US DOT releases guidance for automotive industry to improve motor vehicle cybersecurity


The US Department of Transportation's National Highway Traffic Safety Administration (NHTSA) has released proposed guidance for improving motor vehicle cybersecurity, as part of an effort to protect vehicles from malicious cyber-attacks and unauthorised access.

US Transportation Secretary Anthony Foxx said: "Cybersecurity is a safety issue, and a top priority at the Department.

"Our intention with today's guidance is to provide best practices to help protect against breaches and other security failures that can put motor vehicle safety."

"The guidance suggests risk-based prioritised identification and protection of important vehicle controls and consumers' confidential information."

The guidelines emphasise on building layered solutions for ensuring that vehicle systems are designed to take appropriate and safe actions, even if an attack is successful.

The guidance suggests risk-based prioritised identification and protection of important vehicle controls and consumers' confidential information.

Additionally, the guidance also emphasises on the need of making cybersecurity a top priority for the automotive industry.

NHTSA administrator Mark Rosekind said: "In the constantly changing environment of technology and cybersecurity, no single or static approach is sufficient.

"Everyone involved must keep moving, adapting, and improving to stay ahead of the bad guys."

NHTSA guideline also suggests that companies should demonstrate it by allocating appropriate and dedicated resources, and enabling seamless and direct communication channels though organisational ranks related to vehicle cybersecurity matters.

The safety agency also recommends employee training to educate the entire automotive workforce on new cybersecurity practices and to share lessons learned with others.

The guidance published is based on public feedback gathered by NHTSA, as well as the National Institute of Standards and Technology's (NIST) Framework for Improving Critical Infrastructure Cybersecurity.