NHTSA updates cybersecurity guidance for vehicle security

WASHINGTON — The nation's top auto safety regulator on Wednesday released updated guidance to the automotive industry for improving cybersecurity in new vehicles.

The latest version updates NHTSA's voluntary guidance from 2016 and covers a range of cybersecurity issues as cars become more connected and potentially more vulnerable to hacking.

"As vehicle technology and connectivity develop, cybersecurity needs to be a top priority for every automaker, developer and operator," said NHTSA Administrator Steven Cliff, who is leaving the agency this month to join the California Air Resources Board as its executive officer.

"NHTSA is committed to the safety of vehicles on our nation's roads," Cliff continued, "and these updated best practices will provide the industry with important tools to protect Americans against cybersecurity risks."

NHTSA in January 2021 — during the last days of the Trump administration — sought public comment on draft guidance related to cybersecurity best practices for vehicle safety.

The updated guidance released Wednesday builds on those comments while leveraging agency research, real-world incidents, industry voluntary standards and general cybersecurity knowledge from the last several years.

The best practices provide "a solid foundation for developing a risk-based approach to cybersecurity challenges, and describes important processes that can be maintained, refreshed and updated effectively over time to serve the needs of the automotive industry," the agency said in the document.