Eskenzi PR ad banner Eskenzi PR ad banner
  • About Us
Friday, 29 September, 2023
IT Security Guru
Eskenzi PR banner
  • Home
  • Features
  • Insight
  • Channel News
  • Events
    • Most Inspiring Women in Cyber 2022
  • Topics
    • Cloud Security
    • Cyber Crime
    • Cyber Warfare
    • Data Protection
    • DDoS
    • Hacking
    • Malware, Phishing and Ransomware
    • Mobile Security
    • Network Security
    • Regulation
    • Skills Gap
    • The Internet of Things
    • Threat Detection
    • AI and Machine Learning
    • Industrial Internet of Things
  • Multimedia
  • Product Reviews
  • About Us
No Result
View All Result
  • Home
  • Features
  • Insight
  • Channel News
  • Events
    • Most Inspiring Women in Cyber 2022
  • Topics
    • Cloud Security
    • Cyber Crime
    • Cyber Warfare
    • Data Protection
    • DDoS
    • Hacking
    • Malware, Phishing and Ransomware
    • Mobile Security
    • Network Security
    • Regulation
    • Skills Gap
    • The Internet of Things
    • Threat Detection
    • AI and Machine Learning
    • Industrial Internet of Things
  • Multimedia
  • Product Reviews
  • About Us
No Result
View All Result
IT Security Guru
No Result
View All Result

I am The Cavalry issue open letter to automotive industry on car security

by The Gurus
August 11, 2014
in Editor's News
Share on FacebookShare on Twitter

Information security lobbying group and research collective “I am the Cavalry” has issued an open letter to the automotive industry informing them of software failings in cars.
 
The open letter calls for better car safety and for collaboration with the automotive industry specifically on  five key capabilities that create a baseline for safety relating to the computer systems in cars: Safety by Design and development of automotive computer systems with security in mind; Third-Party Collaboration to publish a clear vulnerability disclosure response policy that works with security researchers; Evidence Capture that may assist with an investigation should one be necessary; Security Updates to provide a mechanism for consumers to receive updates to computer systems quickly and easily as issues are found and fixed; and Segmentation and Isolation to ensure that issues in non-critical systems do not impact the performance of critical systems.
 
Tony Sager, chief technologist for The Council on cyber security, said: “I think the proposed framework clearly states important principles and intent in a plain, sensible and workable way. It puts information sharing between vendors and researchers into a constructive framework and establishes a shared goal of continuous safety improvement.”
 
The letter asks CEOs of automotives companies to “unite with us in a joint commitment to safety between the automotive and cyber security industries”. Following the addition of basic automotive safety features, it says that “modern vehicles are computers on wheels and are increasingly connected and controlled by software and embedded devices” and that new “technology introduces new classes of accidents and adversaries that must be anticipated and addressed proactively”.
 
“The once distinct worlds of automobiles and cyber security have collided,” the letter said. “In kind, now is the time for the automotive industry and the security community to connect and collaborate toward our common goals.
 
“We urge the automotive industry to adopt, develop, enhance, and attest to these capabilities. Just as they consider other safety features, concerned consumers will be better enabled to make purchasing decisions based on your attestations against these five areas. We will help you navigate this road to build greater protections for your customers and set a new standard for safety.”
 
Joshua Corman, co-founder of I Am The Cavalry, told IT Security Guru that it wanted to work with “the big goliaths of the industry” having already begun one of four projects in medical device security.
 
He said: “Our goal is to educate the public and policy makers. It is not in our interest to find one bug in infrastructure, and we don’t want to hack products, we want to get out of the echo chamber and speak to think tanks on securing Internet of Things which are different from enterprise environments.
 
“We want to make room for innovation. This is the foundation of critical capability and becomes market signalling. We will ask if they have a published version of their software development lifecycle and take care of safety and logic. We know they miss things so do they have a coordinated disclosure policy? Also because failure is inevitable, do you have evidence capture and a foundational necessity like black boxes in planes? As Heartbleed showed, can you show updat
es, as you will not wait for five years to close gaps?”

FacebookTweetLinkedIn
ShareTweet
Previous Post

Def Con – Your smartphone could be your privacy downfall

Next Post

Def Con – EFF and McAfee warn on smartphone spies

Recent News

Guide to ransomware and how to detect it

Guide to ransomware and how to detect it

September 28, 2023
software security

Research reveals 80% of applications developed in EMEA contain security flaws

September 27, 2023
Cyber insurance

Half of organisations with cyber insurance implemented additional security measures to qualify for the policy or reduce its cost

September 27, 2023
Fraud and online banking

Akamai Research Finds the Number of Cyberattacks on European Financial Services More Than Doubled in 2023

September 27, 2023

The IT Security Guru offers a daily news digest of all the best breaking IT security news stories first thing in the morning! Rather than you having to trawl through all the news feeds to find out what’s cooking, you can quickly get everything you need from this site!

Our Address: 10 London Mews, London, W2 1HY

Follow Us

© 2015 - 2019 IT Security Guru - Website Managed by Calm Logic

  • About Us
No Result
View All Result
  • Home
  • Features
  • Insight
  • Channel News
  • Events
    • Most Inspiring Women in Cyber 2022
  • Topics
    • Cloud Security
    • Cyber Crime
    • Cyber Warfare
    • Data Protection
    • DDoS
    • Hacking
    • Malware, Phishing and Ransomware
    • Mobile Security
    • Network Security
    • Regulation
    • Skills Gap
    • The Internet of Things
    • Threat Detection
    • AI and Machine Learning
    • Industrial Internet of Things
  • Multimedia
  • Product Reviews
  • About Us

© 2015 - 2019 IT Security Guru - Website Managed by Calm Logic

This site uses functional cookies and external scripts to improve your experience.

Privacy settings

Privacy Settings / PENDING

This site uses functional cookies and external scripts to improve your experience. Which cookies and scripts are used and how they impact your visit is specified on the left. You may change your settings at any time. Your choices will not impact your visit.

NOTE: These settings will only apply to the browser and device you are currently using.

GDPR Compliance

Powered by Cookie Information