NHTSA Cybersecurity Best Practices for Modern Vehicles

Status: Final Published

Date: October 2016, Version 1

Region: United States

Document: Link

Background

The U.S. DOT’s NHTSA is behind the Cybersecurity Best Practices for Modern Vehicles (Report No. DOT HS 812 333). It is part of the NHTSA’s Vehicle Cybersecurity Research Approach, which focuses on five main goals:

1. Expand and share automotive cybersecurity knowledge
2. Help the automotive industry with best practices and voluntary standards for cybersecurity
3. Foster the development of new system solutions for automotive cybersecurity
4. Determine the feasibility of developing minimum performance requirements for automotive cybersecurity
5. Gather foundational research data and facts to inform potential future Federal policy and regulatory activities

The DOT HS 812 333 was published as part of the second goal and provides core best practices for the automotive industry, notably manufacturers and designers, to improve vehicle cybersecurity. The DOT HS 812 333 aims to complement SAE J3061 Recommended Best Practice, Cybersecurity Guidebook for Cyber-Physical Vehicle Systems, and the Alliance of Automobile Manufacturers and the Auto-ISAC Automotive Cybersecurity Best Practices. It further complements the NHTSA’s Federal Automated Vehicles Policy, published in September 2016, which considers vehicle cybersecurity in the Vehicle Performance Guidance for automated vehicles.

Summary

The NHTSA’s goal is to leverage existing tools and technologies. The DOT HS 812 333 recommends using a layered approach to vehicle cybersecurity, which is framed after the U.S. NIST Cybersecurity Framework. This approach focuses on four principles:

• Risk-based prioritized identification and protection of safety-critical vehicle control systems
  and personally identifiable information
• Timely detection and rapid response to potential vehicle cybersecurity incidents in the field
• Designed-in methods and measures to facilitate rapid recovery from incidents when they occur
• Institutionalized methods for accelerated adoption of lessons learned across the industry
  through effective information sharing

Many of those principles can be applied by using existing security standards, such as ISO 27000 series on Information Technology – Security Techniques – Information Security Management Systems, as well as the Center for Internet Security’s (CIS) Critical Security Controls (CSC) for Effective Cyber Defense; used in other sectors, including finance, energy, communications, and IT.

With regard to direct guidance, the DOT HS 812 333 highlights the need for OEMs to follow robust product development processes based on a systems-engineering approach that should minimize safety risks and cybersecurity threats and vulnerabilities. Explicit consideration should be given to privacy as well, and this should occur throughout the vehicle life cycle. This entails developing not only safety risk assessments, but also appropriate detection and remediation capabilities. All these efforts should be continuously documented.

Secondly, the automotive industry has to foster a corporate culture of vehicle cybersecurity by investing in cybersecurity research and development, opening up communication channels to discuss cybersecurity, as well as allowing for independent opinions on cybersecurity during the design process. This includes information sharing within the industry as well, and the NHTSA highlights here the Auto ISAC as the primary forum for this.

Thirdly, the DOT HS 812 333 recommend putting into place vulnerability reporting and disclosure policies, as well as an incident response process, which can include reporting back to the Auto ISAC and to the US-CERT/ US-ICS CERT.

Fourthly, the best practices recommend self-auditing procedures for the automotive industry, which includes risk assessments, penetration testing, and self-review (with a suggested approach of publishing annual reports on the state of their cybersecurity practices).

Further, the DOT HS 812 333 lists a number of fundamental vehicle cybersecurity protection mechanisms that should be considered for securing automotive computing systems, including:

• Limit developer/debugging access in production devices
• Control keys
• Control vehicle maintenance diagnostic access
• Control access to firmware
• Limit the ability to modify firmware
• Control proliferation of network ports, protocols, and services
• Use segmentation and isolation techniques in vehicle architecture design
• Control internal vehicle communications
• Log events
• Control communication to back-end servers
• Control wireless interfaces

The NHTSA also advocates participating in educational initiatives to improve the industry’s cybersecurity posture, such as the SAE/Battelle Cyber Auto Challenge, NIST’s National Initiative for Cybersecurity Education program, and the Enhanced Safety of Vehicles Student Design Competition.
The final recommendations offer some guidance for aftermarket devices and serviceability, with the emphasis on ensuring cybersecurity practices extending to those products and services that will be provided further down the value chain by third parties.

Notes

The NHTSA is working on a number of additional research projects in the field, including anomaly- based IDS, cybersecurity of firmware updates, cybersecurity considerations for heavy vehicles, reference parser development for V2V communication interfaces, and improving the cybersecurity posture of passenger vehicles.