Subscribe
Regulation & Safety

NHTSA issues nonbinding guidance on auto cybersecurity

NHTSA Administrator Mark Rosekind: "In the constantly changing environment of technology and cybersecurity, no single or static approach is sufficient."
RB
By:
Ryan Beene
October 24, 2016 05:00 AM

WASHINGTON -- The National Highway Traffic Safety Administration released new guidance for how automakers should approach cybersecurity amid growing scrutiny prompted by high-profile vehicle hacks and the spread of car connectivity technologies.

NHTSA says cybersecurity should be a top priority of automakers and suppliers that should be formally addressed during the product development process of new vehicles. The agency also says automakers and suppliers should conduct “penetration tests” to seek out potential vulnerabilities. Test results should be documented to describe how weak spots were addressed or the rationale for not addressing vulnerabilities found in testing.

The 22-page guidance is nonbinding and follows earlier cybersecurity “best practices” released in July by the Automotive Information Sharing and Analysis Center, a consortium of major automakers formed to act as a clearinghouse to share cybersecurity information.

“In the constantly changing environment of technology and cybersecurity, no single or static approach is sufficient,” NHTSA Administrator Mark Rosekind said in a statement. “Everyone involved must keep moving, adapting, and improving to stay ahead of the bad guys.”

The guidance also highlights NHTSA’s view that its authority covers auto cybersecurity even though the issue is not addressed by one of the existing Federal Motor Vehicle Safety Standards.

The agency and automakers alike have felt pressure from lawmakers to take a more aggressive approach on vehicle security in the last two years, with some proposing legislation to direct NHTSA and the Federal Trade Commission to write new regulations setting minimum digital protections.

Long a topic of interest in the security research community, auto cybersecurity gained a broader audience in the summer of 2015, when researchers Charlie Miller and Chris Valasek hacked a Jeep Cherokee and took control of key vehicle systems using a laptop from miles away.

The hack prompted the first-ever recall to address a security issue, covering 1.4 million Fiat Chrysler vehicles.

Featured Stories

Ford halts shipments of vehicles to China amid tariffs, report says
Ford halts shipments of vehicles to China amid tariffs, report says
Why steel and aluminum tariffs are keeping auto suppliers up at night
Why steel and aluminum tariffs are keeping auto suppliers up at night
Wall Street titan Bill Ackman makes big bet on Hertz becoming tariff winner
Wall Street titan Bill Ackman makes big bet on Hertz becoming tariff winner
Dealership buy-sell database updates: Top 150 groups among buyers, sellers in deals across 6 states
Dealership buy-sell database updates: Top 150 groups among buyers, sellers in deals across 6 states

Latest News

Ford halts shipments of vehicles to China amid tariffs, report says
Wall Street titan Bill Ackman makes big bet on Hertz becoming tariff winner
Scout hires former Bentley exec as COO, names new production boss
Daily 5 report for April 18: The insidious troubles with metals tariffs; Hertz stock surge could signal rising used-car values
Staying current is easy with newsletters delivered straight to your inbox.

See More in Regulation & Safety

Daily 5 report for April 9: The tragedy of elevated U.S. highway fatalities; follow this piston across North America
U.S. traffic deaths fell 3.8% in 2024, lowest number since 2020
Trump says he’ll bring back less stringent auto emissions standards
Trump sued by Democratic FTC commissioners for their firings
Staying current is easy with newsletters delivered straight to your inbox.