In this episode of CHATTINN CYBER, Marc Schein interviews Faye Francy, Executive Director of Automotive Information Sharing and Analysis Center (Auto-ISAC). She serves the global automotive industry through the analysis and sharing of trusted, timely cyber threat information about existing or potential cyber-related threats and vulnerabilities for on-road vehicle electronics and associated networks. Faye is actively engaged with private-sector partners and government agencies to facilitate information sharing and strengthen the industry’s capability to detect, prevent, respond, and mitigate disruptions related to the connected vehicle and supporting infrastructure. Their responsibilities include developing and executing a 2020 Vision that outlines strategic and operational priorities for the automotive industry. Auto-ISAC works closely with Chief Information Officers (CIOs), Chief Information Systems Officers (CISOs), Product Development leadership, and other executives across the automotive industry responsible for securing vehicles and connected infrastructure.
Faye started her career as a forensic chemist with the Maryland police where she became very interested in arson and aeronautics, specializing in the aviation industry. Her experience their propelled her into the automotive industry interested in her after she retired in 2016.
The ISAC model was developed in 1998 through a presidential directive for industries managing or operating critical infrastructure. Faye explains that it became a concern for the public sector after it was discovered that over 80% of the private sector operated critical infrastructure. This prompted both sectors to come together and create a sector-specific organization to share information about physical and cyber threats, vulnerabilities, and incidences. There are 24 ISACs today that serve in that role. Faye explains the purpose of the auto ICAS in sharing tactical threat information, building resilience across the whole industry, and asking everyone including the consumer to take responsibility. One of their first steps was to proactively shape industry-wide best practices into a working level document to help domestically.
Faye explains that when it comes to car supply chain, the threat actors look for small suppliers that don’t have the capabilities of larger supplies and use that to get to the ‘big fish’. “The soft underbellies are important, and so is the supply chain in ensuring all of them have tools, techniques, and understanding of how to address issues.”
She talks about the efficiency and effectiveness of the automobile industry due to technological connectivity, which also brings cyber risks and requires vigilance about cyber hygiene and cybersecurity. She explains that the typical trends in auto cybercrimes have been focusing on the integration of highly automated systems even during COVID. She covers the topic of the top cyber threats during the COVID-19 pandemic.