Finally, the National Highway Traffic Safety Administration has announced the big news. The administration on Friday will publish the final version of the cybersecurity practices in the Federal Register, focusing on cryptographic techniques to mitigate cyber threat risks as vehicles become more technologically integrated.
NHTSA officials took advice from the public in the final draft of Cybersecurity Best Practices for the Safety of Vehicles during the draft publication’s open comment period. In addition to this, the committee added more details on key systems and cryptographic elements, as well as how threat actors could use software updates to get into the vehicle’s network.
The Federal Register in its blog post stated that the advancement in vehicle and automotive technology has increased the chances of cybercrimes, and for the safety of vehicles organizations need to follow proper guidelines.
“The evolution of automotive technology has included an increasingly expanded use of electronic systems, software, and wireless connectivity. Automotive technology has developed to such an extent that today’s vehicles are some of the most complex computerized products available to consumers,” the blog post by Federal Register read.
“…Enhanced wireless connectivity and continued innovations in electronic control systems introduce substantial benefits to highway transportation safety, mobility, and efficiency. However, with the proliferation of computer-based control systems, software, connectivity, and onboard digital data communication networks, modern vehicles need to consider additional failure modes, vulnerabilities, and threats that could jeopardize benefits if the new safety risks are not appropriately addressed.”
According to the final draft the manufacturers have to implement measures in the following four areas:
• Manufactures have to manage vehicle cyber risks
• Investigating and responding to security incidents across the vehicle fleet
• Securing modern vehicles by design to mitigate risks along the value chain
• Ensuring that the safety of a vehicle is not compromised and also providing secure software updates
Furthermore, in the European Union, the final guidelines on automotive cybersecurity will be mandatory for all modern vehicles manufactured from July 2024. Also, the Japanese and the Korean government have agreed to implement the regulations, however, they will implement them according to their own timeline.
Read the full article here