Building an Effective VSOC With A Partner Approach


Our VSOC is a key component in any Cybersecurity Management System (CSMS). Whether managing your VSOC in-house or looking to build one together, our Build, Operate, Transfer (BOT) model, offers the flexibility you need to meet regulatory concerns and prepare your team based on automotive-specific cyber threat intelligence needed for today’s connected vehicles. Want to see how it can work for you?


How to build and operate a VSOC is a top-of-mind question for many in the automotive industry, either for handling existing and emerging cybersecurity threats or complying with the UNECE WP.29’s R155 regulation. The VSOC, as we see it, is a key operational component of the OEM’s CSMS – or Cyber Security Management System, as stipulated in this regulation. 

As a first step to building a VSOC, some of our clients choose to use our VSOC framework to lay out the different components and capabilities that should be in place. Our clients are working with us to structure, develop, and operate their VSOC with the intention for us to pass it off to an in-house capacity at a later date.

This Build Operate Transfer, or BOT model is intended to be transferable between us and our clients and/or partners. The most common two reasons are 1) either the OEM does not have enough manpower and/or the right skills to fully take on the responsibility at the time of development, or 2) their internal team would like to work together in tandem, ensuring they have all the necessary capabilities in place, before bringing all tasks in-house.

As we see when we build and operate VSOCs, a great deal of the use cases we monitor are new to the OEMs, and therefore it is quite often we see that effective response processes and procedures are not in place, and require creating them from scratch. We build with our clients end-to-end processes that rest firmly on our experience and expertise. We document these processes in playbooks that lay out all the necessary steps to take, from containment through eradication and recovery, to ensuring that lessons are learned from and future threats and vulnerabilities can be mitigated.

To summarize, the key to working effectively using a BOT model with Upstream, is having a clear framework and action plan, robust processes backed with clear documentation, and well-defined protocols.

Newsletter Icon

to our newsletter

Sign up to receive updates delivered to your inbox

The high-impact automotive cyber security trends and incidents of H1-2022

This webinar will discuss three emerging cyber threats and their potential impact on end users, OEMs, and the entire smart mobility ecosystem.

More Details

H1’2022 Automotive Cyber Trend Report

This report offers extensive coverage and analysis of automotive-specific cyber incidents across all attack vectors and their impact on the wide ecosystem.

More Details

EV 充電所 拡大に向けて: EV充電所インフラ安全確保への課題

Delivering driver confidence with robust charging networks has created new opportunities for hackers to penetrate OEM and Tier-1 networks by tampering with charging station data.

More Details

The Leading Managed Vehicle SOC: Actively Protecting Millions of Vehicles for OEMs Worldwide

Protect automotive cybersecurity with an automotive-specific Vehicle Security Operations Center (VSOCs) to address the complexity of cyberattacks targeting OT networks, such as connected vehicles and&

More Details

Beyond Cyber: Upstream Puts Data in Motion

Automotive data in the cloud breaks silos, allowing teams to analyze information in the pursuit of identifying exciting new revenue opportunities.

More Details

2022 グローバルモビリティ サイバーセキュリティ報告書

2022 グローバルモビリティ サイバーセキュリティ報告書2022年版のサイバーセキュリティ報告書では過去10年に実際に 起こったサイバー攻撃の脅威を

More Details