Request for Comment on Cybersecurity Best Practices for Modern Vehicles, 75190-75191 [2016-26045]

Download as PDF mstockstill on DSK3G9T082PROD with NOTICES 75190 Federal Register / Vol. 81, No. 209 / Friday, October 28, 2016 / Notices standard equipment antitheft device is likely to be as effective in reducing and deterring motor vehicle theft as compliance with the parts-marking requirements of part 541. The agency finds that FCA has provided adequate reasons for its belief that the antitheft device for the vehicle line is likely to be as effective in reducing and deterring motor vehicle theft as compliance with the parts-marking requirements of the Theft Prevention Standard (49 CFR part 541). This conclusion is based on the information FCA provided about its device. For the foregoing reasons, the agency hereby grants in full CFCA’s petition for exemption for its ‘MP’ MPV line from the parts-marking requirements of 49 CFR part 541, beginning with its ‘MP’ MPV model year vehicles. The agency notes that 49 CFR part 541, Appendix A–1, identifies those lines that are exempted from the Theft Prevention Standard for a given model year. 49 CFR part 543.7(f) contains publication requirements incident to the disposition of all part 543 petitions. Advanced listing, including the release of future product nameplates, the beginning model year for which the petition is granted and a general description of the antitheft device is necessary in order to notify law enforcement agencies of new vehicle lines exempted from the parts marking requirements of the Theft Prevention Standard. FCA stated that an official nameplate for the vehicle has not yet been determined. However, as a condition to the formal granting of FCA’s petition for exemption from the parts-marking requirements of 49 CFR part 541 for the MY 2017 ‘MP’ MPV line, the agency fully expects FCA to notify the agency of the nameplate for the vehicle line prior to its introduction into the United States commerce for sale. If FCA decides not to use the exemption for this vehicle line, it must formally notify the agency. If such a decision is made, the vehicle line must be fully marked as required by 49 CFR parts 541.5 and 541.6 (marking of major component parts and replacement parts). NHTSA notes that if FCA wishes in the future to modify the device on which this exemption is based, the company may have to submit a petition to modify the exemption. 49 CFR part 543.7(d) states that a part 543 exemption applies only to vehicles that belong to a line exempted under this part and equipped with the anti-theft device on which the line’s exemption is based. Further, 49 CFR part 543.9(c)(2) provides for the submission of petitions ‘‘to modify an exemption to permit the VerDate Sep<11>2014 18:12 Oct 27, 2016 Jkt 241001 use of an antitheft device similar to but differing from the one specified in that exemption.’’ The agency wishes to minimize the administrative burden that 49 CFR part 543.9(c)(2) could place on exempted vehicle manufacturers and itself. The agency did not intend in drafting part 543 to require the submission of a modification petition for every change to the components or design of an antitheft device. The significance of many such changes could be de minimis. Therefore, NHTSA suggests that if the manufacturer contemplates making any changes, the effects of which might be characterized as de minimis, it should consult the agency before preparing and submitting a petition to modify. Issued in Washington, DC under authority delegated in 49 CFR part 1.95. Raymond R. Posten, Associate Administrator for Rulemaking. [FR Doc. 2016–26072 Filed 10–27–16; 8:45 am] BILLING CODE 4910–59–P DEPARTMENT OF TRANSPORTATION National Highway Traffic Safety Administration [Docket No. NHTSA–2016–0104] Request for Comment on Cybersecurity Best Practices for Modern Vehicles National Highway Traffic Safety Administration (NHTSA), Department of Transportation (DOT). ACTION: Request for public comment. AGENCY: NHTSA invites public comment on its Cybersecurity Best Practices for Modern Vehicles. The document is available for a 30 day comment period at http:// www.nhtsa.gov/staticfiles/nvs/pdf/ 812333_ CybersecurityForModernVehicles.pdf. SUMMARY: You should submit your comments early enough to ensure that Docket Management receives them no later than November 28, 2016. ADDRESSES: Comments should refer to the docket number above and be submitted by one of the following methods: • Federal Rulemaking Portal: http:// www.regulations.gov. Follow the online instructions for submitting comments. • Mail: Docket Management Facility, U.S. Department of Transportation, 1200 New Jersey Avenue SE., West Building Ground Floor, Room W12–140, Washington, DC 20590–0001. DATES: PO 00000 Frm 00165 Fmt 4703 Sfmt 4703 • Hand Delivery: 1200 New Jersey Avenue SE., West Building Ground Floor, Room W12–140, Washington, DC, between 9 a.m. and 5 p.m. ET, Monday through Friday, except Federal Holidays. • Instructions: For detailed instructions on submitting comments and additional information on the rulemaking process, see the Public Participation heading of the SUPPLEMENTARY INFORMATION section of this document. Note that all comments received will be posted without change to http://www.regulations.gov, including any personal information provided. • Privacy Act: Anyone is able to search the electronic form of all comments received into any of our dockets by the name of the individual submitting the comment (or signing the comment, if submitted on behalf of an association, business, labor union, etc.). You may review DOT’s complete Privacy Act Statement in the Federal Register published on April 11, 2000 (65 FR 19477–78). For access to the docket to read background documents or comments received, go to http:// www.regulations.gov or the street address listed above. Follow the online instructions for accessing the dockets. FOR FURTHER INFORMATION CONTACT: For technical issues: Mr. Arthur Carter of NHTSA’s Office of Vehicle Crash Avoidance & Electronic Controls Research at (202) 366–5669 or by email at arthur.carter@dot.gov. For legal issues: Mr. Steve Wood of NHTSA’s Office of Chief Counsel at (202) 366– 5240 or by email at steve.wood@dot.gov. SUPPLEMENTARY INFORMATION: A top NHTSA priority is enhancing vehicle cybersecurity to mitigate cyber threats that could present unreasonable safety risks to the public or compromise sensitive data such as personally identifiable information. And, the agency is actively engaged in approaches to improve the cybersecurity of modern vehicles. The agency has been conducting research and actively engaging stakeholders to identify effective methods to address the vehicle cybersecurity challenges. For example, in January 2016, NHTSA convened a public vehicle cybersecurity roundtable meeting in Washington, DC to facilitate diverse stakeholder discussion on key vehicle cybersecurity topics. Over 300 individuals attended this meeting. These attendees represented over 200 unique organizations that included 17 Original Equipment Manufacturers (OEMs), 25 government entities, and 13 industry associations. During the roundtable meeting, the stakeholder groups identified actionable steps for E:\FR\FM\28OCN1.SGM 28OCN1 Federal Register / Vol. 81, No. 209 / Friday, October 28, 2016 / Notices the vehicle manufacturing industry to effectively and expeditiously address vehicle cybersecurity challenges. As a follow up, NHTSA held a meeting with other government agencies in February 2016 to discuss possibilities for collaboration among Federal partners to help the industry improve vehicle cybersecurity. As a result of the extensive public and private stakeholder engagement, NHTSA has developed a set of best practices for the automotive industry that the agency believes will further automotive cybersecurity. The agency notes that the Alliance of Automobile Manufacturers and the Association of Global Automakers, through the Auto Information Sharing and Analysis Center (Auto ISAC), released a ‘‘Framework for Automotive Cybersecurity Best Practices’’ on July 22, 2016.1 The primary goal of the NHTSA best practices, therefore, is to not supplant the industry-led efforts, but, rather, to support this effort and provide the agency’s views on how the broader automotive industry (including those who are not members of the Auto ISAC) can develop and apply sound risk-based cybersecurity management practices to their product development processes. The document will also help the automotive sector organizations effectively demonstrate and communicate their cybersecurity risk management approach to both the public and internal and external stakeholders. NHTSA intends for the document to be updated with some frequency as new information, research, and practices become available. NHTSA invites public comments on all aspects of these best practices, including how to make the best practices more robust, what gaps remain and whether there is sufficient research and/or practices to address those gaps. comments. There is no limit on the length of the attachments. Please submit one copy (two copies if submitting by mail or hand delivery) of your comments, including the attachments, to the docket following the instructions given above under ADDRESSES. Please note, if you are submitting comments electronically as a PDF (Adobe) file, we ask that the documents submitted be scanned using an Optical Character Recognition (OCR) process, thus allowing the agency to search and copy certain portions of your submissions. How do I submit confidential business information? If you wish to submit any information under a claim of confidentiality, you should submit three copies of your complete submission, including the information you claim to be confidential business information, to the Office of the Chief Counsel, NHTSA, at the address given above under FOR FURTHER INFORMATION CONTACT. In addition, you may submit a copy (two copies if submitting by mail or hand delivery), from which you have deleted the claimed confidential business information, to the docket by one of the methods given above under ADDRESSES. When you send a comment containing information claimed to be confidential business information, you should include a cover letter setting forth the information specified in NHTSA’s confidential business information regulation (49 CFR part 512). Will the agency consider late comments? How do I prepare and submit comments? mstockstill on DSK3G9T082PROD with NOTICES Public Participation NHTSA will consider all comments received before the close of business on the comment closing date indicated above under DATES. To the extent possible, the agency will also consider comments received after that date. How can I read the comments submitted by other people? Your comments must be written and in English. To ensure that your comments are filed correctly in the docket, please include the docket number of this document in your comments. Your comments must not be more than 15 pages long (49 CFR 553.21). NHTSA established this limit to encourage you to write your primary comments in a concise fashion. However, you may attach necessary additional documents to your You may read the comments received at the address given above under Comments. The hours of the docket are indicated above in the same location. You may also see the comments on the Internet, identified by the docket number at the heading of this notice, at http://www.regulations.gov. Please note that, even after the comment closing date, NHTSA will continue to file relevant information in the docket as it becomes available. Further, some people may submit late comments. Accordingly, the agency recommends that you periodically check the docket for new material. 1 https://www.automotiveisac.com/bestpractices/. VerDate Sep<11>2014 18:12 Oct 27, 2016 Jkt 241001 PO 00000 Frm 00166 Fmt 4703 Sfmt 4703 75191 Anyone is able to search the electronic form of all comments received into any of our dockets by the name of the individual submitting the comment (or signing the comment, if submitted on behalf of an association, business, labor union, etc.). You may review DOT’s complete Privacy Act Statement in the Federal Register published on April 11, 2000 (65 FR 19477–78) or you may visit http:// www.dot.gov/privacy.html. Authority: Sec. 31402, Pub. L. 112–141. Issued in Washington, DC on October 24, 2016 under authority delegated in 49 CFR part 1.95. Nathaniel Beuse, Associate Administrator for Vehicle Safety Research. [FR Doc. 2016–26045 Filed 10–27–16; 8:45 am] BILLING CODE 4910–59–P DEPARTMENT OF THE TREASURY Submission for OMB Review; Comment Request October 25, 2016. The Department of the Treasury will submit the following information collection request(s) to the Office of Management and Budget (OMB) for review and clearance in accordance with the Paperwork Reduction Act of 1995, Public Law 104–13, on or after the date of publication of this notice. DATES: Comments should be received on or before November 28, 2016 to be assured of consideration. ADDRESSES: Send comments regarding the burden estimates, or any other aspect of the information collection(s), including suggestions for reducing the burden, to (1) Office of Information and Regulatory Affairs, Office of Management and Budget, Attention: Desk Officer for Treasury, New Executive Office Building, Room 10235, Washington, DC 20503, or email at OIRA_Submission@OMB.EOP.gov and (2) Treasury PRA Clearance Officer, 1750 Pennsylvania Ave. NW., Suite 8142, Washington, DC 20220, or email at PRA@treasury.gov. FOR FURTHER INFORMATION CONTACT: Copies of the submissions may be obtained by emailing PRA@treasury.gov, calling (202) 622–0934, or viewing the entire information collection request at www.reginfo.gov. Internal Revenue Service (IRS) OMB Control Number: N/A. Type of Review: New collection (Request for a new OMB Control Number). E:\FR\FM\28OCN1.SGM 28OCN1

Agencies

[Federal Register Volume 81, Number 209 (Friday, October 28, 2016)]
[Notices]
[Pages 75190-75191]
From the Federal Register Online via the Government Publishing Office [www.gpo.gov]
[FR Doc No: 2016-26045]


-----------------------------------------------------------------------

DEPARTMENT OF TRANSPORTATION

National Highway Traffic Safety Administration

[Docket No. NHTSA-2016-0104]


Request for Comment on Cybersecurity Best Practices for Modern 
Vehicles

AGENCY: National Highway Traffic Safety Administration (NHTSA), 
Department of Transportation (DOT).

ACTION: Request for public comment.

-----------------------------------------------------------------------

SUMMARY: NHTSA invites public comment on its Cybersecurity Best 
Practices for Modern Vehicles. The document is available for a 30 day 
comment period at http://www.nhtsa.gov/staticfiles/nvs/pdf/812333_CybersecurityForModernVehicles.pdf.

DATES: You should submit your comments early enough to ensure that 
Docket Management receives them no later than November 28, 2016.

ADDRESSES: Comments should refer to the docket number above and be 
submitted by one of the following methods:
     Federal Rulemaking Portal: http://www.regulations.gov. 
Follow the online instructions for submitting comments.
     Mail: Docket Management Facility, U.S. Department of 
Transportation, 1200 New Jersey Avenue SE., West Building Ground Floor, 
Room W12-140, Washington, DC 20590-0001.
     Hand Delivery: 1200 New Jersey Avenue SE., West Building 
Ground Floor, Room W12-140, Washington, DC, between 9 a.m. and 5 p.m. 
ET, Monday through Friday, except Federal Holidays.
     Instructions: For detailed instructions on submitting 
comments and additional information on the rulemaking process, see the 
Public Participation heading of the SUPPLEMENTARY INFORMATION section 
of this document. Note that all comments received will be posted 
without change to http://www.regulations.gov, including any personal 
information provided.
     Privacy Act: Anyone is able to search the electronic form 
of all comments received into any of our dockets by the name of the 
individual submitting the comment (or signing the comment, if submitted 
on behalf of an association, business, labor union, etc.). You may 
review DOT's complete Privacy Act Statement in the Federal Register 
published on April 11, 2000 (65 FR 19477-78). For access to the docket 
to read background documents or comments received, go to http://www.regulations.gov or the street address listed above. Follow the 
online instructions for accessing the dockets.

FOR FURTHER INFORMATION CONTACT: For technical issues: Mr. Arthur 
Carter of NHTSA's Office of Vehicle Crash Avoidance & Electronic 
Controls Research at (202) 366-5669 or by email at 
arthur.carter@dot.gov. For legal issues: Mr. Steve Wood of NHTSA's 
Office of Chief Counsel at (202) 366-5240 or by email at 
steve.wood@dot.gov.

SUPPLEMENTARY INFORMATION: A top NHTSA priority is enhancing vehicle 
cybersecurity to mitigate cyber threats that could present unreasonable 
safety risks to the public or compromise sensitive data such as 
personally identifiable information. And, the agency is actively 
engaged in approaches to improve the cybersecurity of modern vehicles. 
The agency has been conducting research and actively engaging 
stakeholders to identify effective methods to address the vehicle 
cybersecurity challenges. For example, in January 2016, NHTSA convened 
a public vehicle cybersecurity roundtable meeting in Washington, DC to 
facilitate diverse stakeholder discussion on key vehicle cybersecurity 
topics. Over 300 individuals attended this meeting. These attendees 
represented over 200 unique organizations that included 17 Original 
Equipment Manufacturers (OEMs), 25 government entities, and 13 industry 
associations. During the roundtable meeting, the stakeholder groups 
identified actionable steps for

[[Page 75191]]

the vehicle manufacturing industry to effectively and expeditiously 
address vehicle cybersecurity challenges. As a follow up, NHTSA held a 
meeting with other government agencies in February 2016 to discuss 
possibilities for collaboration among Federal partners to help the 
industry improve vehicle cybersecurity.
    As a result of the extensive public and private stakeholder 
engagement, NHTSA has developed a set of best practices for the 
automotive industry that the agency believes will further automotive 
cybersecurity. The agency notes that the Alliance of Automobile 
Manufacturers and the Association of Global Automakers, through the 
Auto Information Sharing and Analysis Center (Auto ISAC), released a 
``Framework for Automotive Cybersecurity Best Practices'' on July 22, 
2016.\1\ The primary goal of the NHTSA best practices, therefore, is to 
not supplant the industry-led efforts, but, rather, to support this 
effort and provide the agency's views on how the broader automotive 
industry (including those who are not members of the Auto ISAC) can 
develop and apply sound risk-based cybersecurity management practices 
to their product development processes. The document will also help the 
automotive sector organizations effectively demonstrate and communicate 
their cybersecurity risk management approach to both the public and 
internal and external stakeholders. NHTSA intends for the document to 
be updated with some frequency as new information, research, and 
practices become available.
---------------------------------------------------------------------------

    \1\ https://www.automotiveisac.com/best-practices/ practices/.
---------------------------------------------------------------------------

    NHTSA invites public comments on all aspects of these best 
practices, including how to make the best practices more robust, what 
gaps remain and whether there is sufficient research and/or practices 
to address those gaps.

Public Participation

How do I prepare and submit comments?

    Your comments must be written and in English. To ensure that your 
comments are filed correctly in the docket, please include the docket 
number of this document in your comments.
    Your comments must not be more than 15 pages long (49 CFR 553.21). 
NHTSA established this limit to encourage you to write your primary 
comments in a concise fashion. However, you may attach necessary 
additional documents to your comments. There is no limit on the length 
of the attachments.
    Please submit one copy (two copies if submitting by mail or hand 
delivery) of your comments, including the attachments, to the docket 
following the instructions given above under ADDRESSES. Please note, if 
you are submitting comments electronically as a PDF (Adobe) file, we 
ask that the documents submitted be scanned using an Optical Character 
Recognition (OCR) process, thus allowing the agency to search and copy 
certain portions of your submissions.

How do I submit confidential business information?

    If you wish to submit any information under a claim of 
confidentiality, you should submit three copies of your complete 
submission, including the information you claim to be confidential 
business information, to the Office of the Chief Counsel, NHTSA, at the 
address given above under FOR FURTHER INFORMATION CONTACT. In addition, 
you may submit a copy (two copies if submitting by mail or hand 
delivery), from which you have deleted the claimed confidential 
business information, to the docket by one of the methods given above 
under ADDRESSES. When you send a comment containing information claimed 
to be confidential business information, you should include a cover 
letter setting forth the information specified in NHTSA's confidential 
business information regulation (49 CFR part 512).

Will the agency consider late comments?

    NHTSA will consider all comments received before the close of 
business on the comment closing date indicated above under DATES. To 
the extent possible, the agency will also consider comments received 
after that date.

How can I read the comments submitted by other people?

    You may read the comments received at the address given above under 
Comments. The hours of the docket are indicated above in the same 
location. You may also see the comments on the Internet, identified by 
the docket number at the heading of this notice, at http://www.regulations.gov.
    Please note that, even after the comment closing date, NHTSA will 
continue to file relevant information in the docket as it becomes 
available. Further, some people may submit late comments. Accordingly, 
the agency recommends that you periodically check the docket for new 
material.
    Anyone is able to search the electronic form of all comments 
received into any of our dockets by the name of the individual 
submitting the comment (or signing the comment, if submitted on behalf 
of an association, business, labor union, etc.). You may review DOT's 
complete Privacy Act Statement in the Federal Register published on 
April 11, 2000 (65 FR 19477-78) or you may visit http://www.dot.gov/privacy.html.

    Authority: Sec. 31402, Pub. L. 112-141.

    Issued in Washington, DC on October 24, 2016 under authority 
delegated in 49 CFR part 1.95.
Nathaniel Beuse,
Associate Administrator for Vehicle Safety Research.
[FR Doc. 2016-26045 Filed 10-27-16; 8:45 am]
 BILLING CODE 4910-59-P