From SOC to VSOC: Transferring Key Requirements for Efficient Vehicle Security Operations
Proceedings of the 21th escar Europe : The World's Leading Automotive Cyber Security Conference (escar)
by Jenny Hofbauer; Kevin Gomez Buquerin; Hans-Joachin Hof (CARISSMA Institute for Electric, Connected, and Secure Mobility, Technical University Ingolstadt)

The prioritization of passenger safety and comfort in the automotive sector lead to the research and development of technologies such as seat belts, airbags, driving assistants, and autonomous driving. These technologies bring advantages and new, unique dangers in the area of Information Technology (IT) security. Most enterprises have established a Security Operations Center (SOC) to protect their IT systems from security threats. Due to the changing threat landscape, increasing hacker attacks, and unique challenges, introducing a dedicated Vehicle Security Operations Center (VSOC) is critical. This paper defines in which aspects a VSOC that specializes in protecting vehicle fleets has to be adapted to the application area compared to an enterprise IT SOC. The aspects are found by defining primary SOC capabilities from existing literature on a non-domain-specific SOC. Determined by the definition of a SOC, requirements of current regulations and best practices of IT security in the automotive sector are collected. Based on these minimum requirements, the differences between an enterprise IT SOC and a VSOC can be discerned using coverage, people, technical, governance, and compliancemetrics. This approach shows that the methods, procedures, and technical solutions used in an enterprise IT SOC can, for the most part, not be directly implemented in a VSOC. By defining the minimum legal requirements of a VSOC and giving an overview of the unique challenges of protecting a vehicle fleet, this paper offers a concrete basis for the design and practical implementation of a VSOC.