81 FR 75190 - Request for Comment on Cybersecurity Best Practices for Modern Vehicles
DEPARTMENT OF TRANSPORTATION
National Highway Traffic Safety Administration Federal Register Volume 81, Issue 209 (October 28, 2016)
National Highway Traffic Safety Administration
Federal Register Volume 81, Issue 209 (October 28, 2016)
| Page Range | 75190-75191 | |
| FR Document | 2016-26045 |
[Federal Register Volume 81, Number 209 (Friday, October 28, 2016)] [Notices] [Pages 75190-75191] From the Federal Register Online [www.thefederalregister.org] [FR Doc No: 2016-26045] ----------------------------------------------------------------------- DEPARTMENT OF TRANSPORTATION National Highway Traffic Safety Administration [Docket No. NHTSA-2016-0104] Request for Comment on Cybersecurity Best Practices for Modern Vehicles AGENCY: National Highway Traffic Safety Administration (NHTSA), Department of Transportation (DOT). ACTION: Request for public comment. ----------------------------------------------------------------------- SUMMARY: NHTSA invites public comment on its Cybersecurity Best Practices for Modern Vehicles. The document is available for a 30 day comment period at http://www.nhtsa.gov/staticfiles/nvs/pdf/812333_CybersecurityForModernVehicles.pdf. DATES: You should submit your comments early enough to ensure that Docket Management receives them no later than November 28, 2016. ADDRESSES: Comments should refer to the docket number above and be submitted by one of the following methods:Federal Rulemaking Portal: http://www.regulations.gov. Follow the online instructions for submitting comments. Mail: Docket Management Facility, U.S. Department of Transportation, 1200 New Jersey Avenue SE., West Building Ground Floor, Room W12-140, Washington, DC 20590-0001. Hand Delivery: 1200 New Jersey Avenue SE., West Building Ground Floor, Room W12-140, Washington, DC, between 9 a.m. and 5 p.m. ET, Monday through Friday, except Federal Holidays. Instructions: For detailed instructions on submitting comments and additional information on the rulemaking process, see the Public Participation heading of the SUPPLEMENTARY INFORMATION section of this document. Note that all comments received will be posted without change to http://www.regulations.gov, including any personal information provided. Privacy Act: Anyone is able to search the electronic form of all comments received into any of our dockets by the name of the individual submitting the comment (or signing the comment, if submitted on behalf of an association, business, labor union, etc.). You may review DOT's complete Privacy Act Statement in the Federal Register published on April 11, 2000 (65 FR 19477-78). For access to the docket to read background documents or comments received, go to http://www.regulations.gov or the street address listed above. Follow the online instructions for accessing the dockets. FOR FURTHER INFORMATION CONTACT: For technical issues: Mr. Arthur Carter of NHTSA's Office of Vehicle Crash Avoidance & Electronic Controls Research at (202) 366-5669 or by email at [email protected]. For legal issues: Mr. Steve Wood of NHTSA's Office of Chief Counsel at (202) 366-5240 or by email at [email protected]. SUPPLEMENTARY INFORMATION: A top NHTSA priority is enhancing vehicle cybersecurity to mitigate cyber threats that could present unreasonable safety risks to the public or compromise sensitive data such as personally identifiable information. And, the agency is actively engaged in approaches to improve the cybersecurity of modern vehicles. The agency has been conducting research and actively engaging stakeholders to identify effective methods to address the vehicle cybersecurity challenges. For example, in January 2016, NHTSA convened a public vehicle cybersecurity roundtable meeting in Washington, DC to facilitate diverse stakeholder discussion on key vehicle cybersecurity topics. Over 300 individuals attended this meeting. These attendees represented over 200 unique organizations that included 17 Original Equipment Manufacturers (OEMs), 25 government entities, and 13 industry associations. During the roundtable meeting, the stakeholder groups identified actionable steps for [[Page 75191]] the vehicle manufacturing industry to effectively and expeditiously address vehicle cybersecurity challenges. As a follow up, NHTSA held a meeting with other government agencies in February 2016 to discuss possibilities for collaboration among Federal partners to help the industry improve vehicle cybersecurity. As a result of the extensive public and private stakeholder engagement, NHTSA has developed a set of best practices for the automotive industry that the agency believes will further automotive cybersecurity. The agency notes that the Alliance of Automobile Manufacturers and the Association of Global Automakers, through the Auto Information Sharing and Analysis Center (Auto ISAC), released a ``Framework for Automotive Cybersecurity Best Practices'' on July 22, 2016.\1\ The primary goal of the NHTSA best practices, therefore, is to not supplant the industry-led efforts, but, rather, to support this effort and provide the agency's views on how the broader automotive industry (including those who are not members of the Auto ISAC) can develop and apply sound risk-based cybersecurity management practices to their product development processes. The document will also help the automotive sector organizations effectively demonstrate and communicate their cybersecurity risk management approach to both the public and internal and external stakeholders. NHTSA intends for the document to be updated with some frequency as new information, research, and practices become available. --------------------------------------------------------------------------- \1\ https://www.automotiveisac.com/best-practices/ practices/. --------------------------------------------------------------------------- NHTSA invites public comments on all aspects of these best practices, including how to make the best practices more robust, what gaps remain and whether there is sufficient research and/or practices to address those gaps. Public Participation How do I prepare and submit comments? Your comments must be written and in English. To ensure that your comments are filed correctly in the docket, please include the docket number of this document in your comments. Your comments must not be more than 15 pages long (49 CFR 553.21). NHTSA established this limit to encourage you to write your primary comments in a concise fashion. However, you may attach necessary additional documents to your comments. There is no limit on the length of the attachments. Please submit one copy (two copies if submitting by mail or hand delivery) of your comments, including the attachments, to the docket following the instructions given above under ADDRESSES. Please note, if you are submitting comments electronically as a PDF (Adobe) file, we ask that the documents submitted be scanned using an Optical Character Recognition (OCR) process, thus allowing the agency to search and copy certain portions of your submissions. How do I submit confidential business information? If you wish to submit any information under a claim of confidentiality, you should submit three copies of your complete submission, including the information you claim to be confidential business information, to the Office of the Chief Counsel, NHTSA, at the address given above under FOR FURTHER INFORMATION CONTACT. In addition, you may submit a copy (two copies if submitting by mail or hand delivery), from which you have deleted the claimed confidential business information, to the docket by one of the methods given above under ADDRESSES. When you send a comment containing information claimed to be confidential business information, you should include a cover letter setting forth the information specified in NHTSA's confidential business information regulation (49 CFR part 512). Will the agency consider late comments? NHTSA will consider all comments received before the close of business on the comment closing date indicated above under DATES. To the extent possible, the agency will also consider comments received after that date. How can I read the comments submitted by other people? You may read the comments received at the address given above under Comments. The hours of the docket are indicated above in the same location. You may also see the comments on the Internet, identified by the docket number at the heading of this notice, at http://www.regulations.gov. Please note that, even after the comment closing date, NHTSA will continue to file relevant information in the docket as it becomes available. Further, some people may submit late comments. Accordingly, the agency recommends that you periodically check the docket for new material. Anyone is able to search the electronic form of all comments received into any of our dockets by the name of the individual submitting the comment (or signing the comment, if submitted on behalf of an association, business, labor union, etc.). You may review DOT's complete Privacy Act Statement in the Federal Register published on April 11, 2000 (65 FR 19477-78) or you may visit http://www.dot.gov/privacy.html. Authority: Sec. 31402, Pub. L. 112-141. Issued in Washington, DC on October 24, 2016 under authority delegated in 49 CFR part 1.95. Nathaniel Beuse, Associate Administrator for Vehicle Safety Research. [FR Doc. 2016-26045 Filed 10-27-16; 8:45 am] BILLING CODE 4910-59-P
![75190 Federal Register / Vol. 81, No. 209 / Friday, October 28, 2016 / Notices
standard equipment antitheft device is use of an antitheft device similar to but • Hand Delivery: 1200 New Jersey
likely to be as effective in reducing and differing from the one specified in that Avenue SE., West Building Ground
deterring motor vehicle theft as exemption.’’ Floor, Room W12–140, Washington, DC,
compliance with the parts-marking The agency wishes to minimize the between 9 a.m. and 5 p.m. ET, Monday
requirements of part 541. The agency administrative burden that 49 CFR part through Friday, except Federal
finds that FCA has provided adequate 543.9(c)(2) could place on exempted Holidays.
reasons for its belief that the antitheft vehicle manufacturers and itself. The • Instructions: For detailed
device for the vehicle line is likely to be agency did not intend in drafting part instructions on submitting comments
as effective in reducing and deterring 543 to require the submission of a and additional information on the
motor vehicle theft as compliance with modification petition for every change rulemaking process, see the Public
the parts-marking requirements of the to the components or design of an Participation heading of the
Theft Prevention Standard (49 CFR part antitheft device. The significance of SUPPLEMENTARY INFORMATION section of
541). This conclusion is based on the many such changes could be de this document. Note that all comments
information FCA provided about its minimis. Therefore, NHTSA suggests received will be posted without change
device. that if the manufacturer contemplates to http://www.regulations.gov, including
For the foregoing reasons, the agency making any changes, the effects of any personal information provided.
hereby grants in full CFCA’s petition for which might be characterized as de • Privacy Act: Anyone is able to
exemption for its ‘MP’ MPV line from minimis, it should consult the agency search the electronic form of all
the parts-marking requirements of 49 before preparing and submitting a comments received into any of our
CFR part 541, beginning with its ‘MP’ petition to modify. dockets by the name of the individual
MPV model year vehicles. The agency submitting the comment (or signing the
Issued in Washington, DC under authority
notes that 49 CFR part 541, Appendix comment, if submitted on behalf of an
delegated in 49 CFR part 1.95.
A–1, identifies those lines that are association, business, labor union, etc.).
exempted from the Theft Prevention Raymond R. Posten,
You may review DOT’s complete
Standard for a given model year. 49 CFR Associate Administrator for Rulemaking.
Privacy Act Statement in the Federal
part 543.7(f) contains publication [FR Doc. 2016–26072 Filed 10–27–16; 8:45 am]
Register published on April 11, 2000
requirements incident to the disposition BILLING CODE 4910–59–P (65 FR 19477–78). For access to the
of all part 543 petitions. Advanced docket to read background documents
listing, including the release of future or comments received, go to http://
product nameplates, the beginning DEPARTMENT OF TRANSPORTATION
www.regulations.gov or the street
model year for which the petition is address listed above. Follow the online
granted and a general description of the National Highway Traffic Safety
Administration instructions for accessing the dockets.
antitheft device is necessary in order to FOR FURTHER INFORMATION CONTACT: For
notify law enforcement agencies of new
[Docket No. NHTSA–2016–0104] technical issues: Mr. Arthur Carter of
vehicle lines exempted from the parts
NHTSA’s Office of Vehicle Crash
marking requirements of the Theft
Request for Comment on Avoidance & Electronic Controls
Prevention Standard. FCA stated that an
Cybersecurity Best Practices for Research at (202) 366–5669 or by email
official nameplate for the vehicle has
Modern Vehicles at arthur.carter@dot.gov. For legal
not yet been determined. However, as a
issues: Mr. Steve Wood of NHTSA’s
condition to the formal granting of AGENCY: National Highway Traffic Office of Chief Counsel at (202) 366–
FCA’s petition for exemption from the Safety Administration (NHTSA), 5240 or by email at steve.wood@dot.gov.
parts-marking requirements of 49 CFR Department of Transportation (DOT).
part 541 for the MY 2017 ‘MP’ MPV SUPPLEMENTARY INFORMATION: A top
ACTION: Request for public comment. NHTSA priority is enhancing vehicle
line, the agency fully expects FCA to
notify the agency of the nameplate for SUMMARY: NHTSA invites public cybersecurity to mitigate cyber threats
the vehicle line prior to its introduction comment on its Cybersecurity Best that could present unreasonable safety
into the United States commerce for Practices for Modern Vehicles. The risks to the public or compromise
sale. document is available for a 30 day sensitive data such as personally
If FCA decides not to use the comment period at http:// identifiable information. And, the
exemption for this vehicle line, it must www.nhtsa.gov/staticfiles/nvs/pdf/ agency is actively engaged in
formally notify the agency. If such a 812333_ approaches to improve the cybersecurity
decision is made, the vehicle line must CybersecurityForModernVehicles.pdf. of modern vehicles. The agency has
be fully marked as required by 49 CFR been conducting research and actively
parts 541.5 and 541.6 (marking of major DATES: You should submit your engaging stakeholders to identify
component parts and replacement comments early enough to ensure that effective methods to address the vehicle
parts). Docket Management receives them no cybersecurity challenges. For example,
NHTSA notes that if FCA wishes in later than November 28, 2016. in January 2016, NHTSA convened a
the future to modify the device on ADDRESSES: Comments should refer to public vehicle cybersecurity roundtable
which this exemption is based, the the docket number above and be meeting in Washington, DC to facilitate
company may have to submit a petition submitted by one of the following diverse stakeholder discussion on key
to modify the exemption. 49 CFR part methods: vehicle cybersecurity topics. Over 300
543.7(d) states that a part 543 exemption • Federal Rulemaking Portal: http:// individuals attended this meeting.
mstockstill on DSK3G9T082PROD with NOTICES
applies only to vehicles that belong to www.regulations.gov. Follow the online These attendees represented over 200
a line exempted under this part and instructions for submitting comments. unique organizations that included 17
equipped with the anti-theft device on • Mail: Docket Management Facility, Original Equipment Manufacturers
which the line’s exemption is based. U.S. Department of Transportation, 1200 (OEMs), 25 government entities, and 13
Further, 49 CFR part 543.9(c)(2) New Jersey Avenue SE., West Building industry associations. During the
provides for the submission of petitions Ground Floor, Room W12–140, roundtable meeting, the stakeholder
‘‘to modify an exemption to permit the Washington, DC 20590–0001. groups identified actionable steps for
VerDate Sep<11>2014 18:12 Oct 27, 2016 Jkt 241001 PO 00000 Frm 00165 Fmt 4703 Sfmt 4703 E:\FR\FM\28OCN1.SGM 28OCN1](https://thefederalregister.org/doc/81_FR_75399/page/1.svg)
![Federal Register / Vol. 81, No. 209 / Friday, October 28, 2016 / Notices 75191
the vehicle manufacturing industry to comments. There is no limit on the Anyone is able to search the
effectively and expeditiously address length of the attachments. electronic form of all comments
vehicle cybersecurity challenges. As a Please submit one copy (two copies if received into any of our dockets by the
follow up, NHTSA held a meeting with submitting by mail or hand delivery) of name of the individual submitting the
other government agencies in February your comments, including the comment (or signing the comment, if
2016 to discuss possibilities for attachments, to the docket following the submitted on behalf of an association,
collaboration among Federal partners to instructions given above under business, labor union, etc.). You may
help the industry improve vehicle ADDRESSES. Please note, if you are review DOT’s complete Privacy Act
cybersecurity. submitting comments electronically as a Statement in the Federal Register
As a result of the extensive public and PDF (Adobe) file, we ask that the published on April 11, 2000 (65 FR
private stakeholder engagement, documents submitted be scanned using 19477–78) or you may visit http://
NHTSA has developed a set of best an Optical Character Recognition (OCR) www.dot.gov/privacy.html.
practices for the automotive industry process, thus allowing the agency to Authority: Sec. 31402, Pub. L. 112–141.
that the agency believes will further search and copy certain portions of your
automotive cybersecurity. The agency Issued in Washington, DC on October 24,
submissions. 2016 under authority delegated in 49 CFR
notes that the Alliance of Automobile part 1.95.
Manufacturers and the Association of How do I submit confidential business
information? Nathaniel Beuse,
Global Automakers, through the Auto
Information Sharing and Analysis Associate Administrator for Vehicle Safety
If you wish to submit any information Research.
Center (Auto ISAC), released a under a claim of confidentiality, you
[FR Doc. 2016–26045 Filed 10–27–16; 8:45 am]
‘‘Framework for Automotive should submit three copies of your
Cybersecurity Best Practices’’ on July BILLING CODE 4910–59–P
complete submission, including the
22, 2016.1 The primary goal of the information you claim to be confidential
NHTSA best practices, therefore, is to business information, to the Office of
not supplant the industry-led efforts, the Chief Counsel, NHTSA, at the DEPARTMENT OF THE TREASURY
but, rather, to support this effort and address given above under FOR FURTHER
provide the agency’s views on how the INFORMATION CONTACT. In addition, you Submission for OMB Review;
broader automotive industry (including may submit a copy (two copies if Comment Request
those who are not members of the Auto submitting by mail or hand delivery),
ISAC) can develop and apply sound October 25, 2016.
from which you have deleted the
risk-based cybersecurity management claimed confidential business The Department of the Treasury will
practices to their product development information, to the docket by one of the submit the following information
processes. The document will also help methods given above under ADDRESSES. collection request(s) to the Office of
the automotive sector organizations When you send a comment containing Management and Budget (OMB) for
effectively demonstrate and information claimed to be confidential review and clearance in accordance
communicate their cybersecurity risk business information, you should with the Paperwork Reduction Act of
management approach to both the include a cover letter setting forth the 1995, Public Law 104–13, on or after the
public and internal and external information specified in NHTSA’s date of publication of this notice.
stakeholders. NHTSA intends for the confidential business information DATES: Comments should be received on
document to be updated with some regulation (49 CFR part 512). or before November 28, 2016 to be
frequency as new information, research, assured of consideration.
and practices become available. Will the agency consider late
ADDRESSES: Send comments regarding
NHTSA invites public comments on comments?
the burden estimates, or any other
all aspects of these best practices, NHTSA will consider all comments aspect of the information collection(s),
including how to make the best received before the close of business on including suggestions for reducing the
practices more robust, what gaps remain the comment closing date indicated burden, to (1) Office of Information and
and whether there is sufficient research above under DATES. To the extent Regulatory Affairs, Office of
and/or practices to address those gaps. possible, the agency will also consider Management and Budget, Attention:
Public Participation comments received after that date. Desk Officer for Treasury, New
Executive Office Building, Room 10235,
How do I prepare and submit How can I read the comments submitted
Washington, DC 20503, or email at
comments? by other people?
OIRA_Submission@OMB.EOP.gov and
Your comments must be written and You may read the comments received (2) Treasury PRA Clearance Officer,
in English. To ensure that your at the address given above under 1750 Pennsylvania Ave. NW., Suite
comments are filed correctly in the Comments. The hours of the docket are 8142, Washington, DC 20220, or email
docket, please include the docket indicated above in the same location. at PRA@treasury.gov.
number of this document in your You may also see the comments on the FOR FURTHER INFORMATION CONTACT:
comments. Internet, identified by the docket Copies of the submissions may be
Your comments must not be more number at the heading of this notice, at obtained by emailing PRA@treasury.gov,
than 15 pages long (49 CFR 553.21). http://www.regulations.gov. calling (202) 622–0934, or viewing the
Please note that, even after the
mstockstill on DSK3G9T082PROD with NOTICES
NHTSA established this limit to entire information collection request at
encourage you to write your primary comment closing date, NHTSA will www.reginfo.gov.
comments in a concise fashion. continue to file relevant information in
the docket as it becomes available. Internal Revenue Service (IRS)
However, you may attach necessary
additional documents to your Further, some people may submit late OMB Control Number: N/A.
comments. Accordingly, the agency Type of Review: New collection
1 https://www.automotiveisac.com/best- recommends that you periodically (Request for a new OMB Control
practices/. check the docket for new material. Number).
VerDate Sep<11>2014 18:12 Oct 27, 2016 Jkt 241001 PO 00000 Frm 00166 Fmt 4703 Sfmt 4703 E:\FR\FM\28OCN1.SGM 28OCN1](https://thefederalregister.org/doc/81_FR_75399/page/2.svg)
Document Created: 2018-02-13 16:39:50
Document Modified: 2018-02-13 16:39:50
| Category | Regulatory Information | |
| Collection | Federal Register | |
| sudoc Class | AE 2.7: GS 4.107: AE 2.106: | |
| Publisher | Office of the Federal Register, National Archives and Records Administration | |
| Section | Notices | |
| Action | Request for public comment. | |
| Dates | You should submit your comments early enough to ensure that Docket Management receives them no later than November 28, 2016. | |
| Contact | For technical issues: Mr. Arthur Carter of NHTSA's Office of Vehicle Crash Avoidance & Electronic Controls Research at (202) 366-5669 or by email at [email protected] For legal issues: Mr. Steve Wood of NHTSA's Office of Chief Counsel at (202) 366-5240 or by email at [email protected] | |
| FR Citation | 81 FR 75190 |
2025 Federal Register | Disclaimer | Privacy Policy
USC | CFR | eCFR