没有合适的资源?快使用搜索试试~ 我知道了~
首页NHTSA_Cybersecurity Best Practices for Modern Vehicles
资源详情
资源评论
资源推荐
Cybersecurity Best Practices for
Modern Vehicles
Suggested APA Format Citation:
National Highway Trac Safety Administration. (2016, October). Cybersecurity
best practices for modern vehicles. (Report No. DOT HS 812 333).
Washington, DC: Author.
3
Cybersecurity Best Practices for Modern Vehicles
Table of Contents
1 Purpose of This Document ......................................................................................................... 5
2
Scope ................................................................................................................................................. 5
3
Background ..................................................................................................................................... 6
4
Definitions ....................................................................................................................................... 8
5
General Cybersecurity Guidance ............................................................................................ 10
5.1
Layered Approach ................................................................................................................ 10
5.2
Information Technology Security Controls ..................................................................11
6
Automotive Industry Cybersecurity Guidance ................................................................... 12
6.1
Vehicle Development Process With Explicit Cybersecurity Considerations....... 12
6.2
Leadership Priority on Product Cybersecurity ............................................................ 12
6.3
Information Sharing ........................................................................................................... 13
6.4
Vulnerability Reporting/Disclosure Policy ................................................................... 14
6.5
Vulnerability / Exploit / Incident Response Process .................................................. 14
6.6
Self-Auditing ......................................................................................................................... 15
6.6.1
Risk Assessment ............................................................................................................ 15
6.6.2
Penetration Testing and Documentation .............................................................. 16
6.6.3
Self-Review ..................................................................................................................... 16
6.7
Fundamental Vehicle Cybersecurity Protections ........................................................17
6.7.1
Limit Developer/Debugging Access in Production Devices .............................17
6.7.2
Control Keys ....................................................................................................................17
6.7.3
Control Vehicle Maintenance Diagnostic Access .................................................17
6.7.4
Control Access to Firmware ....................................................................................... 18
6.7.5
Limit Ability to Modify Firmware ............................................................................. 18
6.7.6
Control Proliferation of Network Ports, Protocols and Services ..................... 19
Cybersecurity Best Practices for Modern Vehicles
4
6.7.7 Use Segmentation and Isolation Techniques in Vehicle Architecture
Design .............................................................................................................................. 19
6.7.8
Control Internal Vehicle Communications ........................................................... 19
6.7.9
Log Events ....................................................................................................................... 20
6.7.10
Control Communication to Back-End Servers ...................................................20
6.7.11
Control Wireless Interfaces ...................................................................................... 20
7
Education ......................................................................................................................................20
8 Aftermarket Devices ...................................................................................................................20
9 Serviceability ................................................................................................................................ 21
5
Cybersecurity Best Practices for Modern Vehicles
1. Purpose of This Document
This document describes the National Highway Trac Safety Administration’s non-
binding guidance to the automotive industry for improving motor vehicle cybersecurity.
Vehicles are cyber-physical systems
1
and cybersecurity vulnerabilities could impact
safety of life. Therefore, NHTSA’s authority would be able to cover vehicle cybersecurity,
even though it is not covered by an existing Federal Motor Vehicle Safety Standard at
this time. Nevertheless, motor vehicle and motor vehicle equipment manufacturers are
required by the National Trac and Motor Vehicle Safety Act, as amended, to ensure that
systems are designed free of unreasonable risks to motor vehicle safety, including those
that may result due to existence of potential cybersecurity vulnerabilities.
2
NHTSA believes that it important for the automotive industry to make vehicle
cybersecurity an organizational priority. This includes proactively adopting and using
available guidance such as this document and existing standards and best practices.
Prioritizing vehicle cybersecurity also means establishing other internal processes
and strategies to ensure that systems will be reasonably safe under expected real-
world conditions, including those that may arise due to potential vehicle cybersecurity
vulnerabilities.
The automotive cybersecurity environment is dynamic and is expected to change
continually and, at times, rapidly. NHTSA believes that the voluntary best practices
described in this document provide a solid foundation for developing a risk-based
approach and important processes that can be maintained, refreshed and updated
eectively over time to serve the needs of the automotive industry.
2. Scope
This document is intended to cover cybersecurity issues for all motor vehicles
3
and
therefore applicable to all individuals and organizations manufacturing and designing
vehicle systems and software. These entities include, but are not limited to, motor
vehicle and motor vehicle equipment designers, suppliers, manufacturers, alterers, and
modifiers.
National Science Foundation defines cyber-physical systems (CPS) as engineered systems
that are built from, and depend upon, the seamless integration of computational algorithms and
physical components.
49 U.S.C. 30101 et seq.
“Motor vehicle” means a vehicle driven or drawn by mechanical power and manufactured
primarily for use on public streets, roads, and highways. See 49 U.S.C. § 30102(a)(6).
剩余21页未读,继续阅读
crossflash
- 粉丝: 1
- 资源: 1
上传资源 快速赚钱
- 我的内容管理 收起
- 我的资源 快来上传第一个资源
- 我的收益 登录查看自己的收益
- 我的积分 登录查看自己的积分
- 我的C币 登录后查看C币余额
- 我的收藏
- 我的下载
- 下载帮助
会员权益专享
最新资源
- stc12c5a60s2 例程
- Android通过全局变量传递数据
- c++校园超市商品信息管理系统课程设计说明书(含源代码) (2).pdf
- 建筑供配电系统相关课件.pptx
- 企业管理规章制度及管理模式.doc
- vb打开摄像头.doc
- 云计算-可信计算中认证协议改进方案.pdf
- [详细完整版]单片机编程4.ppt
- c语言常用算法.pdf
- c++经典程序代码大全.pdf
- 单片机数字时钟资料.doc
- 11项目管理前沿1.0.pptx
- 基于ssm的“魅力”繁峙宣传网站的设计与实现论文.doc
- 智慧交通综合解决方案.pptx
- 建筑防潮设计-PowerPointPresentati.pptx
- SPC统计过程控制程序.pptx
资源上传下载、课程学习等过程中有任何疑问或建议,欢迎提出宝贵意见哦~我们会及时处理!
点击此处反馈
安全验证
文档复制为VIP权益,开通VIP直接复制
信息提交成功
评论0