The U.S. Department of Transportation's National Highway Traffic Safety Administration (NHTSA) issued proposed guidance Monday designed to help improve motor vehicle cybersecurity. The guidance is based on public feedback gathered by the agency, as well as the National Institute of Standards and Technology's (NIST) framework for improving the cybersecurity of critical infrastructure.
The guidance includes cybersecurity best practices for "all motor vehicles, individuals and organizations manufacturing and designing vehicle systems and software," NHTSA said in its announcement.
U.S. Transportation Secretary Anthony Foxx said the goal is to "protect against breaches and other security failures that can compromise motor vehicle safety."
The proposed cybersecurity guidance emphasizes identification and protection of critical vehicle controls as well as sensitive consumer data. The measures are not rules, but instead a step toward improving cybersecurity in an area that does not yet have any requirements companies must follow.
"In the constantly changing environment of technology and cybersecurity, no single or static approach is sufficient," said NHTSA Administrator Dr. Mark Rosekind. "Everyone involved must keep moving, adapting, and improving to stay ahead of the bad guys."
Last year, security experts proved in a controlled test that they could use the internet to take control of a car as it drives. Fiat Chrysler Automobiles consequently recalled 1.4 million vehicles to fix a software defect that could allow hackers to control multiple vehicle functions. Now, that same company has a vehicle bug bounty program in place.
Security related to sensors and Internet of Things (IoT) technology has been in the spotlight recently as cyber criminals learn to harness botnets and internet-connected sensors to launch massive Distributed Denial of Service (DDoS) attacks, such as the one that hit DNS provider Dyn Friday.
NHTSA is soliciting public comments on the proposed guidance for 30 days.