The Department of Transportation issued guidance for motor vehicle cybersecurity to ensure that connected vehicles can make appropriate decisions when cyberattacks are successful.
The guidance issued Monday recommends that the industry that’s building these vehicles use risk-based prioritized identification, protection of critical vehicle controls and consumers’ personal data, consider the full life cycle of the vehicles, and create quick mitigation of cybersecurity incidents.
The National Highway Traffic Safety Administration (NHTSA) recalled about 1.5 million vehicles in July 2015 due to cybersecurity vulnerabilities that posed safety risks.
“Cybersecurity is a safety issue, and a top priority at the department,” said Anthony Foxx, secretary of the DoT. “Our intention with today’s guidance is to provide best practices to help protect against breaches and other security failures.”
The guidance also tells the industry to emphasize the importance of vehicle cybersecurity by creating dedicated teams and resources within their companies that can communicate efficiently with other departments.
The guidance recommends that companies train their employees on cybersecurity issues and self-audit to ensure that their techniques are sufficient at catching and fixing vulnerabilities.
The NHTSA is seeking public comment on the guidance until Nov. 22.
“In the constantly changing environment of technology and cybersecurity, no single or static approach is sufficient,” said Mark Rosekind, administrator for the NHTSA. “Everyone involved must keep moving, adapting, and improving to stay ahead of the bad guys.”