NHTSA issues cybersecurity guidance for automakers

NHTSA issues cybersecurity guidance for automakers

With cybersecurity sure to be a topic at the 2017 Washington Auto Showês AutoMobility Talks, the new guidance for automakers from the National Highway Traffic Safety Administration (NHTSA) is timely.

In an unusual approach that is very different from its normal reactive response, NHTSA said it is taking a proactive safety approach to protect vehicles from cyberattacks and unauthorized access by releasing this proposed guidance. The guidance for automakers is voluntary and will go into effect after a 30-day comment period.

–Cybersecurity is a safety issue, and a top priority at the Department of Transportation,” said Transportation Secretary Anthony Foxx. –Our intention with todayês guidance is to provide best practices to help protect against breaches and other security failures that can put motor vehicle safety at risk.”

The guidance includes building cybersecurity into the vehicle design process, making it a priority for industry leadership, sharing cybersecurity information with others in the industry, setting up a response process to cyberhacking, self-auditing and conducting risk assessment.

Automakers are already sharing information through the Automotive Information Sharing and Analysis Center, a consortium of major automakers set up as a clearinghouse for cybersecurity information. It released a set of best practices in July. The Alliance of Automobile Manufacturers, which established the Center, said it is reviewing NHTSAês guidance.

Senators Ed Markey (D-MA) and Richard Blumenthal (D-CT), frequent critics of the auto industry, said the NHTSA guidance –is like giving a take-home exam on the honor code to failing students” and that DOT should issue mandatory standards, not voluntary guidance. General Motors applauded the guidance.

Download Bulletin PDF