2 Senators Say Guidelines Don’t Go Far Enough, Seek Regulations
Stopping well short of issuing regulations, the U.S. federal government is proposing voluntary cybersecurity guidelines aimed at getting carmakers and their suppliers to secure computers and electronics in automobiles.
The proposed guidance from the Transportation Department’s National Highway Traffic Safety Administration, Cybersecurity Best Practices for Modern Vehicles, focuses on hardening a vehicle’s electronic architecture against potential cyberattacks and ensuriing vehicle systems take appropriate actions even if an attack succeeds.
“In the constantly changing environment of technology and cybersecurity, no single or static approach is sufficient,” NHTSA Administrator Mark Rosekind says. “Everyone involved must keep moving, adapting and improving to stay ahead of the bad guys.”
Layered Approach
The guidelines offer a layered approach to cybersecurity, which NHTSA contends would reduce the possibility of an attack’s success and mitigate the ramifications of potential unauthorized access to a vehicle’s computerized systems.
NHTSA says a layered method should:
- Incorporate a risk-based approach to security that protects the vehicle’s control systems and safeguards personally identifiable information contained in automotive systems;
- Provide for timely detection and rapid response to potential vehicle cybersecurityincidents;
- Include measures to facilitate rapid recovery from incidents when they occur; and
- Institutionalize methods for accelerated adoption of lessons learned across the industry through effective information sharing, such as through participation in the Automotive Information Sharing and Analysis Center.
Mandatory Standards Sought
But the voluntary approach to implementing automotive cybersecurity standards didn’t please two Democratic senators, Edward Markey of Massachusetts and Richard Blumenthal of Connecticut. “This new cybersecurity guidance from the Department of Transportation is like giving a take-home exam on the honor code to failing students,” the senators say in a joint statement. “If modern day cars are computers on wheels, we need mandatory standards, not voluntary guidance, to ensure that our vehicles cannot be hacked and lives and information put in danger. In this new internet of things era, we cannot let safety, cybersecurity and privacy be an afterthought.”
Click below to read the full article:
BankInfo Security