In its most comprehensive statement yet on autonomous vehicles, the US Department of Transportation has issued a 15-point set of federal safety assessment guidelines covering issues like cybersecurity, black box recordings and how a vehicle would deal with potential ethical conundrums.
The Obama administration also said it would consider seeking the power to approve technology for self-driving cars and said that individual states should not issue separate rules.
When it comes to cyber, the guidelines say that “the manufacturer or other entity should address the cross-cutting items as a vehicle or equipment is designed and developed to ensure that the vehicle has data recording and sharing capabilities; [and] that it has applied appropriate functional safety and cybersecurity best practices.”
US Secretary of Transportation Anthony Foxx said in a press conference that National Highway Transportation Safety Administration (NHTSA) would act to bring manufacturers in line if necessary. “We will not hesitate to use our recall authority when we have identified a defect that presents an unreasonable risk to safety,” Foxx said.
That was echoed from the top. "If a self-driving car isn't safe, we have the authority to pull it off the road. We won't hesitate to protect the American public's safety," President Barack Obama wrote in a Pittsburgh Post-Gazette op-ed. "We have to get it right."
On the privacy front, DoT said that manufacturers’ privacy policies must explain how they collect, use, share, secure, audit and destroy data from vehicles, offering choices as to how personally identifiable information (PII) like geolocation, biometric and driver behavior data is accessed and used. It also said that manufacturers should collect and retain the minimum amount of personal data required to achieve legitimate business purposes—and keep the data only for as long as necessary. In addition, they should implement data security measures to protect consumers' PII.
The move is timely: Navigant Research projects that by 2020, 25% of shipped cars will support different levels of autonomy, growing to 44% of all shipped cars in 2025.
“These levels, established by the NHTSA and SAE, range from braking and acceleration to auto sensing cars and changing lanes to complete autonomy with the car controlling all safety-critical functions through the entire trip,” said David Barzilai, Karamba Security chairman and co-founder, via email. “The DoT guidelines indicate the need for cybersecurity best practices and call upon industry technology companies and the car manufacturers to share knowledge and create them. DoT expects such best practices to be embedded in the designs of the autonomous cars. The leading car companies and Tier-1 providers have already started to create internal methods for hardening cars against hackers. Yet, they have been experiencing a gap between common enterprise cybersecurity methodologies that protect against data loss and in-car security that protects against fatalities and damages. Both NHTSA and the industry are seeking solutions that will enable the prevention of attacks, not just detection, without risking lives due to false alarms, problems that can lead to legitimate car commands failing to execute, such as airbag deployment.”
Overall, the plan has drawn praise from the security community.
"The Administration showed itself to be both industry-supportive and tech-savvy by choosing guidance over regulation,” said Intel Security CTO, Steve Grobman, via email. “They’ve focused on best practices and the Auto-ISAC threat analysis and vulnerability-sharing between automakers and component manufacturers. They clearly understand that the critical cybersecurity challenge in self-driving vehicles will be tackling the threats of today and tomorrow—versus the threats of five years ago…One of the greatest challenges of cybersecurity is that a regulation-based approach to protection never keeps up with the rapid pace of a changing cyber-threat landscape. New threats and vulnerabilities come to light each month. Well-meaning regulatory regimes can force an opportunity cost upon manufacturers, as limited resources best applied to address today’s most critical threats can be spent wrestling with restrictions meant to address older issues long after they are critical security concerns.”
Photo © riopatuca