And they want manufacturers to tighten up on digital car safety.
Advancements in vehicle technology have brought untold benefits to the industry and customers alike. But, as with anything, there are downsides. Hackers have targeted the automotive sector in several ways. Honda, for example, had its production line attacked in 2020. Thankfully, this was rectified, but more recently, the Ford F-150 Lightning was found to be susceptible to threats too.
To prevent widespread hacking issues, the National Highway Traffic Safety Administration (NHTSA) has released new guidelines about the safety of modern motor vehicles in America. This serves as an update to the original 2016 mandate and covers an array of issues.
"As vehicle technology and connectivity develop, cybersecurity needs to be a top priority for every automaker, developer, and operator," said the NHTSA's Dr. Steven Cliff. "NHTSA is committed to the safety of vehicles on our nation's roads, and these updated best practices will provide the industry with important tools to protect Americans against cybersecurity risks."
The guidelines state that all automakers should go to great lengths to ensure that vehicles (and owner information) are as secure as possible. Obviously, the government agency doesn't dictate what companies should do but notes all systems and electronic architectures should protect against attacks and, in the event of a successful hack, take the correct actions.
Five principles - Identify, Protect, Detect, Respond, and Recover - should guide automakers in the right direction. The NHTSA believes vehicle systems should utilize risk-based assessment programs, eliminate potential threats, and do so in a timely manner. If this fails to stop a cyberattack, the electronic architecture should make provisions for data recovery through predetermined processes.
It doesn't stop there, though. Companies involved in the development of these systems have been advised to allocate resources to the research and testing of cybersecurity vulnerabilities, for example.
Automakers are also encouraged to develop systems that are free of "unreasonable safety risks." The NHTSA highlights one particular area that could cause serious issues if hacked: vehicle sensor data. "It is prudent for manufacturers to consider that vehicle systems and their behavior could be influenced through sensor signal manipulation in addition to traditional software/firmware modifications."
Vulnerable vehicle sensors could lead to the manipulation of GPS positioning, camera blinding, and various other issues. The risks here are plain to see. A motivated criminal could use this to cause chaos on the roads or even lead an unsuspecting driver to a dangerous location. The organization notes this could also lead to lidar and/or radar jamming, as well as the "excitation of machine learning false positives."
To prevent this from happening, manufacturers are also called on to keep a database of hardware and software components for every vehicle that sails down the production line.
Aside from that, the NHTSA is hoping automakers will evaluate externally sourced components for safety and security. Of course, these are just a few of the guidelines. If you have time, the 25-page-long document makes for interesting reading.
While it sounds like something out of a movie, automotive hacking is becoming more commonplace. Recently, one Tesla owner decided to hack several of the brand's electric cars by messing with their charging ports. Earlier in the year, another hacker claimed he had remote control of more than 25 Teslas across the globe.
Interestingly, both individuals claim to be doing this for the greater good by alerting owners to the vulnerabilities in their tech-laden vehicles. Hopefully, the world's car makers will consider the NHTSA's recommendations and produce safer cars for consumers in the United States and the world as a whole.