Menu
US transport agency guidance on vehicle cybersecurity irks lawmakers

US transport agency guidance on vehicle cybersecurity irks lawmakers

The guidelines issued by the NHTSA are only voluntary

Guidance from the National Highway Traffic Safety Administration for improving motor vehicle cybersecurity has attracted criticism from lawmakers who said that mandatory security standards were required.

“This new cybersecurity guidance from the Department of Transportation is like giving a take-home exam on the honor code to failing students,” said Senators Edward J. Markey, a Democrat from Massachusetts, and Richard Blumenthal, a Democrat from Connecticut, who are both members of the Commerce, Science and Transportation Committee.

“In this new Internet of Things era, we cannot let safety, cybersecurity, and privacy be an afterthought,” the senators added.

On Monday, NHTSA released a document, titled “Cybersecurity best practices for modern vehicles,” that laid out the agency’s “non- binding guidance” to the automotive industry for improving motor vehicle cybersecurity.

Markey and Blumenthal introduced in July last year in the Senate the Security and Privacy in Your Car Act, also known as the SPY Car Act, which would direct the NHTSA and the Federal Trade Commission to establish federal standards for vehicles made for sale in the U.S. that would protect them from unauthorized access to their electronic controls or data collected by electronic systems. A violator is liable for a civil penalty of up to US$5,000 for each violation.

The legislation would also establish a rating system or 'cyber dashboard' that would inform consumers about how well a vehicle protects drivers’ security and privacy beyond the minimum standards. The SPY Car Act was referred to the Committee on Commerce, Science, and Transportation on July 21, 2015, and has been pending ever since.

Concerns about the cybersecurity of automobiles came to the forefront last year after two security experts gained access to a Jeep Cherokee and took control remotely of some vital functions of the vehicle, raising concerns about the safety of vehicles with a high degree of automation. Under a NHTSA campaign, Chrysler recalled about 1.4 million vehicles that were equipped with radios that had software vulnerabilities that could allow third-party access to certain networked vehicle control systems.

NHTSA said in its report it was important for the automotive industry to make vehicle cybersecurity an organizational priority by proactively adopting and using available guidance such as its document and existing standards and best practices.

“Prioritizing vehicle cybersecurity also means establishing other internal processes and strategies to ensure that systems will be reasonably safe under expected real-world conditions, including those that may arise due to potential vehicle cybersecurity vulnerabilities,” the agency said in the report, which advises car makers that the product development process should be based on a systems-engineering approach that aims at designing systems free of unreasonable safety risks including from potential cybersecurity threats and vulnerabilities.

Among the fundamental vehicle protections recommended by NHTSA are limiting or even eliminating when possible developer and debugging access to the electronic control unit in production devices, controlled access and ability to modify firmware by using digital signing techniques, and the use of segmentation and isolation in vehicle architecture design with strong boundary controls.


Follow Us

Join the newsletter!

Or

Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.

Featured

Slideshows

Meet the leading female front runners of the Kiwi channel

Meet the leading female front runners of the Kiwi channel

Reseller News honoured the leading female front runners of the New Zealand channel at the 2018 Women in ICT Awards (WIICTA) in Auckland. The awards honoured standout individuals across seven categories, spanning Entrepreneur; Innovation; Rising Star; Shining Star; Community; Technical and Achievement.

Meet the leading female front runners of the Kiwi channel
Meet the top performing customer-centric Microsoft channel partners

Meet the top performing customer-centric Microsoft channel partners

Microsoft honoured leading partners across the channel following a year of customer innovation and market growth in New Zealand. The 2018 Microsoft Partner Awards recognised excellence within the context of the end-user, spanning a host of emerging and established providers.

Meet the top performing customer-centric Microsoft channel partners
Reseller News launches new-look Awards at 2018 Judges’ Lunch

Reseller News launches new-look Awards at 2018 Judges’ Lunch

Introducing the Reseller News Innovation Awards, launched to the channel at the 2018 Judges’ Lunch in Auckland. With more than 70 judges now part of the voting panel, the new-look awards will reflect the changing dynamics of the channel, recognising excellence across customer value and innovation - spanning start-ups, partners, distributors and vendors.

Reseller News launches new-look Awards at 2018 Judges’ Lunch
Show Comments