News

As vehicles become increasingly connected, OEMs must develop cybersecurity programs to address new risks. In a presentation titled, “Connected Vehicles & Cybersecurity: How Government and Industry Are Responding to New IoT Tech & Emerging Threats,” a Tech Briefs reader asked our expert:

“How important are C-suite support and resources for a cybersecurity program?”

The following is an edited response from Michael G. Morgan, Partner at the international law firm McDermott Will & Emery:

Michael G. Morgan

Michael Morgan: One of the things that I think really distinguishes a good cybersecurity program from a bad cybersecurity program is just how much the senior leadership is convinced of the risk level that is going to be assigned to cybersecurity.

If you have an organization where the CEO and the board understand that the success of the product or services being sold depends on good cybersecurity, everything that's done within the cybersecurity program will be handled differently. You may have a 30-page incident response plan and a 150-page playbook for how you’ll respond to an incident. If you have the C-suite and the board behind you in terms of support, you're going to have the resources and budget to do things like testing, reviews, audits, assessments, and preparing for those incidents. C-suite support is absolutely essential.

You don’t need to have a perfect incident response plan, but you need to have one in place. Frankly, a lot of organizations aren’t even close to that. A company may have an incident response plan, but it hasn't received support from the top. Then, when an incident happens, they don't even follow their incident response plan.

In terms of a big industry like automotive, OEMs are obviously going to have these procedures are in place. The question is going to be just how many resources are being driven to make sure the incident response plan is mature.

Watch the full presentation: Connected Vehicles & Cybersecurity: How Government and Industry Are Responding to New IoT Tech & Emerging Threats.

What do you think? Share your comments below.

The U.S. Government does not endorse any commercial product, process, or activity identified on this web site.