NHTSA Updates its Guidance on Cybersecurity Best Practices for the Safety of Modern Vehicles

Kristen Bartolotta, Amy Mushahwar, Kimberly Kiefer Peretti
Alston & Bird
Contact
LinkedIn
Facebook
X
Send
Embed

Alston & Bird

On September 7, 2022 the U.S. Department of Transportation’s National Highway Traffic Safety Administration (NHTSA) released an updated edition of its Cybersecurity Best Practices for the Safety of Modern Vehicles, the last edition of which was published in 2016. This most recent edition of this non-binding guidance leverages agency research, industry voluntary standards, and findings from cybersecurity research conducted over several years. Additionally, the guidance was updated based upon public comments received on the draft that was published in the Federal Register last year.

In the updated guidance, NHTSA separates its recommendations into general best practices, and technical best practices for cybersecurity. The best practices follow many of the same overarching topics as the previous guidance, including recommendations that the National Institute of Standards and Technology’s (NIST) Cybersecurity Framework and best practices for secure software development be implemented, but have been updated to reflect changes in technology and the applicability of recent industry standards. For example, in the 2022 guidance NHTSA recommends following emerging voluntary standards such as ISO/SAE FDIS 21434 “Road vehicles – Cybersecurity engineering”, in addition to NIST. The updated guidance includes a total of 45 general best practices and 23 technical best practices with updated and new recommendations for items such as secure software development, electronic control unit (ECU) security, external data ports, and securing diagnostic tools.

Notably, the guidance still includes a strong suggestion that members of the automotive industry share information on potential attacks with each other through Auto-ISAC. NHTSA further recommends sharing information on potential attacks through other sharing mechanisms, including US-CERT at CISA.

With this guidance, NHTSA intends establish a baseline of cybersecurity for the automotive industry and to encourage industry members to continue to make vehicle and industry cybersecurity a priority. This is particularly important as cars become more connected and offer more internet connectivity and access points.

[View source.]

Send Print Report

DISCLAIMER: Because of the generality of this update, the information provided herein may not be applicable in all situations and should not be acted upon without specific legal advice based on particular situations.

© Alston & Bird | Attorney Advertising

Written by:

Alston & Bird
Alston & Bird
Contact
more
less

PUBLISH YOUR CONTENT ON JD SUPRA NOW

  • Increased visibility
  • Actionable analytics
  • Ongoing guidance

Alston & Bird on:

Reporters on Deadline

"My best business intelligence, in one easy email…"

Your first step to building a free, personalized, morning email brief covering pertinent authors and topics on JD Supra:
Sign Up Log in
*By using the service, you signify your acceptance of JD Supra's Privacy Policy.
Custom Email Digest
- hide
- hide