In 2015, some 1.4 million vehicles were impacted by the first and only cybersecurity-related recall, according to the National Highway Traffic Safety Administration (NHTSA). To protect against future cybersecurity breaches, NHTSA recently released Cybersecurity Best Practices for the Safety of Modern Vehicles, an update to its 2016 version, as guidance for the automotive industry.
Today’s vehicles depend more and more on connectivity and technology that runs on complex software. Cybersecurity aims to protect these systems and the information contained within them.
Moreover, with vehicles, cybersecurity ensures that systems and components that govern safety are protected from harmful attacks, unauthorized access, damage, or anything else that might interfere with safety functions. For example, driver assistance technologies, such as forward collision warning, automatic emergency braking, and vehicle safety communications, all pose cybersecurity challenges.
The updated best practices will provide the industry with important tools to protect Americans against cybersecurity risks and help ensure systems from being compromised, notes NHTSA. The 2022 Cybersecurity Best Practices leverage agency research, industry voluntary standards, and learnings from the motor vehicle cybersecurity research over the past several years and is updated based on public comments received in 2021.
NHTSA believes the voluntary best practices described in the document provide a solid foundation for developing a risk-based approach to cybersecurity challenges, and describes important processes that can be maintained, refreshed, and updated effectively over time to serve the needs of the automotive industry.