Advanced vehicle safety technologies depend on an array of electronics, sensors, and computing power. In advancing these features and exploring the potential of fully autonomous vehicles, NHTSA is focused on cybersecurity to ensure that these systems work as intended.
Keeping hackers out
Why It Matters
Vehicle hacking is when someone attempts to gain unauthorized access to vehicle systems for the purpose of retrieving driver data or manipulating vehicle functionality. Vulnerabilities may exist within a vehicle’s wireless communication functions, within a mobile device – such as a cellular phone or tablet connected to the vehicle via USB, Bluetooth, or Wi-Fi – or within a third-party device connected through a vehicle diagnostic port. It may be possible for a hacker to remotely exploit these vulnerabilities and gain access to the vehicle’s controller network or to data stored on the vehicle, although vulnerabilities may not always result in a hacker being able to access all parts of the vehicle systems.
Our Approach to Cybersecurity
To ensure a robust cybersecurity environment for these dynamic new technologies, NHTSA adopted a layered research approach, modified its organizational structure, and is continually developing vital partnerships, encouraging members of the industry to take independent steps to help improve the cybersecurity posture of vehicles in the United States. NHTSA's goal is to stay ahead of potential vehicle cybersecurity challenges, and to continue seeking ways to address or avoid them altogether.
In October 2016, NHTSA released proposed guidance for improving motor vehicle cybersecurity. The guidance focuses on layered solutions to ensure vehicle systems are designed to take appropriate and safe actions, even when an attack is successful. The guidance recommends risk-based prioritized identification and protection of critical vehicle controls and consumers' personal data. Further, it recommends that companies should consider the full life-cycle of their vehicles and facilitate rapid response and recovery from cybersecurity incidents.