After facing real cybersecurity threats in recent years, Ford Motor Company has been working on implementing new measures to prevent attacks, both to its own data and for those that own Blue Oval vehicles. In recent months, Ford has formed a new vehicle security joint venture with ADT and filed patents for a vehicle-to-vehicle security system, a police vehicle climate control hacking prevention system, and a system that would prevent key fob relay attacks. Now, the National Highway Traffic Safety Administration (NHTSA) has released its own updated cybersecurity best practices for new vehicles amid some recent high-profile breaches.
The NHTSA’s Cybersecurity Best Practices for the Safety of Modern Vehicles was first released back in 2016, but has now been updated with more recent information gathered through agency research, industry voluntary standards, and learnings from the motor vehicle cybersecurity research over the past several years. It also calls on automakers to share information in an effort to team up against hackers who are constantly seeking ways to exploit vehicle security measures.
Above all, the NHTSA’s updated document calls on automakers to follow the National Institute of Standards and Technology’s (NIST) Cybersecurity Framework, which is structured around the five principal functions of “Identify, Protect, Detect, Respond, and Recover,” to build a comprehensive and systematic approach to developing layered cybersecurity protections for vehicles. The idea is to ensure that companies recognize potential threats and safeguard new vehicles in a way that they’re protected from attacks throughout their entire life cycle, as well as stay current on cybersecurity threats and trends.
“As vehicle technology and connectivity develop, cybersecurity needs to be a top priority for every automaker, developer, and operator,” said Dr. Steven Cliff, NHTSA’s Administrator. “NHTSA is committed to the safety of vehicles on our nation’s roads, and these updated best practices will provide the industry with important tools to protect Americans against cybersecurity risks.”