The cyber security ‘best practices’ suggest that the issue of safety should start with the manufacturers themselves. Image Source: Forbes

The National Highway Traffic Safety Administration (NTHSA) issued this Monday a non-binding set of guidelines for all U.S. automakers. The ‘best practices’ compilation intends to protect cars and drivers from the increasing threats of cyber attacks.

The NHTSA publication follows a worrying trend in the United States that has yet to affect the auto industry. Hacks, security breaches, and cyber attacks have been boiling talking points for the last couple of months due to the extent of the digital crime wave.

Just last month, Yahoo was the subject of the world’s most massive hack with half a billion accounts compromised. Last week, a large-scale DDoS attack to Dyn, Inc. left the East Coast of the U.S. virtually in the black. The auto industry is taking measures to ensure something like this doesn’t happen to vulnerable drivers.

Google has Krebs on Security's back after severe DDoS attack
Google has Krebs on Security’s back after severe DDoS attack. Image credit: WCCF Tech

What is the aim of the NHTSA’s ‘best practices’?

The Department of Transportation’s NHTSA developed the set of guidelines thinking of two things: how to best prevent a cyber attack in vehicles and how to respond effectively if an attack happens.

With this in mind, the government agency drew inspiration from existing regulations. The Cybersecurity Framework of the National Institute of Standards and Technology served as a sketch for the ‘Cybersecurity Best Practices for Modern Vehicles’ document.

Similar to the Cybersecurity Framework, the NHTSA guidelines set focuses on five primary axes: recognize, protect, detect, respond and recover. The document itself, however, has seven sections under the ‘Automotive Industry Cybersecurity Guidance.’

159aaa1c-0978-4345-8d61-838547848a24
159aaa1c-0978-4345-8d61-838547848a24

Which cybersecurity guidelines does the NHTSA propose?

The cyber security ‘best practices’ suggest that the issue of safety should start with the manufacturers themselves. New policies should be implemented for automakers to make sure they meet higher industry-wide safety standards in their modern vehicles, i.e. those with semi-autonomous features or even driverless cars.

In the same spirit, the NHTSA guidance emphasizes the importance of transparency when dealing with cyber attacks. Sharing information and timely reporting incidents should be priority number one for automakers and drivers alike.

The ‘best practices’ propose not only that manufacturers test their cars more in depth in search of vulnerabilities, but also that they develop appropriate response protocols just in case anything happens.

However, as important as sharing details of cyber security flaws is detecting and responding quickly to potential incidents. Image Source: Digital Trends
However, as important as sharing details of cyber security flaws is detecting and responding quickly to potential incidents. Image Source: Digital Trends

Furthermore, the NHTSA insists on an industry-wide compromise to self-audit their latest vehicles, and it goes more in depth as to which security aspects should be reinforced as a preemptive cybersecurity measure.

“Cybersecurity is a safety issue, and a top priority at the Department. Our intention with today’s guidance is to provide best practices to help protect against breaches and other security failures that can put motor vehicle safety,” said the DOT Secretary Anthony Foxx in a statement.

The new set of cybersecurity guidelines is non-binding, which means that it is not federal legislation and automakers are not required to follow it. However, the NHTSA urges the automotive industry to adopt these ‘best practices’ for everyone’s sake.

Source: NHTSA