The National Highway Traffic Safety Administration (NHTSA) has entered into a data sharing agreement with all of the major car manufacturers, which includes the requirement that the manufacturers develop best practices around cybersecurity and encourages them to share information relating to cyber-threats and defenses to cyber intrusions.

The “Proactive Statement of Principles 2016” states: “automakers and NHTSA are reaffirming our resolve to leverage our collective strength and knowledge to work collaboratively, consistent with the law, to further enhance the safety of the traveling public.”

The fourth objective of the Principles is “Enhance Automotive Cybersecurity” which is to “explore and employ ways to work collaboratively in order to mitigate those cyber threats that could present unreasonable safety risks.” It includes developing suggested best practices learned from within and outside the auto industry concerning cyber threats and remediation, developing ways to engage researchers to assist with cyber threat identification and response, and to support and enhance information sharing by the auto industry’s information sharing and analysis center (Auto-ISAC) by voluntarily sharing cybersecurity threat and vulnerability information with members, sharing information about countermeasures used, and expand the membership in the Auto-ISAC to the supplier community.

Signatories to the agreement include the National Highway Traffic Safety Administration, Honda, BMW, FCA, Ford, GM, Hyundai, Jaguar Land Rover, Kia, Mazda, Mercedes-Benz, Mitsubishi, Nissan, Porsche, Subaru, Tesla, Toyota, Volkswagen, and Volvo.