WASHINGTON DC – The National Highway Traffic Safety Administration published a series of non-binding guidelines for all U.S. Automakers to protect cars and drivers from the increasing threat of cyber attacks.
Vehicle cyber attacks are on the rise. Just last month, Yahoo was the subject of the world’s most massive hack with half a billion accounts compromised. The auto industry is taking measures to ensure something like this doesn’t happen to vulnerable drivers.
The guidelines focus on two areas: how to best prevent a cyber attack in vehicles and how to respond effectively if an attack occurs.
With this in mind, the government agency drew inspiration from existing regulations. The Cybersecurity Framework of the National Institute of Standards and Technology served as a sketch for the ‘Cybersecurity Best Practices for Modern Vehicles’ document.
Similar to the Cybersecurity Framework, the NHTSA guidelines set focuses on five primary axes: recognize, protect, detect, respond and recover. The document itself, however, has seven sections under the ‘Automotive Industry Cybersecurity Guidance.’
The cyber security ‘best practices’ suggest that the issue of safety should start with the manufacturers themselves. New policies should be implemented for automakers to make sure they meet higher industry-wide safety standards in their modern vehicles, i.e. those with semi-autonomous features or even driverless cars.
NHTSA guidance emphasizes the importance of transparency when dealing with cyber attacks. Sharing information and timely reporting incidents should be priority number one for automakers and drivers alike.
The ‘best practices’ propose not only that manufacturers test their cars more in depth in search of vulnerabilities, but also that they develop appropriate response protocols just in case anything happens.
Furthermore, the NHTSA insists on an industry-wide compromise to self-audit their latest vehicles, and it goes more in depth as to which security aspects should be reinforced as a preemptive cybersecurity measure.
“Cybersecurity is a safety issue, and a top priority at the Department. Our intention with today’s guidance is to provide best practices to help protect against breaches and other security failures that can put motor vehicle safety,” said the DOT Secretary Anthony Foxx in a statement.
The new set of cybersecurity guidelines is non-binding, which means that it is not federal legislation and automakers are not required to follow it. However, the NHTSA urges the automotive industry to adopt these ‘best practices’ for everyone’s sake.