DETROIT (AP) – The government’s highway safety agency says automakers should make cybersecurity part of their product development process by assessing risks and designing in protections.
Companies also should identify safety critical systems such as engine control computers and limit their exposure to attacks, under best practice guidelines released Monday by the National Highway Traffic Safety Administration. The agency also wants automakers to limit access to car owners’ personal data.
The guidelines aren’t requirements but will go into effect after a 30-day public comment period. The agency also wants automakers to make plans to detect cyberattacks and respond rapidly to limit them. The guidelines suggest closing off software developer access to firmware that controls cars.
The industry already is doing most of the recommendations and has set up its own best practices and information-sharing methods.