As we recently announced, Dellfer’s ZeroDayGuard Platform was the first cybersecurity solution to receive certification for ISO 26262 at the highest level. This is an exciting accomplishment for the company and a reflection of our absolute commitment to enhancing automotive safety. It is also a testament to where we are in the industry today. The threat landscape is widening, with attacks on automobiles’ IoT devices, such as zero-day cyberattacks, posing a variety of risks. That’s why having certification that sets required standards and designates organizations meeting them is so important.
ISO 26262 and the Demand for Cybersecurity and Certification
Like so many other industries, carmakers are entering a new phase driven by the innovation of technology. This also means that safety regulations need to catch up, which they are attempting to do. For instance, the U.S. Department of Transportation’s National Highway Traffic and Safety Administration (NHTSA) issued groundbreaking rules regarding requirements for autonomous vehicles earlier this year.
Just as such innovation creates some physical safety concerns, so do cybersecurity threats that come with an increased dependence on tech. The need for automotive cybersecurity is growing. Steve Tengler points out in a piece for Forbes that this is due to both the advancement of cyber breaches and certification requirements. ISO 26262 is a prime example and one of the most rigorous certifications to stem from this environment. It ensures that evolving auto technologies meet the bar of strict functional integrity. Specifically, ISO 26262 focuses on the security of “electrical/electronic, software, or mechanical systems that are intended to be used in a vehicle, with the goal of preventing hazards to people’s lives,” as Security Boulevard describes.
There are other sectors looking to implement similar solutions too. In May, FedScoop reported that the Department of Defense (DoD) was carrying out preparations for its Cybersecurity Maturity Model Certification (CMMC) program, which it hopes to launch in 2023. That initiative would determine if defense contractors and their networks align with designated guidelines.
The Rise of Zero-Day Threats
Among the issues influencing such a peak in cybersecurity interest across fields is the expanding presence of zero-day attacks. This trend is evident in recent incidents such as the attack on Atlassian’s Confluence, a team workspace application used by about 75,000 customers. In this case, a critical zero-day vulnerability was taken advantage of, potentially exposing data like passwords. In an article for Dark Reading, Kelly Jackson Higgins explained that “zero-day attacks and pilfered credentials have become the weapon of choice to infiltrate an organization, overtaking phishing.” That is what has made companies like Mandiant so relevant, hence its acquisition by Google for $5.4 billion.
With our ZeroDayGuard Platform, Dellfer is further establishing itself as a cybersecurity leader. Learn more about our role as a solution provider for the automotive industry at https://dellfer.com/dellfer-first-cybersecurity-company-to-achieve-highest-automotive-safety-level-for-iso-26262/.
Sources:
- “Buckle up, autonomous vehicles finally get federal safety standards” – Rebecca Bellan, TechCrunch
https://techcrunch.com/2022/03/10/nhtsa-first-autonomous-vehicle-occupant-safety-standards/ - “Auto Cybersecurity Companies’ Challenge Is Now Proving Its Mousetrap Is Better” – Steve Tengler, Forbes
https://www.forbes.com/sites/stevetengler/2022/06/07/auto-cybersecurity-companies-challenge-is-now-proving-its-mousetrap-is-better/ - “ISO 26262: The ISO Standard for Functional Safety” – Security Boulevard
https://securityboulevard.com/2022/03/iso-26262-the-iso-standard-for-functional-safety/ - “Pentagon updates timeline for CMMC cybersecurity initiative” – Mark Pomerleau, FedScoop
https://www.fedscoop.com/pentagon-updates-timeline-for-cmmc-cybersecurity-initiative/ - “Attackers aim for Atlassian Confluence zero day with mass, targeted exploitation” – David Jones, Cybersecurity Dive
https://www.cybersecuritydive.com/news/attackers-atlassian-confluence-zero-day-exploit/625032/ - “Mandia: Keep ‘Shields Up’ to Survive the Current Escalation of Cyberattacks” – Kelly Jackson Higgins, Dark Reading
https://www.darkreading.com/threat-intelligence/mandia-keep-shields-up-to-survive-the-current-escalation-of-cyberattacks