US moves to secure IoT, starting with cars


The US government is attempting to make the internet of things more secure, as more and more experts claim it’s almost impossible to guarantee machine-to-machine networks can be totally safeguarded. 

The US Department of Transportation has issued guidelines on cybersecurity for road-going vehicles through its agency, the National Highway Traffic Safety Administration.

US transport secretary Anthony Foxx says: “Cybersecurity is a safety issue, and a top priority at the Department.

“Our intention with today’s guidance is to provide best practices to help protect against breaches and other security failures that can put motor vehicle safety at risk.”

The NHTSA is advising risk-based prioritized identification and protection of critical vehicle controls and consumers’ personal data.

It also recommends that companies should consider the full life-cycle of their vehicles and facilitate rapid response and recovery from cybersecurity incidents.

Additionally, it highlights the importance of making cybersecurity a top leadership priority for the automotive industry, and suggests that companies should demonstrate it by allocating appropriate and dedicated resources, and enable seamless and direct communication channels though organizational ranks related to vehicle cybersecurity matters.

The NHTSA IoT security model is based on public feedback, as well as the National Institute of Standards and Technology’s (NIST) Framework for Improving Critical Infrastructure Cybersecurity.

It follows actions by a number of reports on motor vehicle cybersecurity, including SAE J3061 Recommended Best Practice: Cybersecurity Guidebook for Cyber-Physical Vehicle Systems and the executive summary to the Automotive Cybersecurity Best Practices issued by the Auto-ISAC in, collaboration with the motor vehicle trade associations, in July 2016.

The NHTSA has also issued federal policy for the safe testing and usage of automated vehicles. By “automated” it means technology often referred to advanced driver assistance systems, or ADAS.

ADAS includes such things as autonomous emergency braking, self-parking, lane changing, and so on. Many reports have emerged indicating that such systems can be remotely hacked because they are connected to the internet.

Secretary Foxx says the NHTSA’s policy is “the first in a series of proactive approaches, including the release of a rule on vehicle to vehicle communications, which will bring lifesaving technologies to the roads safely and quickly while leaving innovators to dream up new safety solutions”.

As well as these moves by the DoT, the National Telecommunications and Information Administration, which is a division of the US Department of Commerce, has embarked on a consultation on IoT security.

“This multi-stakeholder process will help with the recognized  need for a secure lifecycle approach to IoT devices,” says the NTIA in a statement. “The ultimate objective is to foster a market offering more devices and systems that support security upgrades through increased consumer awareness and understanding.”

The market for connected cars, which are often referred to as autonomous cars, is growing much faster than the market for regular, traditional mechanical cars, according to a report by McKinsey, which estimates that while traditional car numbers will grow at a rate of less than 3 per cent a year until 2020, connected cars will grow at an accelerating rate of around 10 to 20 per cent by the end of the decade.

General Motors claims to have sold the highest number of connected cars in recent years, with an estimated 3 million currently on the road.

Such developments are creating a large market in cab-hailing apps such as Uber, with many saying that in the future, the cabs hailed will be driverless.

During a panel discussion at the White House’s first-ever Frontiers Conference earlier this month, Secretary Foxx said our could be last car-owning generation, according to a report in