US transport agency guidance on vehicle cybersecurity irks lawmakers

The guidelines issued by the NHTSA are only voluntary

Guidance from the National Highway Traffic Safety Administration for improving motor vehicle cybersecurity has attracted criticism from lawmakers who said that mandatory security standards were required.

“This new cybersecurity guidance from the Department of Transportation is like giving a take-home exam on the honor code to failing students,” said Senators Edward J. Markey, a Democrat from Massachusetts, and Richard Blumenthal, a Democrat from Connecticut, who are both members of the Commerce, Science and Transportation Committee.

“In this new Internet of Things era, we cannot let safety, cybersecurity, and privacy be an afterthought,” the senators added.

On Monday, NHTSA released a document, titled “Cybersecurity best practices for modern vehicles,” that laid out the agency’s “non- binding guidance” to the automotive industry for improving motor vehicle cybersecurity.

Markey and Blumenthal introduced in July last year in the Senate the Security and Privacy in Your Car Act, also known as the SPY Car Act, which would direct the NHTSA and the Federal Trade Commission to establish federal standards for vehicles made for sale in the U.S. that would protect them from unauthorized access to their electronic controls or data collected by electronic systems. A violator is liable for a civil penalty of up to US$5,000 for each violation.

The legislation would also establish a rating system or 'cyber dashboard' that would inform consumers about how well a vehicle protects drivers’ security and privacy beyond the minimum standards. The SPY Car Act was referred to the Committee on Commerce, Science, and Transportation on July 21, 2015, and has been pending ever since.

Concerns about the cybersecurity of automobiles came to the forefront last year after two security experts gained access to a Jeep Cherokee and took control remotely of some vital functions of the vehicle, raising concerns about the safety of vehicles with a high degree of automation. Under a NHTSA campaign, Chrysler recalled about 1.4 million vehicles that were equipped with radios that had software vulnerabilities that could allow third-party access to certain networked vehicle control systems.

NHTSA said in its report it was important for the automotive industry to make vehicle cybersecurity an organizational priority by proactively adopting and using available guidance such as its document and existing standards and best practices.

“Prioritizing vehicle cybersecurity also means establishing other internal processes and strategies to ensure that systems will be reasonably safe under expected real-world conditions, including those that may arise due to potential vehicle cybersecurity vulnerabilities,” the agency said in the report, which advises car makers that the product development process should be based on a systems-engineering approach that aims at designing systems free of unreasonable safety risks including from potential cybersecurity threats and vulnerabilities.

Among the fundamental vehicle protections recommended by NHTSA are limiting or even eliminating when possible developer and debugging access to the electronic control unit in production devices, controlled access and ability to modify firmware by using digital signing techniques, and the use of segmentation and isolation in vehicle architecture design with strong boundary controls.

Join the PC World newsletter!

Error: Please check your email address.
Rocket to Success - Your 10 Tips for Smarter ERP System Selection
Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.

John Ribeiro

IDG News Service
Show Comments

Most Popular Reviews

Latest Articles

Resources

PCW Evaluation Team

Matthew Stivala

HP OfficeJet 250 Mobile Printer

The HP OfficeJet 250 Mobile Printer is a great device that fits perfectly into my fast paced and mobile lifestyle. My first impression of the printer itself was how incredibly compact and sleek the device was.

Armand Abogado

HP OfficeJet 250 Mobile Printer

Wireless printing from my iPhone was also a handy feature, the whole experience was quick and seamless with no setup requirements - accessed through the default iOS printing menu options.

Azadeh Williams

HP OfficeJet Pro 8730

A smarter way to print for busy small business owners, combining speedy printing with scanning and copying, making it easier to produce high quality documents and images at a touch of a button.

Andrew Grant

HP OfficeJet Pro 8730

I've had a multifunction printer in the office going on 10 years now. It was a neat bit of kit back in the day -- print, copy, scan, fax -- when printing over WiFi felt a bit like magic. It’s seen better days though and an upgrade’s well overdue. This HP OfficeJet Pro 8730 looks like it ticks all the same boxes: print, copy, scan, and fax. (Really? Does anyone fax anything any more? I guess it's good to know the facility’s there, just in case.) Printing over WiFi is more-or- less standard these days.

Ed Dawson

HP OfficeJet Pro 8730

As a freelance writer who is always on the go, I like my technology to be both efficient and effective so I can do my job well. The HP OfficeJet Pro 8730 Inkjet Printer ticks all the boxes in terms of form factor, performance and user interface.

Michael Hargreaves

Windows 10 for Business / Dell XPS 13

I’d happily recommend this touchscreen laptop and Windows 10 as a great way to get serious work done at a desk or on the road.

Featured Content

Latest Jobs

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?