NHTSA Vehicle Cybersecurity Roundtable

January 19, 2016

artwork depicting drowsy drivers NHTSA Vehicle Cybersecurity Roundtable

As part of the push to nurture proactive safety cultures, NHTSA is hosting a one-day roundtable discussion with industry and other experts to facilitate the development and adoption of vehicle cybersecurity standards and best practices. By bringing together experts from vehicle manufacturers, suppliers, technology companies, industry specialists, researchers, and government agencies, NHTSA aims to identify actionable steps for the stakeholder groups to take so that the vehicle manufacturing industry can address vehicle cybersecurity challenges effectively and expeditiously.


8 – 8:20 a.m.

Location:  Walter E. Washington Convention Center
801 Mt Vernon Pl NW.
Washington, DC 20001
Rooms 150 A & B

8:20 – 8:30 a.m.
Welcome / Important Notices / Format

8:30 – 9 a.m.
DOT/NHTSA Leadership Address

9 – 10:30 a.m.
Session 1 - Guidance on Designing Cyber Secure Vehicle Systems

  • Threat assessment processes
  • Hardware security measures
  • Software security measures
  • Communication security measures
  • Testing and validation
  • Architectural measures for cyber-resilient design

Brian Fitzgerald, Dr. Benjamin Glas, Christoph Huss, Jeff Massimilla, Dr. Charlie Miller, Jack Pokrzywa, Matthew Scholl, Rachna Stegall, Jonathan Weinberger

10:30 – 10:45 a.m.

10:45 a.m. – 12:15 p.m.
Session 2 - Best Practices for Securing Automotive Infotainment Systems

  • Designing secure services, channels, interfaces, protocols across suppliers
  • Use and cybersecurity of over-the-air update mechanisms
  • Containing the effects of potential intrusions
  • Architectural design guidance to limit potential impacts

Jim Alfred, Bently Au, Michael Groene, Ben Hoffman, John Marinho, Dr. Dan Massey, Katherine McCarron, Chris Valasek, Pankil Vyas

12:15 – 1:30 p.m.
Lunch Break

1:30 – 3 p.m.
Session 3 - Guidance on Continuous Cybersecurity Improvement Over the Vehicle Life-Cycle

  • Vulnerability disclosure and vulnerability handling processes
  • Data elements and data trigger points for traceability of cyber incidents
  • Intelligence sharing and collaboration
  • Role of independent security researchers’ work
  • Traceability of actions and intrusions that can help investigations
  • Managing zero-day vulnerabilities

Jonathan Allen, Josh Corman, Allan Friedman, Dr. Daniel Johnson, Chris King, Doug Longhitano, Dr. Tiffany Rad, Howard Shrobe, Michael Stawasz, Dr. Andre Weimerskirch

3 – 3:15 p.m.

3:15 – 4:45 p.m.
Session 4 - Guidance on Special Interest Topics for Vehicle Cybersecurity

  • Cybersecurity of Cloud connectivity for automotive services
  • Cybersecurity of aftermarket (brought-on) devices (e.g., insurance dongles)
  • Cybersecurity of the vehicle supply chain
  • Cybersecurity of dealer – maintenance networks
  • Impacts on serviceability of vehicles and right to repair act

Jim Alfred, Dr. John Forte, Charlie Gorman, Aaron Lowe, Jeff Massimilla, Mark Ryland, Paul Scullion, John Sheeny, Dr. Marc Stoettinger, Michael Westra

4:45 – 5 p.m.