NHTSA releases updated vehicle cybersecurity best practices

The 2022 report leveraged research and industry activity over the last six years to provide updated guidance for how the auto industry can improve vehicle cybersecurity.

The NHTSA recommends the automotive industry follow the National Institute of Standards and Technology’s (NIST’s) documented Cybersecurity Framework in order to “build a comprehensive and systematic approach to developing layered cybersecurity protections for vehicles.” (Credit: denisismagilov/stock.adobe.com)

In the midst of ever-evolving cyberthreats, the National Highway Traffic Safety Administration (NHTSA) recently updated its Cybersecurity Best Practices for the Safety of Modern Vehicles report, which was originally released in 2016. The 2022 report leveraged research and industry activity over the last six years in order to provide updated guidance for how the automotive industry can improve motor vehicle cybersecurity.

The non-binding recommendations from the NHTSA fall into two main categories: general best practices and technical best practices.

General vehicle cybersecurity best practices

The NHTSA recommends the automotive industry follow the National Institute of Standards and Technology’s (NIST’s) documented Cybersecurity Framework in order to “build a comprehensive and systematic approach to developing layered cybersecurity protections for vehicles.”

Other recommendations from the NHTSA about general vehicle cybersecurity include:

Technical vehicle cybersecurity best practices

In updating their vehicle cybersecurity recommendations, the NHTSA utilized internal applied research, as well as input about stakeholder experiences. This led them to a collection of technical best practices, including:

These best practices are all voluntary, but the NHTSA states in their report that they believe their recommendations can provide a foundation for manufacturers to develop a risk-based approach, as well as recognize the importance of processes that can be maintained and updated over time to best meet the cybersecurity needs of the automotive industry.

Related: