CybersecurityMarket Research

Auto-ISAC launches automotive threat matrix for cybersecurity

Washington, DC – March 27, 2024 – The Automotive Information Sharing and Analysis Center (Auto-ISAC), an automotive industry organization that facilitates information sharing and collaboration on vehicle cybersecurity threats, introduced the Automotive Threat Matrix (ATM). This innovative initiative marks a significant leap forward in bolstering the assessment of automotive threats and risks, as well as the classification and sharing of cyber threat intelligence across the automotive industry. This tool is designed to help automakers, manufacturers, and other stakeholders in the automotive industry improve their cybersecurity posture. It aims to protect their vehicles from cyber attacks.

Crafted by esteemed automotive security subject matter experts from Auto-ISAC’s Member and Partner network, the Automotive Threat Matrix (ATM) represents a pioneering effort. Modeled after the acclaimed MITRE ATT&CK™ framework, ATM offers a standardized taxonomy. Moreover, meticulously tailored it for automotive-specific adversarial cyber tactics and techniques.

“In the realm of automotive cybersecurity, shared understanding accelerates industry maturation. This, in turn, speeds up the response to cyber-attacks, both of which are vital to staying ahead of emerging threats,” stated Kevin Tierney, Chair, Auto-ISAC, and Chief Cybersecurity Officer at General Motors. “ATM represents a significant advancement in our ongoing mission to enhance automotive cybersecurity governance. Furthermore, it provides stakeholders with a standard taxonomy to communicate and act more effectively.”

What Can It Do?

  • Expedited Threat Intelligence: ATM accelerates the categorization of vehicle-specific threat intelligence. It facilitates the swift identification of emerging attack techniques targeting vehicles.
  • Streamlined Governance: ATM enhances all aspects of automotive cybersecurity governance. Moreover, it encompasses threat assessment, intelligence sharing, incident response, compliance reporting, and execution of penetration testing.
  • Compliance Abstraction: ATM serves as a useful abstraction for compliance reporting. It aids in fulfilling automotive cybersecurity regulatory requirements such as UN Regulation 155 and current as well as future legislative requirements.
  • Enhanced Threat Detection: ATM, based upon real-world attacker tactics and techniques, can help identify attack paths and inform the design of intrusion detection systems.

ATM is available online at

Automakers formed the Auto-ISAC in August 2015 to establish a global information-sharing community aimed at addressing vehicle cybersecurity. Moreover, it operates as a central hub for sharing, tracking, and analyzing intelligence about emerging cybersecurity risks. Its secure intelligence-sharing portal allows members to anonymously submit information. This helps them more effectively respond to cyber threats by receiving relevant information.

Auto-ISAC’s 2024 Europe Cybersecurity Summit is scheduled for June 11-13, 2024, hosted by BMW in Munich, Germany. To register or become a sponsor of the Summit, please visit 2024 Europe Cybersecurity Summit.    

Auto-ISAC members represent more than 99 percent of light-duty vehicles on the road in North America. Members also include heavy-duty vehicles, commercial fleets, carriers, and suppliers.

News related to Auto-ISAC –

  1. Auto-ISAC welcomes Amazon & PHINIA as new members
Back to top button