The National Highway Traffic Safety Administration (NHTSA) recently released
proposed guidance for improving motor vehicle cybersecurity. The new guidance
aims to protect vehicles from malicious cyberattacks and unauthorized access.
As we have
previously discussed on this San Diego Injury Blog, cyberattacks are a growing concern when it comes to vehicle safety. Because
modern vehicles are increasingly “connected,” they are more
prone to security breaches. In the most highly publicized incident, hackers
were able to identify and exploit security vulnerabilities in a Jeep Cherokee’s
UConnect entertainment system. Once they remotely accessed the system,
the hackers were able to change the vehicle’s speed and control
the brakes, radio, windshield wipers, transmission and other features
that are accessible through the system.
The latest guidance is the product of public feedback gathered by NHTSA,
as well as the
National Institute of Standards and Technology's (NIST) Framework for
Improving Critical Infrastructure Cybersecurity. It applies to all individuals and organizations manufacturing and designing
vehicle systems and software. These entities include, but are not limited
to, motor vehicle and motor vehicle equipment designers, suppliers, manufacturers,
The proposed cybersecurity guidance calls for layered solutions that are
designed to not only prevent a cyberattack, but also lessen the impact
of a successful security breach. "In the constantly changing environment
of technology and cybersecurity, no single or static approach is sufficient,"
said NHTSA Administrator Dr. Mark Rosekind. "Everyone involved must
keep moving, adapting, and improving to stay ahead of the bad guys."
proposed cybersecurity guidance recommends that auto manufacturers employ “risk-based prioritized identification
and protection of critical vehicle controls and consumers' personal
data.” It further highlights that the safety of vehicle occupants
and other road users should be of primary consideration when assessing
risks. In addition, the guidance emphasizes that auto companies should
consider the full life-cycle of their vehicles when assessing risk and
facilitate rapid response and recovery when cybersecurity incidents do occur.
This cybersecurity guidance also highlights the importance of making cybersecurity
a top leadership priority for the automotive industry. It further suggests
that companies should demonstrate it by “allocating appropriate
and dedicated resources, and enabling seamless and direct communication
channels though organizational ranks related to vehicle cybersecurity
If you or someone you care about has suffered serious harm due to a defective
vehicle, you may be entitled to compensation. For more information, please contact
a San Diego product liability attorney at the Law Offices of Robert Vaage
for a free consultation.