Request for Comment on Cybersecurity Best Practices for Modern Vehicles, 75190-75191 [2016-26045]
Download as PDF
<![CDATA[
mstockstill on DSK3G9T082PROD with NOTICES
75190
Federal Register / Vol. 81, No. 209 / Friday, October 28, 2016 / Notices
standard equipment antitheft device is
likely to be as effective in reducing and
deterring motor vehicle theft as
compliance with the parts-marking
requirements of part 541. The agency
finds that FCA has provided adequate
reasons for its belief that the antitheft
device for the vehicle line is likely to be
as effective in reducing and deterring
motor vehicle theft as compliance with
the parts-marking requirements of the
Theft Prevention Standard (49 CFR part
541). This conclusion is based on the
information FCA provided about its
device.
For the foregoing reasons, the agency
hereby grants in full CFCA’s petition for
exemption for its ‘MP’ MPV line from
the parts-marking requirements of 49
CFR part 541, beginning with its ‘MP’
MPV model year vehicles. The agency
notes that 49 CFR part 541, Appendix
A–1, identifies those lines that are
exempted from the Theft Prevention
Standard for a given model year. 49 CFR
part 543.7(f) contains publication
requirements incident to the disposition
of all part 543 petitions. Advanced
listing, including the release of future
product nameplates, the beginning
model year for which the petition is
granted and a general description of the
antitheft device is necessary in order to
notify law enforcement agencies of new
vehicle lines exempted from the parts
marking requirements of the Theft
Prevention Standard. FCA stated that an
official nameplate for the vehicle has
not yet been determined. However, as a
condition to the formal granting of
FCA’s petition for exemption from the
parts-marking requirements of 49 CFR
part 541 for the MY 2017 ‘MP’ MPV
line, the agency fully expects FCA to
notify the agency of the nameplate for
the vehicle line prior to its introduction
into the United States commerce for
sale.
If FCA decides not to use the
exemption for this vehicle line, it must
formally notify the agency. If such a
decision is made, the vehicle line must
be fully marked as required by 49 CFR
parts 541.5 and 541.6 (marking of major
component parts and replacement
parts).
NHTSA notes that if FCA wishes in
the future to modify the device on
which this exemption is based, the
company may have to submit a petition
to modify the exemption. 49 CFR part
543.7(d) states that a part 543 exemption
applies only to vehicles that belong to
a line exempted under this part and
equipped with the anti-theft device on
which the line’s exemption is based.
Further, 49 CFR part 543.9(c)(2)
provides for the submission of petitions
‘‘to modify an exemption to permit the
VerDate Sep<11>2014
18:12 Oct 27, 2016
Jkt 241001
use of an antitheft device similar to but
differing from the one specified in that
exemption.’’
The agency wishes to minimize the
administrative burden that 49 CFR part
543.9(c)(2) could place on exempted
vehicle manufacturers and itself. The
agency did not intend in drafting part
543 to require the submission of a
modification petition for every change
to the components or design of an
antitheft device. The significance of
many such changes could be de
minimis. Therefore, NHTSA suggests
that if the manufacturer contemplates
making any changes, the effects of
which might be characterized as de
minimis, it should consult the agency
before preparing and submitting a
petition to modify.
Issued in Washington, DC under authority
delegated in 49 CFR part 1.95.
Raymond R. Posten,
Associate Administrator for Rulemaking.
[FR Doc. 2016–26072 Filed 10–27–16; 8:45 am]
BILLING CODE 4910–59–P
DEPARTMENT OF TRANSPORTATION
National Highway Traffic Safety
Administration
[Docket No. NHTSA–2016–0104]
Request for Comment on
Cybersecurity Best Practices for
Modern Vehicles
National Highway Traffic
Safety Administration (NHTSA),
Department of Transportation (DOT).
ACTION: Request for public comment.
AGENCY:
NHTSA invites public
comment on its Cybersecurity Best
Practices for Modern Vehicles. The
document is available for a 30 day
comment period at https://
www.nhtsa.gov/staticfiles/nvs/pdf/
812333_
CybersecurityForModernVehicles.pdf.
SUMMARY:
You should submit your
comments early enough to ensure that
Docket Management receives them no
later than November 28, 2016.
ADDRESSES: Comments should refer to
the docket number above and be
submitted by one of the following
methods:
• Federal Rulemaking Portal: https://
www.regulations.gov. Follow the online
instructions for submitting comments.
• Mail: Docket Management Facility,
U.S. Department of Transportation, 1200
New Jersey Avenue SE., West Building
Ground Floor, Room W12–140,
Washington, DC 20590–0001.
DATES:
PO 00000
Frm 00165
Fmt 4703
Sfmt 4703
• Hand Delivery: 1200 New Jersey
Avenue SE., West Building Ground
Floor, Room W12–140, Washington, DC,
between 9 a.m. and 5 p.m. ET, Monday
through Friday, except Federal
Holidays.
• Instructions: For detailed
instructions on submitting comments
and additional information on the
rulemaking process, see the Public
Participation heading of the
SUPPLEMENTARY INFORMATION section of
this document. Note that all comments
received will be posted without change
to https://www.regulations.gov, including
any personal information provided.
• Privacy Act: Anyone is able to
search the electronic form of all
comments received into any of our
dockets by the name of the individual
submitting the comment (or signing the
comment, if submitted on behalf of an
association, business, labor union, etc.).
You may review DOT’s complete
Privacy Act Statement in the Federal
Register published on April 11, 2000
(65 FR 19477–78). For access to the
docket to read background documents
or comments received, go to https://
www.regulations.gov or the street
address listed above. Follow the online
instructions for accessing the dockets.
FOR FURTHER INFORMATION CONTACT: For
technical issues: Mr. Arthur Carter of
NHTSA’s Office of Vehicle Crash
Avoidance & Electronic Controls
Research at (202) 366–5669 or by email
at arthur.carter@dot.gov. For legal
issues: Mr. Steve Wood of NHTSA’s
Office of Chief Counsel at (202) 366–
5240 or by email at steve.wood@dot.gov.
SUPPLEMENTARY INFORMATION: A top
NHTSA priority is enhancing vehicle
cybersecurity to mitigate cyber threats
that could present unreasonable safety
risks to the public or compromise
sensitive data such as personally
identifiable information. And, the
agency is actively engaged in
approaches to improve the cybersecurity
of modern vehicles. The agency has
been conducting research and actively
engaging stakeholders to identify
effective methods to address the vehicle
cybersecurity challenges. For example,
in January 2016, NHTSA convened a
public vehicle cybersecurity roundtable
meeting in Washington, DC to facilitate
diverse stakeholder discussion on key
vehicle cybersecurity topics. Over 300
individuals attended this meeting.
These attendees represented over 200
unique organizations that included 17
Original Equipment Manufacturers
(OEMs), 25 government entities, and 13
industry associations. During the
roundtable meeting, the stakeholder
groups identified actionable steps for
E:\FR\FM\28OCN1.SGM
28OCN1
Federal Register / Vol. 81, No. 209 / Friday, October 28, 2016 / Notices
the vehicle manufacturing industry to
effectively and expeditiously address
vehicle cybersecurity challenges. As a
follow up, NHTSA held a meeting with
other government agencies in February
2016 to discuss possibilities for
collaboration among Federal partners to
help the industry improve vehicle
cybersecurity.
As a result of the extensive public and
private stakeholder engagement,
NHTSA has developed a set of best
practices for the automotive industry
that the agency believes will further
automotive cybersecurity. The agency
notes that the Alliance of Automobile
Manufacturers and the Association of
Global Automakers, through the Auto
Information Sharing and Analysis
Center (Auto ISAC), released a
‘‘Framework for Automotive
Cybersecurity Best Practices’’ on July
22, 2016.1 The primary goal of the
NHTSA best practices, therefore, is to
not supplant the industry-led efforts,
but, rather, to support this effort and
provide the agency’s views on how the
broader automotive industry (including
those who are not members of the Auto
ISAC) can develop and apply sound
risk-based cybersecurity management
practices to their product development
processes. The document will also help
the automotive sector organizations
effectively demonstrate and
communicate their cybersecurity risk
management approach to both the
public and internal and external
stakeholders. NHTSA intends for the
document to be updated with some
frequency as new information, research,
and practices become available.
NHTSA invites public comments on
all aspects of these best practices,
including how to make the best
practices more robust, what gaps remain
and whether there is sufficient research
and/or practices to address those gaps.
comments. There is no limit on the
length of the attachments.
Please submit one copy (two copies if
submitting by mail or hand delivery) of
your comments, including the
attachments, to the docket following the
instructions given above under
ADDRESSES. Please note, if you are
submitting comments electronically as a
PDF (Adobe) file, we ask that the
documents submitted be scanned using
an Optical Character Recognition (OCR)
process, thus allowing the agency to
search and copy certain portions of your
submissions.
How do I submit confidential business
information?
If you wish to submit any information
under a claim of confidentiality, you
should submit three copies of your
complete submission, including the
information you claim to be confidential
business information, to the Office of
the Chief Counsel, NHTSA, at the
address given above under FOR FURTHER
INFORMATION CONTACT. In addition, you
may submit a copy (two copies if
submitting by mail or hand delivery),
from which you have deleted the
claimed confidential business
information, to the docket by one of the
methods given above under ADDRESSES.
When you send a comment containing
information claimed to be confidential
business information, you should
include a cover letter setting forth the
information specified in NHTSA’s
confidential business information
regulation (49 CFR part 512).
Will the agency consider late
comments?
How do I prepare and submit
comments?
mstockstill on DSK3G9T082PROD with NOTICES
Public Participation
NHTSA will consider all comments
received before the close of business on
the comment closing date indicated
above under DATES. To the extent
possible, the agency will also consider
comments received after that date.
How can I read the comments submitted
by other people?
Your comments must be written and
in English. To ensure that your
comments are filed correctly in the
docket, please include the docket
number of this document in your
comments.
Your comments must not be more
than 15 pages long (49 CFR 553.21).
NHTSA established this limit to
encourage you to write your primary
comments in a concise fashion.
However, you may attach necessary
additional documents to your
You may read the comments received
at the address given above under
Comments. The hours of the docket are
indicated above in the same location.
You may also see the comments on the
Internet, identified by the docket
number at the heading of this notice, at
https://www.regulations.gov.
Please note that, even after the
comment closing date, NHTSA will
continue to file relevant information in
the docket as it becomes available.
Further, some people may submit late
comments. Accordingly, the agency
recommends that you periodically
check the docket for new material.
1 https://www.automotiveisac.com/bestpractices/.
VerDate Sep<11>2014
18:12 Oct 27, 2016
Jkt 241001
PO 00000
Frm 00166
Fmt 4703
Sfmt 4703
75191
Anyone is able to search the
electronic form of all comments
received into any of our dockets by the
name of the individual submitting the
comment (or signing the comment, if
submitted on behalf of an association,
business, labor union, etc.). You may
review DOT’s complete Privacy Act
Statement in the Federal Register
published on April 11, 2000 (65 FR
19477–78) or you may visit https://
www.dot.gov/privacy.html.
Authority: Sec. 31402, Pub. L. 112–141.
Issued in Washington, DC on October 24,
2016 under authority delegated in 49 CFR
part 1.95.
Nathaniel Beuse,
Associate Administrator for Vehicle Safety
Research.
[FR Doc. 2016–26045 Filed 10–27–16; 8:45 am]
BILLING CODE 4910–59–P
DEPARTMENT OF THE TREASURY
Submission for OMB Review;
Comment Request
October 25, 2016.
The Department of the Treasury will
submit the following information
collection request(s) to the Office of
Management and Budget (OMB) for
review and clearance in accordance
with the Paperwork Reduction Act of
1995, Public Law 104–13, on or after the
date of publication of this notice.
DATES: Comments should be received on
or before November 28, 2016 to be
assured of consideration.
ADDRESSES: Send comments regarding
the burden estimates, or any other
aspect of the information collection(s),
including suggestions for reducing the
burden, to (1) Office of Information and
Regulatory Affairs, Office of
Management and Budget, Attention:
Desk Officer for Treasury, New
Executive Office Building, Room 10235,
Washington, DC 20503, or email at
OIRA_Submission@OMB.EOP.gov and
(2) Treasury PRA Clearance Officer,
1750 Pennsylvania Ave. NW., Suite
8142, Washington, DC 20220, or email
at PRA@treasury.gov.
FOR FURTHER INFORMATION CONTACT:
Copies of the submissions may be
obtained by emailing PRA@treasury.gov,
calling (202) 622–0934, or viewing the
entire information collection request at
www.reginfo.gov.
Internal Revenue Service (IRS)
OMB Control Number: N/A.
Type of Review: New collection
(Request for a new OMB Control
Number).
E:\FR\FM\28OCN1.SGM
28OCN1
]]>Agencies
[Federal Register Volume 81, Number 209 (Friday, October 28, 2016)]
[Notices]
[Pages 75190-75191]
From the Federal Register Online via the Government Publishing Office [www.gpo.gov]
[FR Doc No: 2016-26045]
-----------------------------------------------------------------------
DEPARTMENT OF TRANSPORTATION
National Highway Traffic Safety Administration
[Docket No. NHTSA-2016-0104]
Request for Comment on Cybersecurity Best Practices for Modern
Vehicles
AGENCY: National Highway Traffic Safety Administration (NHTSA),
Department of Transportation (DOT).
ACTION: Request for public comment.
-----------------------------------------------------------------------
SUMMARY: NHTSA invites public comment on its Cybersecurity Best
Practices for Modern Vehicles. The document is available for a 30 day
comment period at https://www.nhtsa.gov/staticfiles/nvs/pdf/812333_CybersecurityForModernVehicles.pdf.
DATES: You should submit your comments early enough to ensure that
Docket Management receives them no later than November 28, 2016.
ADDRESSES: Comments should refer to the docket number above and be
submitted by one of the following methods:
Federal Rulemaking Portal: https://www.regulations.gov.
Follow the online instructions for submitting comments.
Mail: Docket Management Facility, U.S. Department of
Transportation, 1200 New Jersey Avenue SE., West Building Ground Floor,
Room W12-140, Washington, DC 20590-0001.
Hand Delivery: 1200 New Jersey Avenue SE., West Building
Ground Floor, Room W12-140, Washington, DC, between 9 a.m. and 5 p.m.
ET, Monday through Friday, except Federal Holidays.
Instructions: For detailed instructions on submitting
comments and additional information on the rulemaking process, see the
Public Participation heading of the SUPPLEMENTARY INFORMATION section
of this document. Note that all comments received will be posted
without change to https://www.regulations.gov, including any personal
information provided.
Privacy Act: Anyone is able to search the electronic form
of all comments received into any of our dockets by the name of the
individual submitting the comment (or signing the comment, if submitted
on behalf of an association, business, labor union, etc.). You may
review DOT's complete Privacy Act Statement in the Federal Register
published on April 11, 2000 (65 FR 19477-78). For access to the docket
to read background documents or comments received, go to https://www.regulations.gov or the street address listed above. Follow the
online instructions for accessing the dockets.
FOR FURTHER INFORMATION CONTACT: For technical issues: Mr. Arthur
Carter of NHTSA's Office of Vehicle Crash Avoidance & Electronic
Controls Research at (202) 366-5669 or by email at
arthur.carter@dot.gov. For legal issues: Mr. Steve Wood of NHTSA's
Office of Chief Counsel at (202) 366-5240 or by email at
steve.wood@dot.gov.
SUPPLEMENTARY INFORMATION: A top NHTSA priority is enhancing vehicle
cybersecurity to mitigate cyber threats that could present unreasonable
safety risks to the public or compromise sensitive data such as
personally identifiable information. And, the agency is actively
engaged in approaches to improve the cybersecurity of modern vehicles.
The agency has been conducting research and actively engaging
stakeholders to identify effective methods to address the vehicle
cybersecurity challenges. For example, in January 2016, NHTSA convened
a public vehicle cybersecurity roundtable meeting in Washington, DC to
facilitate diverse stakeholder discussion on key vehicle cybersecurity
topics. Over 300 individuals attended this meeting. These attendees
represented over 200 unique organizations that included 17 Original
Equipment Manufacturers (OEMs), 25 government entities, and 13 industry
associations. During the roundtable meeting, the stakeholder groups
identified actionable steps for
[[Page 75191]]
the vehicle manufacturing industry to effectively and expeditiously
address vehicle cybersecurity challenges. As a follow up, NHTSA held a
meeting with other government agencies in February 2016 to discuss
possibilities for collaboration among Federal partners to help the
industry improve vehicle cybersecurity.
As a result of the extensive public and private stakeholder
engagement, NHTSA has developed a set of best practices for the
automotive industry that the agency believes will further automotive
cybersecurity. The agency notes that the Alliance of Automobile
Manufacturers and the Association of Global Automakers, through the
Auto Information Sharing and Analysis Center (Auto ISAC), released a
``Framework for Automotive Cybersecurity Best Practices'' on July 22,
2016.\1\ The primary goal of the NHTSA best practices, therefore, is to
not supplant the industry-led efforts, but, rather, to support this
effort and provide the agency's views on how the broader automotive
industry (including those who are not members of the Auto ISAC) can
develop and apply sound risk-based cybersecurity management practices
to their product development processes. The document will also help the
automotive sector organizations effectively demonstrate and communicate
their cybersecurity risk management approach to both the public and
internal and external stakeholders. NHTSA intends for the document to
be updated with some frequency as new information, research, and
practices become available.
---------------------------------------------------------------------------
\1\ https://www.automotiveisac.com/best-practices/ practices/.
---------------------------------------------------------------------------
NHTSA invites public comments on all aspects of these best
practices, including how to make the best practices more robust, what
gaps remain and whether there is sufficient research and/or practices
to address those gaps.
Public Participation
How do I prepare and submit comments?
Your comments must be written and in English. To ensure that your
comments are filed correctly in the docket, please include the docket
number of this document in your comments.
Your comments must not be more than 15 pages long (49 CFR 553.21).
NHTSA established this limit to encourage you to write your primary
comments in a concise fashion. However, you may attach necessary
additional documents to your comments. There is no limit on the length
of the attachments.
Please submit one copy (two copies if submitting by mail or hand
delivery) of your comments, including the attachments, to the docket
following the instructions given above under ADDRESSES. Please note, if
you are submitting comments electronically as a PDF (Adobe) file, we
ask that the documents submitted be scanned using an Optical Character
Recognition (OCR) process, thus allowing the agency to search and copy
certain portions of your submissions.
How do I submit confidential business information?
If you wish to submit any information under a claim of
confidentiality, you should submit three copies of your complete
submission, including the information you claim to be confidential
business information, to the Office of the Chief Counsel, NHTSA, at the
address given above under FOR FURTHER INFORMATION CONTACT. In addition,
you may submit a copy (two copies if submitting by mail or hand
delivery), from which you have deleted the claimed confidential
business information, to the docket by one of the methods given above
under ADDRESSES. When you send a comment containing information claimed
to be confidential business information, you should include a cover
letter setting forth the information specified in NHTSA's confidential
business information regulation (49 CFR part 512).
Will the agency consider late comments?
NHTSA will consider all comments received before the close of
business on the comment closing date indicated above under DATES. To
the extent possible, the agency will also consider comments received
after that date.
How can I read the comments submitted by other people?
You may read the comments received at the address given above under
Comments. The hours of the docket are indicated above in the same
location. You may also see the comments on the Internet, identified by
the docket number at the heading of this notice, at https://www.regulations.gov.
Please note that, even after the comment closing date, NHTSA will
continue to file relevant information in the docket as it becomes
available. Further, some people may submit late comments. Accordingly,
the agency recommends that you periodically check the docket for new
material.
Anyone is able to search the electronic form of all comments
received into any of our dockets by the name of the individual
submitting the comment (or signing the comment, if submitted on behalf
of an association, business, labor union, etc.). You may review DOT's
complete Privacy Act Statement in the Federal Register published on
April 11, 2000 (65 FR 19477-78) or you may visit https://www.dot.gov/privacy.html.
Authority: Sec. 31402, Pub. L. 112-141.
Issued in Washington, DC on October 24, 2016 under authority
delegated in 49 CFR part 1.95.
Nathaniel Beuse,
Associate Administrator for Vehicle Safety Research.
[FR Doc. 2016-26045 Filed 10-27-16; 8:45 am]
BILLING CODE 4910-59-P
