NEWS
NEWS
NEWS
Guidelines for preventing car hacking issued to automakers
Following on from a warning in March from the Federal Bureau of Investigation that cars with computer systems can be hacked, the National Highway Traffic Safety Administration has issued a set of recommended cyber security guidelines for connected cars.
The best practice guidelines cover two aspects of car hacking: how to best prevent an attack on a vehicle to begin with, and then how to respond effectively if an attack happens. Meant to be non-binding and to serve purely as guidance for automakers, the 22-page document recommends prioritized identification and protection of critical vehicle controls and consumers’ personal data based on risk assessments.
Companies are also advised that they should consider the full life-cycle of their vehicles, that is to not abandon support for cars they have sold as they get older and that they should facilitate a rapid response and recovery from any cyber security incident. The document also recommends that automakers make cyber security of their vehicles a “top leadership priority” and that they should allocate appropriate and dedicated resources to cyber security issues, including implementing best practices for researching, investigating, testing and validating cyber security measures.
“Cybersecurity is a safety issue, and a top priority at the Department,” United States Transportation Secretary Anthony Foxx said in a statement. “Our intention with today’s guidance is to provide best practices to help protect against breaches and other security failures that can put motor vehicle safety at risk.”
Self-auditing
While the guidelines are a start, they recommend that automakers undertake self-auditing, a process that the industry should in practice be able to do. But industry often fails at it, with cases such as the Ford Explorer rollovers through to the more recent Volkswagon emissions scandal. The Volkswagon case is notable as the excess emissions coming from cars made by the company were only detected when they were tested by the International Council on Clean Transportation, a not for profit third party group.
While it may be government overreach to interfere in the cyber security practices of the automotive industry, a set of guidelines from a lame duck administration will likely result in little or no change on an issue that could in the very near future become a major one.
Image credit: Thue/ Wikimedia Commons/ Public Domain CC0
Since you’re here …
… We’d like to tell you about our mission and how you can help us fulfill it. SiliconANGLE Media Inc.’s business model is based on the intrinsic value of the content, not advertising. Unlike many online publications, we don’t have a paywall or run banner advertising, because we want to keep our journalism open, without influence or the need to chase traffic.The journalism, reporting and commentary on SiliconANGLE — along with live, unscripted video from our Silicon Valley studio and globe-trotting video teams at theCUBE — take a lot of hard work, time and money. Keeping the quality high requires the support of sponsors who are aligned with our vision of ad-free journalism content.
If you like the reporting, video interviews and other ad-free content here, please take a moment to check out a sample of the video content supported by our sponsors, tweet your support, and keep coming back to SiliconANGLE.
