National Highway Traffic Safety Administration Issues Guidance To Automakers For Improving Vehicle Cybersecurity

Stephen Abreu
King & Spalding
Contact
LinkedIn
Facebook
X
Send
Embed



On October 24, 2016, the National Highway Traffic Safety Administration (“NHTSA”), the federal agency responsible for motor vehicle safety in the United States, issued guidance to the automotive industry for improving vehicular cybersecurity.

The guidance was provided in the form of a 22-page document titled “Cybersecurity Best Practices for Modern Vehicles.”  In releasing the guidance, U.S. Transportation Secretary Anthony Foxx stated: “Our intention with today's guidance is to provide best practices to help protect against breaches and other security failures that can put motor vehicle safety at risk.”

The guidance is non-binding and recommends that automotive manufacturers take a “layered approach” to motor vehicle cybersecurity.  Such a layered approach is recommended to reduce the probability of an attack’s success and mitigate the ramifications of a potential unauthorized access.  According to the guidance, this layered approach should:

  • Be built upon risk-based prioritized identification and protection of safety-critical vehicle control systems and personally identifiable information;
  • Provide for timely detection and rapid response to potential vehicle cybersecurity incidents in the field;
  • Design methods and measures to facilitate rapid recovery from incidents when they occur; and
  • Institutionalize methods for accelerated adoption of lessons learned across the industry through effective information sharing, such as through participation in the Automative Information Sharing and Analysis Center (a central hub created by automakers for gathering intelligence that allows automakers to analyze, share and track cyber threats and spot potential weaknesses in vehicle electronics).

The guidance continues by listing a series of recommendations to implement this layered approach, such as self-auditing, conducting extensive product testing, and following a robust product development process to design systems free of potential cybersecurity threats.

This guidance follows calls by Congress for the NHTSA to address vehicular cybersecurity issues.  On September 12, 2016, the House Energy and Commerce Committee sent a letter to the NHTSA asking the agency to convene an industry-wide effort to discuss and address cyber safety and security risks particularly associated with access to vehicle on-board diagnostic (“OBD”) systems.  The letter was at least partially spurred by researchers Charlie Miller and Chris Valasek, who demonstrated that the OBD-II ports could be used to cause late model vehicles to behave in an erratic and unsafe manner. (See Andy Greenburg, The Jeep Hackers are Back to Prove Car Hacking Can Get Much Worse, Wired, Aug. 1, 2016). 

The NHTSA Report titled “Cybersecurity Best Practices for Modern Vehicles” can be found here, and the Report’s press release can be found here.  The House Energy and Commerce Committee letter can be found here

 

Send Print Report

DISCLAIMER: Because of the generality of this update, the information provided herein may not be applicable in all situations and should not be acted upon without specific legal advice based on particular situations.

© King & Spalding | Attorney Advertising

Written by:

King & Spalding
King & Spalding
Contact
more
less

King & Spalding on:

Reporters on Deadline

"My best business intelligence, in one easy email…"

Your first step to building a free, personalized, morning email brief covering pertinent authors and topics on JD Supra:
Sign Up Log in
*By using the service, you signify your acceptance of JD Supra's Privacy Policy.
Custom Email Digest
- hide
- hide