The DOT’s best practices aim to reduce the probability of a cyberattack or mitigate a successful intrusion.
The US Department of Transportation this week released cybersecurity best practices for car makers that aim to reduce the probability of a cyberattack or—if that fails—mitigate the ramifications of a successful intrusion.
Car companies should “identify, protect, detect, respond, and recover” when faced with a cyber-security issue, according to DOT’s National Highway Traffic Safety Administration (NHTSA).
“In the constantly changing environment of technology and cybersecurity, no single or static approach is sufficient,” NHTSA administrator Mark Rosekind said in a statement. “Everyone involved must keep moving, adapting, and improving to stay ahead of the bad guys.”
A range of components can put your vehicle at risk—from keyless entry, ignition control, and tire-pressure monitoring to diagnostic, navigation, and entertainment systems.
Consumers can guard against intrusions by keeping software up to date.
But automakers need to conduct self-audits and employee training, among other things, NHTSA says.
Basically, cyber-security planning should become an integral part of any auto maker’s playbook.
That includes “allocating appropriate and dedicated resources, and enabling seamless and direct communication channels though organizational ranks related to vehicle cybersecurity matters,” the agency says.
“Cybersecurity is a safety issue, and a top priority at the Department,” Transportation Secretary Anthony Foxx said. “Our intention with today’s guidance is to provide best practices to help protect against breaches and other security failures.”
NHTSA’s proposed guidance is open to public comment for 30 days; submit feedback online by searching for docket NHTSA-2016-0104.
To make sure self-driving cars won’t run amok, meanwhile, the DOT last month issued a new policy for automated vehicles, which covers vehicle performance guidance, model state policy, current regulatory tools, and modern regulatory rules.