Feds Release Outline to Help Minimize Risk of Cyberattacks on Autos

(TNS) -- The federal government's auto safety regulator on Monday released an outline of what it wants automakers to do to minimize the risk of cyber attacks on the vehicles they make and sell.

The National Highway Traffic Safety Administration set forth five goals, then suggested four areas in which the industry should focus its efforts.

The goals are:

• Expand and share auto cybersecurity knowledge.
• Set industry-based best practices and voluntary standards.
• Develop software that counteracts hacking of vehicles.
• Determine feasibility of minimum performance standards.
• Gather research data that all businesses and the NHTSA can use to develop policy and enforcement.

"In the constantly changing environment of technology and cybersecurity, no single or static approach is sufficient," said NHTSA Administrator Mark Rosekind. "Everyone involved must keep moving, adapting and improving to stay ahead of the bad guys."

As with the guidelines for regulating autonomous vehicles that the NHTSA released last month, the agency is taking an open approach because its staff and engineers who develop new cars and trucks are learning as they go.

There are as many as 100 million lines of software code in many new vehicles. The more these products depend on software for everything from powertrains to infotainment to the partial and full ability to drive themselves, the more opportunity they create for hackers to digitally hijack them.

While there have been few, documented cases in which hackers have taken control of autonomous vehicles, research demonstrations have shown how it can be done. Hackers can access the vehicle through a variety of points, including Wi-Fi, infotainment systems and the port through which automakers, dealers and owners learn about various mechanical issues in the vehicle.

"Cybersecurity is a safety issue and a top priority at the department," said U.S. Transportation Secretary Anthony Foxx. "Our intention with today's guidance is to provide best practices to help protect against breaches and other security failures."

A group of automakers, suppliers, software and cybersecurity companies have formed an information-sharing and analysis center to share experiences and solutions.

Two U.S. senators who have been critical of the NHTSA's performance in recent years said these guidelines were too accommodating to the industry.

“This new cybersecurity guidance from the Department of Transportation is like giving a take-home exam on the honor code to failing students,” said Sens. Edward Markey, D-Mass., and Richard Blumenthal, D-Conn. “If modern-day cars are computers on wheels, we need mandatory standards, not voluntary guidance, to ensure that our vehicles cannot be hacked and lives and information put in danger.

©2016 the Detroit Free Press Distributed by Tribune Content Agency, LLC.