The 324 US Department of Transportation's National Highway Traffic Safety Administration (NHTSA) is taking a proactive safety approach to protect vehicles from malicious cyber-attacks and unauthorised access by releasing proposed guidance for improving motor vehicle cyber security.
The proposed cyber security guidance focuses on layered solutions to ensure vehicle systems are designed to take appropriate and safe actions, even when an attack is successful. The guidance recommends risk-based prioritised identification and protection of critical vehicle controls and consumers' personal data. Further, it recommends that companies should consider the full life-cycle of their vehicles and facilitate rapid response and recovery from cyber security incidents.
This guidance also highlights the importance of making cyber security a top leadership priority for the automotive industry, and suggests that companies should demonstrate it by allocating appropriate and dedicated resources, and enabling seamless and direct communication channels though organisational ranks related to vehicle cyber security matters.
"Cyber security is a safety issue, and a top priority at the Department," said US Transportation Secretary Anthony Foxx. "Our intention with today's guidance is to provide best practices to help protect against breaches and other security failures that can put motor vehicle safety."
"In the constantly changing environment of technology and cyber security, no single or static approach is sufficient," said NHTSA Administrator Dr Mark Rosekind. "Everyone involved must keep moving, adapting, and improving to stay ahead of the bad guys."
In addition to product development, the guidance suggests best practices for researching, investigating, testing and validating cyber security measures, NHTSA recommends the industry self-audit and consider vulnerabilities and exploits that may impact their entire supply-chain of operations. The safety agency also recommends employee training to educate the entire automotive workforce on new cyber security practices and to share lessons learned with others.
The proposed cyber security guidance focuses on layered solutions to ensure vehicle systems are designed to take appropriate and safe actions, even when an attack is successful. The guidance recommends risk-based prioritised identification and protection of critical vehicle controls and consumers' personal data. Further, it recommends that companies should consider the full life-cycle of their vehicles and facilitate rapid response and recovery from cyber security incidents.
This guidance also highlights the importance of making cyber security a top leadership priority for the automotive industry, and suggests that companies should demonstrate it by allocating appropriate and dedicated resources, and enabling seamless and direct communication channels though organisational ranks related to vehicle cyber security matters.
"Cyber security is a safety issue, and a top priority at the Department," said US Transportation Secretary Anthony Foxx. "Our intention with today's guidance is to provide best practices to help protect against breaches and other security failures that can put motor vehicle safety."
"In the constantly changing environment of technology and cyber security, no single or static approach is sufficient," said NHTSA Administrator Dr Mark Rosekind. "Everyone involved must keep moving, adapting, and improving to stay ahead of the bad guys."
In addition to product development, the guidance suggests best practices for researching, investigating, testing and validating cyber security measures, NHTSA recommends the industry self-audit and consider vulnerabilities and exploits that may impact their entire supply-chain of operations. The safety agency also recommends employee training to educate the entire automotive workforce on new cyber security practices and to share lessons learned with others.