The NHTSA guidelines were published in a report called “Cybersecurity Best Practices for Modern Vehicles.” The guidelines are not mandatory and, so far, not enforceable, although not everyone in Washington is pleased about that.
Calling for stronger regulations, two U.S. senators, Massachusetts Sen. Ed Markey, a Democrat, and Sen. Richard Blumenthal, also a Democrat, released their own statement that, “If modern day cars are computers on wheels, we need mandatory standards, not voluntary guidance, to ensure that our vehicles cannot be hacked and lives and information put in danger.”
As with NHTSA’s recent guidelines for autonomous vehicles, the federal regulators issued these cybersecurity proposals at a time when technology is advancing quickly. “The automotive cyber security environment is dynamic and is expected to change continually and, at times, rapidly. NHTSA believes that the voluntary best practices described in this document provide a solid foundation for developing a risk-based approach and important processes that can be maintained, refreshed, and updated effectively over time to serve the needs of the automotive industry.” reads part of the document’s purpose statement.
Sections of the NHTSA recommended guidelines address wireless interfaces, internal vehicle communications, the proliferation of network ports, protocols, and services, access to firmware, access to vehicle diagnostic maintenance, as well as other in-vehicle, development and production factors. Another guideline recommends open sharing of vehicle cyber security threats and gaps.
Information sharing in the competitive automotive industry may seem like a challenge, but as Reuters noted, BMW AG and Tesla Motors have disclosed security gaps in the past. The Alliance of Automobile Manufacturers, an industry group that represents major carmakers, said the NHTSA proposals reflect recommended steps by its own security group, according to Reuters.
