The IT Law Wiki
(Adding categories)
m
 
Line 6: Line 6:
   
 
This document describes the [[National Highway Traffic Safety Administration]]'s nonbinding
 
This document describes the [[National Highway Traffic Safety Administration]]'s nonbinding
guidance to the automotive industry for improving motor vehicle [[cybersecurity]].
+
guidance to the automotive industry for improving [[motor vehicle]] [[cybersecurity]].
   
 
Vehicles are [[cyber-physical system]]s and [[cybersecurity vulnerabilities]] could impact
 
Vehicles are [[cyber-physical system]]s and [[cybersecurity vulnerabilities]] could impact
safety of life. Therefore, [[NHTSA]]'s authority would be able to cover vehicle [[cybersecurity]], even though it is not covered by an existing Federal Motor Vehicle Safety Standard at this time. Nevertheless, motor vehicle and motor vehicle equipment manufacturers are
+
safety of life. Therefore, [[NHTSA]]'s authority would be able to cover vehicle [[cybersecurity]], even though it is not covered by an existing Federal Motor Vehicle Safety Standard at this time. Nevertheless, [[motor vehicle]] and motor vehicle equipment manufacturers are required by the National Traffic and Motor Vehicle Safety Act, as amended, to ensure that
 
[[system]]s are designed free of unreasonable [[risk]]s to [[motor vehicle]] safety, including those that may result due to existence of potential [[cybersecurity vulnerabilities]].
required by the National Traffic and Motor Vehicle Safety Act, as amended, to ensure that
 
[[system]]s are designed free of unreasonable [[risk]]s to motor vehicle safety, including those
 
that may result due to existence of potential [[cybersecurity vulnerabilities]].
 
   
 
[[NHTSA]] believes that it important for the automotive industry to make vehicle
 
[[NHTSA]] believes that it important for the automotive industry to make vehicle

Latest revision as of 03:07, 31 October 2017

Citation[]

National Highway Traffic Safety Administration, Cybersecurity Best Practices for Modern Vehicles (Oct. 2016) (full-text).

Overview[]

This document describes the National Highway Traffic Safety Administration's nonbinding guidance to the automotive industry for improving motor vehicle cybersecurity.

Vehicles are cyber-physical systems and cybersecurity vulnerabilities could impact safety of life. Therefore, NHTSA's authority would be able to cover vehicle cybersecurity, even though it is not covered by an existing Federal Motor Vehicle Safety Standard at this time. Nevertheless, motor vehicle and motor vehicle equipment manufacturers are required by the National Traffic and Motor Vehicle Safety Act, as amended, to ensure that systems are designed free of unreasonable risks to motor vehicle safety, including those that may result due to existence of potential cybersecurity vulnerabilities.

NHTSA believes that it important for the automotive industry to make vehicle cybersecurity an organizational priority. This includes proactively adopting and using available guidance such as this document and existing standards and best practices. Prioritizing vehicle cybersecurity also means establishing other internal processes and strategies to ensure that systems will be reasonably safe under expected real world conditions, including those that may arise due to potential vehicle [[cybersecurity vulnerabilities]].

The automotive cybersecurity environment is dynamic and is expected to change continually and, at times, rapidly. NHTSA believes that the voluntary best practices described in this document provide a solid foundation for developing a risk-based approach and important processes that can be maintained, refreshed and updated effectively over time to serve the needs of the automotive industry.