The National Highway Traffic Safety Administration has released a summary of cybersecurity best practices for modern vehicles, in hopes of assisting the automotive industry in thwarting would-be hackers.
The proposed cybersecurity guidance, which is nonbinding, focuses on developing solutions to ensure vehicle systems take appropriate actions — even when an attack is successful. The guidance stresses protection of critical vehicle controls and consumers’ personal data.
Further, the document recommends that companies consider the full lifecycle of their vehicles and facilitate rapid response and recovery from cybersecurity incidents.
“In the constantly changing environment of technology and cybersecurity, no single or static approach is sufficient,” said NHTSA Administrator Dr. Mark Rosekind. “Everyone involved must keep moving, adapting, and improving to stay ahead of the bad guys.”
In addition to product development, the guidance suggests best practices for researching, investigating, testing, and validating cybersecurity measures. NHTSA recommends the industry self-audit and consider vulnerabilities that may impact the entire supply chain of operations. The federal safety agency also recommends employee training to educate the automotive workforce on new cybersecurity practices and to share lessons learned with others.
Many of NHTSA’s recommended best practices mirror those released by the Automotive Information Sharing and Analysis Center. The agency will continue to solicit public comments on the proposed guidance for 30 days.