US transport agency guidance on vehicle cybersecurity irks lawmakers

The guidelines issued by the NHTSA are only voluntary

Guidance from the National Highway Traffic Safety Administration for improving motor vehicle cybersecurity has attracted criticism from lawmakers who said that mandatory security standards were required.

“This new cybersecurity guidance from the Department of Transportation is like giving a take-home exam on the honor code to failing students,” said Senators Edward J. Markey, a Democrat from Massachusetts, and Richard Blumenthal, a Democrat from Connecticut, who are both members of the Commerce, Science and Transportation Committee.

“In this new Internet of Things era, we cannot let safety, cybersecurity, and privacy be an afterthought,” the senators added.

On Monday, NHTSA released a document, titled “Cybersecurity best practices for modern vehicles,” that laid out the agency’s “non- binding guidance” to the automotive industry for improving motor vehicle cybersecurity.

Markey and Blumenthal introduced in July last year in the Senate the Security and Privacy in Your Car Act, also known as the SPY Car Act, which would direct the NHTSA and the Federal Trade Commission to establish federal standards for vehicles made for sale in the U.S. that would protect them from unauthorized access to their electronic controls or data collected by electronic systems. A violator is liable for a civil penalty of up to US$5,000 for each violation.

The legislation would also establish a rating system or 'cyber dashboard' that would inform consumers about how well a vehicle protects drivers’ security and privacy beyond the minimum standards. The SPY Car Act was referred to the Committee on Commerce, Science, and Transportation on July 21, 2015, and has been pending ever since.

Concerns about the cybersecurity of automobiles came to the forefront last year after two security experts gained access to a Jeep Cherokee and took control remotely of some vital functions of the vehicle, raising concerns about the safety of vehicles with a high degree of automation. Under a NHTSA campaign, Chrysler recalled about 1.4 million vehicles that were equipped with radios that had software vulnerabilities that could allow third-party access to certain networked vehicle control systems.

NHTSA said in its report it was important for the automotive industry to make vehicle cybersecurity an organizational priority by proactively adopting and using available guidance such as its document and existing standards and best practices.

“Prioritizing vehicle cybersecurity also means establishing other internal processes and strategies to ensure that systems will be reasonably safe under expected real-world conditions, including those that may arise due to potential vehicle cybersecurity vulnerabilities,” the agency said in the report, which advises car makers that the product development process should be based on a systems-engineering approach that aims at designing systems free of unreasonable safety risks including from potential cybersecurity threats and vulnerabilities.

Among the fundamental vehicle protections recommended by NHTSA are limiting or even eliminating when possible developer and debugging access to the electronic control unit in production devices, controlled access and ability to modify firmware by using digital signing techniques, and the use of segmentation and isolation in vehicle architecture design with strong boundary controls.

Join the newsletter!

Error: Please check your email address.
Rocket to Success - Your 10 Tips for Smarter ERP System Selection
Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.

John Ribeiro

IDG News Service
Show Comments

Cool Tech

SanDisk MicroSDXC™ for Nintendo® Switch™

Learn more >

Breitling Superocean Heritage Chronographe 44

Learn more >

Toys for Boys

Family Friendly

Panasonic 4K UHD Blu-Ray Player and Full HD Recorder with Netflix - UBT1GL-K

Learn more >

Stocking Stuffer

Razer DeathAdder Expert Ergonomic Gaming Mouse

Learn more >

Christmas Gift Guide

Click for more ›

Most Popular Reviews

Latest Articles

Resources

PCW Evaluation Team

Walid Mikhael

Brother QL-820NWB Professional Label Printer

It’s easy to set up, it’s compact and quiet when printing and to top if off, the print quality is excellent. This is hands down the best printer I’ve used for printing labels.

Ben Ramsden

Sharp PN-40TC1 Huddle Board

Brainstorming, innovation, problem solving, and negotiation have all become much more productive and valuable if people can easily collaborate in real time with minimal friction.

Sarah Ieroianni

Brother QL-820NWB Professional Label Printer

The print quality also does not disappoint, it’s clear, bold, doesn’t smudge and the text is perfectly sized.

Ratchada Dunn

Sharp PN-40TC1 Huddle Board

The Huddle Board’s built in program; Sharp Touch Viewing software allows us to easily manipulate and edit our documents (jpegs and PDFs) all at the same time on the dashboard.

George Khoury

Sharp PN-40TC1 Huddle Board

The biggest perks for me would be that it comes with easy to use and comprehensive programs that make the collaboration process a whole lot more intuitive and organic

David Coyle

Brother PocketJet PJ-773 A4 Portable Thermal Printer

I rate the printer as a 5 out of 5 stars as it has been able to fit seamlessly into my busy and mobile lifestyle.

Featured Content

Product Launch Showcase

Latest Jobs

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?