Gov't: Cybersecurity should be part of auto design process

The government's highway safety agency says automakers should make cybersecurity part of their product development process by assessing risks and designing in protections.

Companies also should identify safety critical systems such as engine control computers and limit their exposure to attacks, under best practice guidelines released Monday by the National Highway Traffic Safety Administration.

The agency also wants to limit access to car owners' .

The guidelines aren't requirements but will go into effect after a 30-day public comment period.

"Our intention with today's guidance is to provide best practices to help protect against breaches and other security failures," said Transportation Secretary Anthony Foxx, who oversees NHTSA.

Many of the recommendations focus on computer software written to get engines to perform. The agency suggests that companies control who has access to firmware, the software that runs car computers, and limit the ability to modify it to thwart malware. The agency also recommends use of whole disk encryption to prevent unauthorized analysis of the software.

Automakers also should make plans to detect cyberattacks and respond rapidly to limit them.

The auto industry already is doing most of the recommendations and has set up its own best practices and information-sharing methods.


Explore further

Innovation, safety sought in self-driving car guidelines

© 2016 The Associated Press. All rights reserved.

Citation: Gov't: Cybersecurity should be part of auto design process (2016, October 24) retrieved 20 May 2019 from https://phys.org/news/2016-10-govt-cybersecurity-auto.html
This document is subject to copyright. Apart from any fair dealing for the purpose of private study or research, no part may be reproduced without the written permission. The content is provided for information purposes only.
8 shares

Feedback to editors

User comments

Please sign in to add a comment. Registration is free, and takes less than a minute. Read more