Supplier Cyber Risk Concerns Auto Industry
One organization, the 3,000-member Automotive Industry Action Group, last year released the Cyber Security 3rd Party Information Security publication to support industry efforts to protect sensitive data by outlining a unified set of cybersecurity guidelines for automotive trading partners. Its strategies are based on industry best practices and standards. The National Institute of Standards and Technology (NIST) helped create the document. Also participating were security leaders from General Motors, Ford, Honda and Fiat-Chrysler, with additional input from Toyota, Nissan, Caterpillar, Bosch, Continental and Magna International.
The guide covers such areas as access controls, data encryption, vulnerability management, security audits of suppliers/third parties, data retention and disposal and security investigations. Along with this framework, each original equipment manufacturer can take additional measures to increase security of its suppliers and their supply chains.