event coverage

Inaugural Billington Global Automotive Cybersecurity Summit

The Inaugural Billington Global Automotive Cybersecurity Summit

July 22, 2016 — Cobo Center, Detroit, Michigan

Use by permission of the Billington Global Automotive Cybersecurity Summit; photo by Freers Photography, July 22, 2016

Motown meets malware

The Billington Global Automotive Cybersecurity Summit met in its inaugural session Friday, July 22, 2016. The sessions held in Detroit's Cobo Center drew leaders from the automotive and security industries, as well as from the US Federal Government and the State of Michigan.

Coming on the heels of a set of automotive cybersecurity best practices developed and released by the Automotive Information Sharing and Analysis Center (Auto-ISAC), several themes emerged during the proceedings. First, the automotive industry believes it's in a good position to build in security before it sustains a serious, dedicated attack on its products, and it views the Auto-ISAC recommendations as a good initial step. The US Department of Transportation is also preparing to release a set of guidelines for automotive cybersecurity in the near future. And it's noteworthy that the industry's focus, at least insofar as the Summit's discussions were concerned, is on the cybersecurity of its products.

Second, senior automotive industry leaders said they were determined to regard vehicular cybersecurity as akin to a safety issue, and not a field in which they intend to seek competitive advantage. (The US Department of Transportation, too, sees automotive cybersecurity as a field in which it should be possible to realize significant gains in highway safety.) Thus there was much talk of collaboration and threat intelligence sharing by executives from several automobile manufacturers—notably General Motors. There were also many welcoming overtures to the white hat vulnerability research community, and considerable willingness on display to use crowd-sourced bughunting, as Fiat-Chrysler is already doing. Toyota's and Honda's participation suggested that this interest is not confined to US manufacturers.

Third, the industry appears intensely interested in lessons to be learned from other sectors, with the defense and aerospace sectors in particular seen as a useful well of experience.

Finally, looking toward the future, it's clear that the industry sees the coming advent of fully autonomous vehicles as both transformative and effectively inevitable. It's possible, several experts said, that we may see fully autonomous cars operating on the roads within ten years—and available on an ordinary retail basis.

More coverage from the Inaugural Billington Global Automotive Cybersecurity Summit:

Interviews

In the Daily Podcast for 6.29.16 the CyberWire spoke with Jon Allen from Booz Allen Hamilton about the Automotive ISAC and he previews the upcoming Billington Cybersecurity Global Automotive Cybersecurity Summit. Listen to the extended interview here.