The challenge of making cars safe from hackers is a recent one, and there aren't really any rules of the road that cover the issue. The National Highway Traffic Safety Administration (NHTSA) took the first step towards remedying that today, as it released new guidance for how automakers should approach cybersecurity.
NHTSA said that cybersecurity should be a "top priority" of automakers and suppliers and should be formally addressed during the product development cycle. It urged manufacturers to conduct "penetration tests" during the development process and said the results should be documented for later reference.
“In the constantly changing environment of technology and cybersecurity, no single or static approach is sufficient,” NHTSA Administrator Mark Rosekind said in a statement. “Everyone involved must keep moving, adapting, and improving to stay ahead of the bad guys.”
NHTSA's authority to impose cybersecurity standards may be somewhat murky, as it is not specifically addressed in any of its existing regulations and is not authorized or required by Congressional legislation.
Nevertheless, the agency said it is self-evident that traffic safety will be increasingly dependent on cybersecurity.
"Cybersecurity is a safety issue, and a top priority," said U.S. Transportation Secretary Anthony Foxx. "Our intention with today's guidance is to provide best practices to help protect against breaches and other security failures that can [affect] motor vehicle safety."
The 22-page document was assembled and released amid growing concern prompted by the rapid introduction of car connectivity technologies and high-profile vehicle hacks.
NHTSA's guidance is based on public feedback gathered by NHTSA, as well as the National Institute of Standards and Technology's (NIST) Framework for Improving Critical Infrastructure Cybersecurity. NHTSA's guidance also suggests that organizations should consider and adopt "all applicable industry best practices."