After its recent release of guidelines regarding self-driving cars, the National Highway Traffic Safety Administration released a set of “best practices” for cybersecurity in vehicles. The 22-page document encourages auto manufacturers to proactively incorporation security in their efforts a matter of course (e.g., privacy by design). The guidelines recommend a “layered approach” of protections, and encourage the industry to follow the NIST Cybersecurity Framework’s core principles of “identify, protect, detect, respond, and recover”. The NHTSA recommends that the industry review and consider the IT security suite of industry standards, such as the ISO 27000 series and other best practices used by sectors such as the financial, energy, communications, and IT industries. It also recommends information sharing related to cybersecurity events in “as close to real time as possible” using the Automotive Information Sharing and Analysis Center (“Auto- ISAC”). Further, the guidelines encourage disclosure of potential vulnerability discoveries, as well as retention of data related to self-audits, which include attempts by car makers to test their own systems for vulnerabilities.
To view the entire report, click here. For more NHTSA information on automotive cybersecurity, click here.