Privacy & Information Security Law Blog

On September 20, 2016, the Department of Transportation, through the National Highway Traffic Safety Administration (“NHTSA”), released federal cyber guidance for autonomous cars entitled Federal Automated Vehicles Policy (“guidance”).

The guidance makes a number of recommendations, including that automated vehicles should be designed to comply with “established best practices for cyber physical vehicle systems.” To that end, the guidance recommends manufacturers follow “guidance, best practices and design principles" published by National Institute for Standard and Technology, NHTSA and other industry groups, including the Automotive Information Sharing and Analysis Center (“Auto-ISAC”). Manufacturers also are encouraged to engage in information sharing – sharing data recorded during driving for the purpose of reducing crashes and improving highway safety, as well as sharing cyber threat signatures. The guidance recommends manufacturers report “any and all discovered vulnerabilities” to the Auto-ISAC as soon as possible.

Signaling a phased approach to driverless vehicle policy, the guidance is voluntary. The guidance is only the first step, however, and should not be viewed as foreclosing future federal regulations over driverless vehicles. President Obama noted in an op-ed that the guidance guides “states on how to wisely regulate these new technologies, so that when a self-driving car crosses from Ohio into Pennsylvania, its passengers can be confident that other vehicles will be just as responsibly deployed and just as safe,” but also said that “my administration is rolling out new rules of the road for automated vehicles.” Indeed, the President warned, “make no mistake: If a self-driving car isn’t safe, we have the authority to pull it off the road. We won’t hesitate to protect the American public’s safety.” Notably, the guidance comes on the heels of reports that Chinese cybersecurity researchers were able to hack into a driverless car from 12 miles away and tamper with electronically controlled features of the car, including brakes and locks.