Advanced driver assistance technologies depend on an array of electronics, sensors, and computer systems. In advancing these features and exploring the safety benefits of these new vehicle technologies, NHTSA is focused on strong cybersecurity to ensure these systems work as intended and are built to mitigate safety risks.
What Is Vehicle Cybersecurity?
Today, cybersecurity affects each one of us on a multitude of levels. Our professional work, our personal lives—even our vehicles—depend on connectivity and technology that runs on complex software. As information technology becomes increasingly integral to our daily lives, our dependency on subsequent information systems grows. In turn, we experience an increase in vulnerabilities and potential attacks against those systems. Cybersecurity rose out of necessity to protect these systems and the information contained within them. Applied to vehicles, cybersecurity takes on an even more important role: systems and components that govern safety must be protected from harmful attacks, unauthorized access, damage, or anything else that might interfere with safety functions.
Increasingly, today’s vehicles feature driver assistance technologies, such as forward collision warning, automatic emergency braking, and vehicle safety communications. In the future, the deployment of driver assistance technologies may result in avoiding crashes altogether, particularly crashes attributed to human drivers’ choices. Given the potential safety benefits these innovations enable, NHTSA is exploring the full spectrum of its tools and resources to ensure these technologies are deployed safely, expeditiously, and effectively, taking steps to address the challenges they pose, including cybersecurity.
To ensure a comprehensive cybersecurity environment, NHTSA has adopted a multi-faceted research approach that leverages the National Institute of Standards and Technology Cybersecurity Framework and encourages industry to adopt practices that improve the cybersecurity posture of their vehicles in the United States. NHTSA's goal is to collaborate with the automotive industry to proactively address vehicle cybersecurity challenges, and to continuously seek methods to mitigate associated safety risks.
Cybersecurity Protection Methods
NHTSA promotes a multi-layered approach to cybersecurity by focusing on a vehicle’s entry points, both wireless and wired, which could be potentially vulnerable to a cyberattack. A layered approach to vehicle cybersecurity reduces the possibility of a successful vehicle cyber-attack, and mitigates the potential consequences of a successful intrusion. A comprehensive and systematic approach to developing layered cybersecurity protections for vehicles includes the following:
- A risk-based prioritized identification and protection process for safety-critical vehicle control systems;
- Timely detection and rapid response to potential vehicle cybersecurity incidents on America’s roads;
- Architectures, methods, and measures that design-in cyber resiliency and facilitate rapid recovery from incidents when they occur; and
- Methods for effective intelligence and information sharing across the industry to facilitate quick adoption of industry-wide lessons learned. NHTSA encouraged the formation of Auto-ISAC, an industry environment emphasizing cybersecurity awareness and collaboration across the automotive industry.
Vehicle Cybersecurity Training Curriculum
For information on the pilot test training curriculum for vehicle cybersecurity professionals, visit the Vehicle Cybersecurity Training Curriculum Pilot Testing page.
The field of vehicle cybersecurity is exciting and new! Follow along with our current research projects as we continue to contribute to this evolving field.
- Anomaly-based intrusion detection systems research: Researching metrics and objective test methods to assess effectiveness of such solutions.
- Cybersecurity of firmware updates: Researching cybersecurity of automotive electronics update mechanisms through physical and over-the-air means.
- Cybersecurity considerations for heavy vehicles: Researching similarities and differences between passenger cars and larger vehicles from a cybersecurity considerations standpoint.
- Research on reference parser development for V2V communication interfaces: Developing a formally verified and mathematically proven message parser for V2V communication interfaces.
- In-house cybersecurity research at the Vehicle Research and Test Center (VRTC) in East Liberty, Ohio: This research explores the cybersecurity risks of today’s vehicle electronic architectures and aims to establish principles and guidance that could improve the cybersecurity posture of passenger vehicles through applied research.
NHTSA is dedicated to advancing the lifesaving potential of vehicle technologies
The need for powerful automotive cybersecurity corresponds with the rapid advances in vehicle technology. NHTSA’s ultimate goal is to save lives, prevent injuries, and reduce the economic costs of vehicle crashes. This goal is potentially achieved through the implementation of driver assistance technologies, and cybersecurity goes hand-in-hand with this process.
NHTSA regularly collaborates with other government agencies, vehicle manufacturers, suppliers, and the public to further industry’s efforts in addressing vehicle cybersecurity challenges. The objective of this strategy is to promote the impact of the various safety applications employed in current vehicles, as well as those envisioned for future vehicles that may feature more advanced forms of automation and connectivity. NHTSA's approach to vehicle cybersecurity has the following goals:
- Expand and share the automotive cybersecurity knowledge base to better establish comprehensive research plans and develop enabling tools for applied research in this area;
- Support the automotive industry in implementing effective, industry-based best practices and voluntary standards for cybersecurity and participate in cybersecurity information-sharing forums;
- Foster the development of new system solutions for automotive cybersecurity; and
- Determine the feasibility of developing performance evaluation methods for automotive cybersecurity.