NHTSA Releases Updated Cybersecurity Guidelines for Modern Vehicles
Today, the National Highway Traffic Safety Administration (NHTSA) released a draft version of “Cybersecurity Best Practices for the Safety of Modern Vehicles”. This document is an updated version of a 2016 document of the same name and provides guidelines and recommendations from NHTSA to the automotive industry for improving vehicle cybersecurity and safety.
Included in this document are recommendations for serviceability of modern vehicles, including a provision that reads:
“An average motor vehicle remains on the roads for over a decade and needs regular maintenance and occasional repair to operate safely while in service.
[G.42] The automotive industry should consider the serviceability of vehicle components and systems by individuals and third parties.
[G.43] The automotive industry should provide strong vehicle cybersecurity protections that do not unduly restrict access by alternative third-party repair services authorized by the vehicle owner.
NHTSA recognizes the balance between third party serviceability and cybersecurity is not necessarily easy to achieve. However, cybersecurity should not become a reason to justify limiting serviceability. Similarly, serviceability should not limit strong cybersecurity controls.”
“Cybersecurity Best Practices for the Safety of Modern Vehicles” is posted on the federal register here and is open to public comments for 60 days.
To read the full document, click here.