There are best cyber security practices for the cloud, for printers and for endpoints. Now there are best practices for cars and trucks.
This week the U.S. National Highway Traffic Safety Administration issued proposed cybersecurity guidance, recommending American vehicle manufacturers create layered solutions to ensure vehicle systems are designed to take appropriate and safe actions, even when a cyber attack is successful.
The guidance recommends risk-based prioritized identification and protection of critical vehicle controls and consumers’ personal data. It also recommends manufacturers should consider security in the full life-cycle of their vehicles and facilitate rapid response and recovery from cybersecurity incidents.
“Cybersecurity is a safety issue, and a top priority at the department,” U.S. Transportation Secretary Anthony Foxx said in a statement. “Our intention with today’s guidance is to provide best practices to help protect against breaches and other security failures that can put motor vehicle safety at risk.”
Reuters quoted the Alliance of Automotive Manufacturers as saying the guidelines appear to support steps being taken by the Auto-ISAC, an industry security information sharing centre.
In addition to product development, the guidance suggests best practices for researching, investigating, testing and validating cybersecurity measures.
The agency recommends the industry self-audit and consider vulnerabilities and exploits that may impact their entire supply-chain of operations. The safety agency also recommends employee training to educate the entire automotive workforce on new cybersecurity practices and to share lessons learned with others.