The pdf document - "Best Practices for the Safety of Modern Vehicles" - is an update to its 2016 edition.
The 2022 Cybersecurity Best Practices leverage agency research, industry voluntary standards, and learnings from the motor vehicle cybersecurity research over the past several years, and is updated based on public comments received on the draft that was published in the Federal Register in 2021.
Though the document is non-binding, it contains important best practices that will influence the industry going forward.
NHTSA said in the guidance that automakers should follow a robust product development process based on a systems-engineering approach with the goal of designing systems free of unreasonable safety risks, including those from potential cybersecurity threats and vulnerabilities.
Safety of vehicle occupants and other road users should be of primary consideration when assessing risks, it said.
An emerging area of cybersecurity is the potential manipulation of vehicle sensor data.
NHTSA said manufacturers should consider that vehicle systems and their behaviour could be influenced through sensor signal manipulation in addition to traditional software/firmware modifications.
Manufacturers should consider the risks associated with sensor vulnerabilities and potential sensor signal manipulation efforts such as GPS spoofing, road sign modification, Lidar/Radar jamming and spoofing.
NHTSA routinely assesses cybersecurity risks as well as emerging best practices and will consider future updates to these best practices as motor vehicles, motor vehicle equipment, and their cybersecurity evolve.
“As vehicle technology and connectivity develop, cybersecurity needs to be a top priority for every automaker, developer, and operator,” said NHTSA’s administrator Dr Steven Cliff.
“NHTSA is committed to the safety of vehicles on our nation’s roads, and these updated best practices will provide the industry with important tools to protect Americans against cybersecurity risks.”
