Vehicle-related cyber incidents could have devastating and deadly effects, particularly as cars and trucks become more highly automated and rely more heavily on wireless technologies. To combat this threat, the U.S. Department of Transportation (DOT) has issued proposed cybersecurity guidance to ensure that vehicles are protected from hacking and other cyber threats.

The proposed guidance comes several weeks after DOT and the National Highway Traffic Safety Administration (NHTSA) issued guidance to automotive manufacturers aimed at encouraging the development of automated vehicles. That guidance touched on data recording and sharing, privacy, and cybersecurity issues, among others.

The DOT's proposed cybersecurity guidance recommends that manufacturers prioritize the protection of consumers' personal data as well as critical vehicle controls. It recommends that businesses account for the full anticipated life cycles of the products and vehicles they supply, and that they implement procedures to rapidly respond to and recover from cybersecurity incidents, whether those incidents occur when a vehicle is in use or otherwise.

The proposed guidance encourages the automotive industry to make cybersecurity a top priority, allocating resources appropriately, sharing threat information, and establishing protocols to ensure that any incidents are quickly elevated to a company's highest levels. Specifically, the proposed guidance suggests that industry participants should have an established protocol for responding to incidents, setting forth clear responsibilities for each incident response team member. NHTSA recommends that more employees than ever before be trained on new cybersecurity practices, and that companies self-audit throughout the entire process of product development, testing, implementation, and in-the-field use. Cooperation among industry leaders and their development partners is also encouraged, with DOT stressing that companies should share threat intelligence and the lessons they have learned.

Industry participants and interested members of the public are invited to provide NHTSA with public comments on the proposed guidance. The deadline for submitting comments is November 23, 2016. With the stakes of automotive-related cyber incidents so high, however, companies in this industry should not wait to establish robust cybersecurity programs with rapid response protocols or to train employees on how to address issues that arise.