The Inaugural Billington Global Automotive Cybersecurity Summit
July 22, 2016 — Cobo Center, Detroit, Michigan
Motown meets malware
The Billington Global Automotive Cybersecurity Summit met in its inaugural session Friday, July 22, 2016. The sessions held in Detroit's Cobo Center drew leaders from the automotive and security industries, as well as from the US Federal Government and the State of Michigan.
Coming on the heels of a set of automotive cybersecurity best practices developed and released by the Automotive Information Sharing and Analysis Center (Auto-ISAC), several themes emerged during the proceedings. First, the automotive industry believes it's in a good position to build in security before it sustains a serious, dedicated attack on its products, and it views the Auto-ISAC recommendations as a good initial step. The US Department of Transportation is also preparing to release a set of guidelines for automotive cybersecurity in the near future. And it's noteworthy that the industry's focus, at least insofar as the Summit's discussions were concerned, is on the cybersecurity of its products.
Second, senior automotive industry leaders said they were determined to regard vehicular cybersecurity as akin to a safety issue, and not a field in which they intend to seek competitive advantage. (The US Department of Transportation, too, sees automotive cybersecurity as a field in which it should be possible to realize significant gains in highway safety.) Thus there was much talk of collaboration and threat intelligence sharing by executives from several automobile manufacturers—notably General Motors. There were also many welcoming overtures to the white hat vulnerability research community, and considerable willingness on display to use crowd-sourced bughunting, as Fiat-Chrysler is already doing. Toyota's and Honda's participation suggested that this interest is not confined to US manufacturers.
Third, the industry appears intensely interested in lessons to be learned from other sectors, with the defense and aerospace sectors in particular seen as a useful well of experience.
Finally, looking toward the future, it's clear that the industry sees the coming advent of fully autonomous vehicles as both transformative and effectively inevitable. It's possible, several experts said, that we may see fully autonomous cars operating on the roads within ten years—and available on an ordinary retail basis.
More coverage from the Inaugural Billington Global Automotive Cybersecurity Summit:
- Automotive Cybersecurity: The View from General Motors
- GM CEO Mary Barra’s Keynote: Full Text
- Cybersecurity Roundtable: Future Voluntary Solutions, Information Sharing, and Best Practices to Counter Cyber Threats
- DC Meets Detroit: Government Automotive Cybersecurity Roundtable
- Securing the Car Through Vulnerability Testing and Coordinated Disclosure Programs
- Law Enforcement, the FBI and Automotive Cybersecurity
- CNN Q&A on Automotive Cybersecurity with Assistant Attorney General John Carlin
- Cybersecurity Lessons Learned from Outside the Automotive Sector
- Lessons from the Defense Industry: Advice from General Dynamics.
- Fireside Chat: The Future of Autonomous Vehicles
- Automotive Cybersecurity: The View from the US Department of Transportation.
- Extended interview with Jon Allen
In the Daily Podcast for 6.29.16 the CyberWire spoke with Jon Allen from Booz Allen Hamilton about the Automotive ISAC and he previews the upcoming Billington Cybersecurity Global Automotive Cybersecurity Summit. Listen to the extended interview here.