Overview

The Automotive Cybersecurity Industry Consortium (ACIC) is a public-private partnership that provides a collaborative mechanism and framework for automotive original equipment manufacturers (OEMs) to pool resources, leverage them with government funding and resources, and conduct cooperative “pre-competitive research” to improve the level of cybersecurity in automobiles.

Need

Modern day automobiles are extremely complex, containing up to 100 embedded electronic control units (ECUs), a wide range of infotainment/telematics networks to support these units, and an ever-increasing number of wired and wireless interfaces. With this increased connectivity comes a higher risk of cybercriminals exploiting automotive cybersecurity vulnerabilities.

Automotive ECUs, networks, and interfaces

Approach

ACIC is a voluntary, technology-oriented partnership among automotive OEMs that is supported by the Department of Homeland Security Science and Technology Directorate (DHS S&T), the Department of Transportation Volpe National Transportation Systems Center (DOT Volpe Center), and nonprofit research center SRI International. The consortium identifies, prioritizes and conducts pre-competitive research projects that address critical cybersecurity challenges in automobiles. The consortium engages subject matter experts, consultants and researchers who provide the best-possible technical support for the project. Different projects require different skillsets and ACIC allows the flexibility to choose the best resources. The consortium promotes the interests of the automotive sector while maintaining impartiality, independence of the participants, and vendor neutrality. A “hub” organization, Bucciero & Associates, oversees the day-to-day operations of the ACIC, acquisition of technical resources based on project requirements, and administers all business issues among ACIC members and with project performers.

Benefits

ACIC’s primary goal is to conduct proactive research to address critical automotive cybersecurity gaps and solutions. The research projects identified and selected by consortium members provide mutual benefit to all members and the nation by reducing the threat of cybersecurity risks in automobiles. The combined resources of the consortium members and the federal government increases both the capacity and quality of the research results. Members also benefit from DHS S&T and DOT Volpe Center broad access to government-funded research and researchers throughout the cybersecurity community. ACIC is focused on technology research and development, which does not have regulatory constraints and issues.

ACIC focuses on technology research, which complements other automotive industry efforts such as the Automotive Information Sharing and Analysis Center (Auto-ISAC), created to enhance cybersecurity awareness and share best practices, and SAE International, a global professional association and standards development organization for engineering professionals in various industries, including automotive.

Current Status and Next Steps

ACIC is in its fifth year and has completed research projects on tools and testing, threat assessment, testing frameworks, and automotive ethernet security. It has initiated new projects in vehicle security operations centers and tuner motivations and techniques. In addition, the consortium is engaging the DOT Volpe Center on projects in telematics device cybersecurity testing and ECU cybersecurity mitigations. The consortium will continue to execute on these projects, as well as identify, prioritize and conduct future research projects to improve cybersecurity in automobiles.

For More Information

Gloria Bucciero
President, Bucciero & Associates, P.C.

gbucciero@buccierocpa.com

Alex Karr
Program Manager,
DHS S&T
alex.karr@hq.dhs.gov

ACIC Summary

Download a two-page datasheet about the ACIC

ACIC Overview

Download a short overview presentation about the ACIC

© 2020 Automotive Cybersecurity Industry Consortium. All rights reserved.

Last updated March 12, 2020 11:57am