The U.S. Department of Transportation’s National Highway Traffic Safety Administration (NHTSA) will look for public feedback on proposed guidance to protect vehicles from malicious cyber-attacks and unauthorized access.
“Cybersecurity is a safety issue, and a top priority at the Department,” said U.S. Transportation Secretary Anthony Foxx. “Our intention with today’s guidance is to provide best practices to help protect against breaches and other security failures that can put motor vehicle safety at risk.”
The proposed guidance focuses on layered solutions to ensure vehicle systems take appropriate and safe actions to avoid attacks, and even when an attack is successful. The guidance recommends risk-based prioritized identification and protection of critical vehicle controls and consumers’ personal data. Further, it recommends that companies should consider the full life-cycle of their vehicles and facilitate rapid response and recovery from cybersecurity incidents. This guidance also highlights the importance of making cybersecurity a top leadership priority for the automotive industry.
“In the constantly changing environment of technology and cybersecurity, no single or static approach is sufficient,” said NHTSA Administrator Dr. Mark Rosekind. “Everyone involved must keep moving, adapting, and improving to stay ahead of the bad guys.”
The proposed guidance also suggests best practices for researching, investigating, testing and validating cybersecurity measures.
Those best practices are based on public feedback gathered by NHTSA, as well as the National Institute of Standards and Technology’s (NIST) Framework for Improving Critical Infrastructure Cybersecurity.
NHTSA is soliciting public comments on the proposed guidance for 30 days. The public can submit feedback by visiting regulations.gov and searching for docket NHTSA-2016-0104.
An overview of NHTSA’s work on vehicle cybersecurity can be found here.