NHTSA Updates Cybersecurity Best Practice of Modern Vehicles

Jan 25, 2021
Connected Car Security

Changes are on the way for the cybersecurity concerns in the automotive industry, with the National Highway and Traffic Safety Administration (NHTSA) releasing an update to their Cybersecurity Best Practices for the Safety of Modern Vehicles.

The 2020 update on the document was based on agency research, industry progress, and public comments received on the previous version. The update also built on automotive cybersecurity issues that researchers discovered over the past four years. The best practices also used evolving industry standards and best practices developed by the Automotive Information Sharing and Analysis through its members.

“Vehicle cybersecurity has high stakes. The safety and security of everyone on our roads depend on it. We have learned a great deal in the past four years, and I encourage feedback on the 2020 edition,” said NHTSA Deputy Administrator James Owens.

NHTSA's update aligned with the UN regulations on cybersecurity and software update released in June 2020. These updates aimed to help tackle cybersecurity risks by creating precise performance and audit requirements for car manufacturers. The two new regulations were also adopted by the United Nations Economic Commission for Europe’s (UNECE) World Forum for Harmonization of Vehicle Regulations. The two new regulations also require that measures be applied in four distinct disciplines:

  • Managing vehicle cyber risks
  • Securing vehicles by design to reduce risk along the value chain;
  • Detecting and responding to security incidents across the vehicle fleet; and
  • Providing safe and secure software updates and ensuring vehicle safety is not compromised, introducing a legal basis for so-called “Over-the-Air” (O.T.A.) updates to on-board vehicle software.


The NHSTA document also included 43 general best practice recommendations and 14 with specific references to ISO/SAE 21434. ISO/SAE 21434 guides the automotive industry, which aids in navigating automotive cybersecurity so that organizations can mitigate risks and strengthen their cyber resilience.


Fourteen other recommendations from the NHTSA can also be directly mapped to 21434, with four other recommendations that would be highly liked covered by the results of the 21434 processes.


To learn more about ISO/SAE 21434 and how it sets the standard for the cybersecurity of connected cars, read Trend Micro’s exclusive white paper. It discusses the importance of cybersecurity in the connected car industry and provides approaches to securing connected cars as recommended by experts.

Author: Ericka Pingol

This website uses cookies for website functionality, traffic analytics, personalization, social media functionality, and advertising. By continuing to browse, you agree to our use of cookies.
Learn moreprivacy policy