The National Highway Traffic Safety Administration (NHTSA) updated its Cybersecurity Best Practices for the Safety of Modern Vehicles and is seeking public comment on the draft.
The document was published in 2016 and describes NHTSA’s nonbinding the automotive industry guidance on improving vehicle cybersecurity for safety.
“Vehicle cybersecurity has high stakes,” NHTSA Deputy Administrator James Owens stated. “The safety and security of everyone on our roads depend on it. We have learned a great deal in the past four years, and I encourage feedback on the 2020 edition.”
The draft document cited reports from Chetan Sharma Consulting and AT&T estimating that 32 million connected vehicles participated in the AT&T network alone in 2019’s first quarter.
“Vehicles are cyber-physical systems and cybersecurity vulnerabilities could impact safety,” the draft stated. “NHTSA has made vehicle cybersecurity an organizational priority, and it is important for automotive industry suppliers and manufacturers to do so as well. This includes proactively adopting and using available guidance, such as this document, as well as existing standards and best practices.”
NHTSA said the 2020 update builds upon agency research, industry progress, public comments received since 2016, as well as motor vehicle cybersecurity issues discovered by researchers over the time.
“Prioritizing vehicle cybersecurity also means establishing internal processes and strategies to ensure systems will be safe under expected real-world conditions, including in the presence of potential vehicle cybersecurity threats,” the draft stated. “The automotive cybersecurity environment is dynamic and is expected to change continually and quickly.”
NHTSA said the document is applicable to all individuals and organizations involved in the design, manufacture and assembly of motor vehicles and their electronic systems and software.
In addition, NHTSA announced a project with the Automotive Information Sharing and Analysis Center to develop a new training curriculum for vehicle cybersecurity professionals.
