The USDOT has released new guidelines for improving motor vehicle cybersecurity. The guidance recommends risk-based prioritized identification and protection of critical vehicle controls and consumers’ personal data, and highlights the importance of making cybersecurity a top leadership priority for the automotive industry.
The U.S. Department of Transportation’s National Highway Traffic Safety Administration (NHTSA) is taking a proactive safety approach to protect vehicles from malicious cyber-attacks and unauthorized access by releasing proposed guidance for improving motor vehicle cybersecurity.
The proposed cybersecurity guidance focuses on layered solutions to ensure vehicle systems are designed to take appropriate and safe actions, even when an attack is successful. The guidance recommends risk-based prioritized identification and protection of critical vehicle controls and consumers’ personal data. Further, it recommends that companies should consider the full life-cycle of their vehicles and facilitate rapid response and recovery from cybersecurity incidents.
This guidance also highlights the importance of making cybersecurity a top leadership priority for the automotive industry, and suggests that
companies should demonstrate it by allocating appropriate and dedicated resources, and enabling seamless and direct communication channels though organizational ranks related to vehicle cybersecurity matters.
In addition to product development, the guidance suggests best practices for researching, investigating, testing and validating cybersecurity measures. NHTSA recommends the industry self-audit and consider vulnerabilities and exploits that may impact their entire supply-chain of operations. The safety agency also recommends employee training to educate the entire automotive workforce on new cybersecurity practices and to share lessons learned with others.
NHTSA is soliciting public comments on the proposed guidance for 30 days. The public can submit feedback by visiting regulations.gov and searching for docket NHTSA-2016-0104.