5
Cybersecurity Best Practices for Modern Vehicles
1. Purpose of This Document
This document describes the National Highway Trac Safety Administration’s non-
binding guidance to the automotive industry for improving motor vehicle cybersecurity.
Vehicles are cyber-physical systems
1
and cybersecurity vulnerabilities could impact
safety of life. Therefore, NHTSA’s authority would be able to cover vehicle cybersecurity,
even though it is not covered by an existing Federal Motor Vehicle Safety Standard at
this time. Nevertheless, motor vehicle and motor vehicle equipment manufacturers are
required by the National Trac and Motor Vehicle Safety Act, as amended, to ensure that
systems are designed free of unreasonable risks to motor vehicle safety, including those
that may result due to existence of potential cybersecurity vulnerabilities.
2
NHTSA believes that it important for the automotive industry to make vehicle
cybersecurity an organizational priority. This includes proactively adopting and using
available guidance such as this document and existing standards and best practices.
Prioritizing vehicle cybersecurity also means establishing other internal processes
and strategies to ensure that systems will be reasonably safe under expected real-
world conditions, including those that may arise due to potential vehicle cybersecurity
vulnerabilities.
The automotive cybersecurity environment is dynamic and is expected to change
continually and, at times, rapidly. NHTSA believes that the voluntary best practices
described in this document provide a solid foundation for developing a risk-based
approach and important processes that can be maintained, refreshed and updated
eectively over time to serve the needs of the automotive industry.
2. Scope
This document is intended to cover cybersecurity issues for all motor vehicles
3
and
therefore applicable to all individuals and organizations manufacturing and designing
vehicle systems and software. These entities include, but are not limited to, motor
vehicle and motor vehicle equipment designers, suppliers, manufacturers, alterers, and
modifiers.
National Science Foundation defines cyber-physical systems (CPS) as engineered systems
that are built from, and depend upon, the seamless integration of computational algorithms and
physical components.
49 U.S.C. 30101 et seq.
“Motor vehicle” means a vehicle driven or drawn by mechanical power and manufactured
primarily for use on public streets, roads, and highways. See 49 U.S.C. § 30102(a)(6).
评论0