of our own Tesla and look forward to sharing this work with the community. 

Regulus is the first company dealing with smart-sensor security. From GNSS (Global Navigation Satellite System - GPS) to LiDAR and Radar, smart-sensors are critical components across a wide range of applications, from mobility and automotive to mobile and critical infrastructure - real-world attacks against sensors are today a growing concern. 

Regulus is focusing on GNSS (GPS) security and researches LiDAR and RADAR "signal-in-space" attacks (spoofing and jamming), a field that is very different from connected internet-based attacks. Spoofing is a smart attack on the sensor's receivers, allowing an attacker to pose as a legitimate signal, enabling him to manipulate and deceive the target, while jamming is a denial of service attack, causing the sensor to fail in providing any inputs and rendering it useless.

Our first technology is the Pyramid GNSS (GPS). Pyramid GNSS is the first solution to detect and eliminate smart spoofing against GNSS receivers that is secure, affordable and implementable across industries. Regulus is developing a range of anti-spoofing technologies, from a fortified GNSS receiver to a software stack relevant for any GNSS receiver as a firmware update, and down to an IP core algorithm for the GNSS chip level.

GNSS is a rapidly growing $200B market, with cyber threats and real-world attacks already taking place. Today, little is done to secure GNSS receivers and chips, although GNSS outputs are critical across a wide range of applications, being the only source of absolute position, navigation, and time (PNT).

Verizon Communications Inc., headquartered in New York City, operates America's most reliable wireless network and the nation's premier all-fiber network, and delivers integrated solutions to businesses worldwide. With brands like Yahoo, TechCrunch and HuffPost, the company's media group helps consumers stay informed and entertained, communicate and transact, while creating new ways for advertisers and partners to connect. Verizon's corporate responsibility prioritizes the environmental, social and governance issues most relevant to its business and impact to society.    


Tags: United States, English