NHTSA Publishes Final Cybersecurity Best Practices

On September 9, 2022, the National Highway Traffic Safety Administration (NHTSA) announced its publication of final Cybersecurity Best Practices for the Safety of Modern Vehicles (the “2022 Best Practices”). The 2022 Best Practices reflect the agency’s final, non-binding vehicle cybersecurity guidance following its release of draft guidance in January 2021. The 2022 Best Practices also is an update to NHTSA’s first cybersecurity best practices document, which was issued in 2016

The 2022 Best Practices describe steps manufacturers can take to improve vehicle cybersecurity in light of emerging risks, taking into account both technological developments as well as other voluntary industry information security standards. These include:

  • creating a system of governance for identifying and preventing cybersecurity risks, including creating processes and procedures to report and eradicate security incidents;
  • implementing risk assessments in the design, manufacturing, and selling of vehicles;
  • proactively auditing processes and procedures to ensure effectiveness;
  • limiting access to vehicle computing resources and design diagnostics to identify and eliminate potential unauthorized access; and
  • promoting collaboration between the industry and staying updated on new innovations and trends/standards in the market, such as the National Institute for Standards and Technology (“NIST”) cybersecurity standards.

The 2022 Best Practices remind vehicle manufacturers to make vehicle cybersecurity a priority as vehicles become more technologically advanced, and to stay informed regarding the best practices to prevent unreasonable, foreseeable cybersecurity risks.