Feds Preach Cybersecurity to Carmakers
The U.S. traffic safety agency has firmly nudged carmakers into tightening their standards for cybersecurity. And if the nudge fails, then enforceable rules will surely follow.
For now, though, the National Highway Transportation Safety Administration is calling its list of best practices mere guidelines. NHTSA published them last Monday, exactly three months after two researchers showed what’s at stake by remotely commandeering a Jeep Cherokee driving on a highway. The researchers described their cyberattack at a conference held in August. And they talked about other vulnerabilities last week.
The main theme of the guidelines is that auto companies should make cybersecurity a priority. That would mean sharing information with rivals, for instance by logging and relaying the details of an attack through “seamless and direct communication channels,” so that other companies can devise countermeasures.
It’s not easy to force such close cooperation: Technology is now the most competitive aspect of the auto business.
NHTSA also wants companies to give outside developers less access to engine control units (ECUs). If a developer needs such access to debug a system, …[Read more]