October 24, 2016
Automakers should make shielding the electronic and computer systems of vehicles from hackers a priority, developing layers of protection that can secure a vehicle throughout its life, U.S. regulators said on Monday.
The cyber security guidelines issued by the U.S. National Highway Traffic Safety Administration are recommendations, not enforceable rules. However, they mark a step toward establishing a road map for industry behavior as lawmakers and consumers pressure automakers to show how they will protect increasingly connected and automated vehicles from cyber attacks.
Some of the agency’s proposals, included in a paper titled “Cybersecurity Best Practices for Modern Vehicles,” echo moves major manufacturers are making already, including establishing a group to share information about cyber security threats.
Automakers will carefully review the technical aspects of the agency’s proposals as well as proposals related to the disclosure of information about “the secret sauce” of electrical and data systems, which is highly competitive, Jonathan Allen, acting executive director of the Automotive Information Sharing and Analysis Center, said in an interview on Monday. The group, often referred to as the AUTO-ISAC, was established by automakers as a clearinghouse for companies to share information about cyber security threats and countermeasures.
Automakers accelerated efforts to address hacking threats over the past year after data security researchers successfully took remote control of a Jeep Cherokee and publicized their feat. Fiat Chrysler Automobiles in July 2015 recalled 1.4 million vehicles to install software to protect against future data breaches.
Other automakers, including BMW AG and Tesla Motors Inc, have disclosed actions to fix potential data security gaps.
The security of data and communications systems in vehicles is also critical as more auto manufacturers gear up to follow Tesla’s lead and begin offering significant vehicle upgrades through wireless data links. The Federal Bureau of Investigation earlier this year warned that criminals could exploit online vehicle software updates.