DATES: Comments must be received on or before May 2, 2016
HIGHLIGHTS: The proposed Enforcement Guidance Bulletin set forth in this notice contains NHTSA’s current views on emerging automotive technologies—including its view that when vulnerabilities of such technology or equipment pose an unreasonable risk to safety, those vulnerabilities constitute safety-related defect—and suggests guiding principles and best practices for motor vehicle and equipment manufacturers in this context.
Part III of the notice sets forth the “Guidance and Recommended Best Practices: Safety-Related Defects, Unreasonable Risk, and Emerging Technologies”.
To avoid violating Safety Act requirements and standards, manufacturers of emerging technology and the motor vehicles on which such technology is installed are strongly encouraged to take steps to proactively identify and resolve safety concerns before their products are available for use on public roadways.
In the case of cybersecurity vulnerabilities, NHTSA will weigh several factors in determining whether a vulnerability poses an unreasonable risk to safety (and thus constitutes a safety related defect), including: (i) the amount of time elapsed since the vulnerability was discovered (e.g., less than one day, three months, or more than six months); (ii) the level of expertise needed to exploit the vulnerability (e.g., whether a layman can exploit the vulnerability or whether it takes experts to do so); (iii) the accessibility of knowledge of the underlying system (e.g., whether how the system works is public knowledge or whether it is sensitive and restricted); (iv) the necessary window of opportunity to exploit the vulnerability (e.g., an unlimited window or a very narrow window); and, (v) the level of equipment needed to exploit the vulnerability (e.g., standard or highly specialized). NHTSA uses those factors, and others, to help assess the overall probability of a malicious cybersecurity attack.
Manufacturers should consider adopting a life-cycle approach to safety risks when developing automated vehicles, other innovative automotive technologies, and safety compliance programs and other business practices in connection with such technologies. A life-cycle approach would include elements of assessment, design, implementation, and operations as well as an effective testing and certification program.
Considering hardware, software, and network and cloud security, manufacturers should consider developing a simulator, using case scenarios and threat modeling on all systems, sub-systems, and devices, to test for safety risks, including cybersecurity vulnerabilities, at all steps in the manufacturing process for the entire supply chain, to implement an effective risk mitigation plan.
This Bulletin is not intended, nor can it be relied upon, to create any rights enforceable by any party against NHTSA, the U.S. Department of Transportation, or the United States. These recommended practices do not establish any defense to any violations of the Safety Act, or regulations thereunder, or violation of any statutes or regulations that NHTSA administers. This Bulletin may be revised in writing without notice to reflect changes in the Agency’s views and analysis, or to clarify and update text
