In the latest iteration of the Obama Administration’s cyber push, the Department of Transportation last week released guidance to the automotive industry regarding improving motor vehicle cybersecurity.
The guidance passed down from the National Highway Traffic Safety Administration (NHTSA) offers several key recommendations to auto makers and parts manufacturers, including ensuring that cars can respond and recover from cyber attacks, securing consumers’ personal data, and streamlining internal company communications regarding cybersecurity.
This twenty-two page guidance marks an important first step in both prioritizing cybersecurity among public and private transportation stakeholders as well as recognizing the research and public comment that is required before taking meaningful steps to securing vehicles from cyber threats. However, given the rapidly changing dynamics of transportation technology, the federal government must get out in front of emerging threats rather than employ a reactive and delayed response to threats that will have already quickly become surpassed by more advanced methods of attack.
Cyber is not an area where the government can afford to be slow paced. Technology changes rapidly in both sophistication and precision, and federal guidance must not match but surpass the pace of that growth. The rise of self-driving cars is especially indicative of Department of Transportation’s need to stop trailing industry trends. As this new industry sees explosive growth that is not matched by important cyber safety checks, public safety will be put in harm’s way.
The government’s response to technological advancement has been lampooned before, even by those on the inside. President Obama has called for greater regulatory innovation with regard to technology in order to replace “old creaky systems.” Simply pointing out these creaky systems is not nearly enough, however; they must be either oiled or replaced before they collapse.