In preparation for the new regulations set to take effect in 2027, CISOs are being urged to collaborate closely with their procurement teams to ensure that the vehicles purchased by their organizations comply with the upcoming standards. Vanessa Miller, a partner at law firm Foley and head of the firm’s national auto team, emphasized the importance of aligning vehicle purchases with the regulations to avoid potential compliance issues.
According to Miller, the responsibility for complying with the final rule falls on vehicle manufacturers and importers, but CISOs play a critical role in protecting organizational assets. She advised organizations to assess their current vehicle fleets for security vulnerabilities associated with existing components and consider implementing software updates to mitigate risks. Ensuring uniformity across the fleet post-2027 is also essential to avoid noncompliance issues related to retroactive purchases.
As the deadline for compliance approaches, CISOs will need to delve into the supply chain for organizational vehicles to address potential security concerns. Miller highlighted the importance of asking pointed questions about the supply chain to determine the origin of software and ownership. Additionally, she emphasized the need to review vendor management and supply chain policies to shift the burden of certification onto vehicle manufacturers.
The shift towards greater cybersecurity measures in the automotive industry is a response to the increasing connectivity of vehicles and the rise of digital threats. With vehicles becoming more reliant on software and technology, protecting them from cyberattacks has become a top priority for CISOs across various industries. The new regulations serve as a proactive step towards enhancing the security of vehicle fleets and safeguarding organizational assets from potential threats.
In conclusion, the collaboration between CISOs and procurement teams will be crucial in ensuring compliance with the upcoming regulations governing vehicle security. By taking proactive steps to assess and address security vulnerabilities in their vehicle fleets, organizations can better protect their assets and minimize the risk of noncompliance. As the automotive industry continues to evolve in the digital age, staying ahead of cybersecurity threats will be key to maintaining a secure and resilient fleet of vehicles.