The National Highway Traffic Safety Administration said it is seeking public comment on the draft Cybersecurity Best Practices for the Safety of Modern Vehicles (2020 Best Practices) it has submitted to the Federal Register for publication. This is an update to the existing best practices document that was published in 2016, and describes NHTSA’s nonbinding guidance to the automotive industry for improving vehicle cybersecurity for safety.
“Vehicle cybersecurity has high stakes,” said NHTSA Deputy Administrator James Owens. “The safety and security of everyone on our roads depend on it. We have learned a great deal in the past four years, and I encourage feedback on the 2020 edition.”
The 2020 update builds upon agency research, industry progress, public comments received on the prior version, and motor vehicle cybersecurity issues discovered by researchers over the past four years. The guidance also leverages emerging voluntary industry standards and a series of industry best practice guides developed by the Automotive Information Sharing and Analysis Center through its members.
As with the 2016 version, NHTSA’s draft 2020 Best Practices is intended to serve as a resource for the industry and covers safety-related cybersecurity issues for all motor vehicles and motor vehicle equipment. It is applicable to all individuals and organizations involved in the design, manufacture, and assembly of motor vehicles and their electronic systems and software.
In addition, NHTSA is also announcing a project with the Automotive Information Sharing and Analysis Center to develop a new training curriculum for vehicle cybersecurity professionals. NHTSA’s best practices identify workforce development and continuous education as crucial steps to improve vehicle cybersecurity. Auto-ISAC has also set this as a top goal for their organization and members. NHTSA said it “looks forward” to working with Auto-ISAC leadership to advance this initiative into action in the coming months.