Design autos to halt cyber attacks, U.S. urges
DETROIT The U.S. government’s highway safety agency says automakers should make cybersecurity part of their product development process by assessing risks and designing protections.
Companies also should identify safety critical systems such as engine control computers and limit their exposure to attacks, under best-practice guidelines released Monday by the National Highway Traffic Safety Administration.
The agency also wants automakers to limit access to car owners’ personal data.
The guidelines aren’t requirements but will go into
Our intention with today’s guidance is to provide best practices to help protect against breaches and other security failures.
effect after a 30-day public comment period.
“Our intention with today’s guidance is to provide best practices to help protect against breaches and other security failures,” said Transportation Secretary Anthony Foxx.
Many of the recommendations focus on computer software written to get engines to perform. The agency suggests that companies control who has access to firmware, the software that runs car computers, and limit the ability to modify it to thwart malware. It also recommends use of whole disk encryption to prevent unauthorized analysis of the software.
Automakers also should make plans to detect cyberattacks and respond rapidly to limit them.