brand-new Bipartisan SPY Act Pushes NHTSA on Automotive Cyberthreats
In our politically toxic capital, there’s a bipartisan effort underway to better protect motorists in a world increasingly aware which automobiles are vulnerable to cyberattacks. Two members of the U.S. House of Representatives introduced legislation Wednesday called the Security along with Privacy in Your Car Study Act of 2017, or the SPY Act. the item would likely direct federal regulators to conduct a study which would likely determine the best cyber standards along with defenses for motor vehicles.
“Cars don’t necessarily come to mind when most of us think about cybersecurity,” said Rep. Ted Lieu (D-CA), who co-sponsored the bill along with Rep. Joe Wilson (R-SC). “yet the Internet of Things can be bringing technology along with connectivity into every part of our lives—including our motor vehicles. Without not bad cyber hygiene, a hacker could easily turn a car into a weapon.”
Terrorists in Berlin along with in Nice, France, have shown in recent months which advanced computer skills aren’t necessarily needed to kill with vehicles. yet in an era of heightened attention to cyberattacks of any stripe, there’s concern which vehicles—along with fleets of vehicles—could be an attractive target for adversaries.
In July 2015, two security researchers demonstrated the capability to commandeer remote control of a Jeep Cherokee by hundreds of miles away, a disclosure which rattled regulators along with brought greater scrutiny to an issue the auto industry has been slow to address.
Automakers formed their own Information Sharing along with Analysis Center (Auto-ISAC) last year to gather threat intelligence. The National Highway Traffic Safety Administration (NHTSA) proffered cybersecurity guidance in October 2016 in view of the fact which, according to global consulting firm Gartner, 250 million connected vehicles are projected to be on roads across the globe by 2020.
Those efforts are not nearly enough, says Josh Corman, director of the Cyber Statecraft Initiative at the Atlantic Council, a nonprofit which promotes leadership along with engagement in international affairs, along with co-founder of I Am the Cavalry, a grassroots organization which focuses on issues where computer safety intersects with public safety. Given the years-long automotive development cycle along with the similarly long rulemaking cycle in Washington, Corman fears the industry along with regulators have left motorists vulnerable to an attack which could span across a connected network of vehicles.
“Even as we are more connected than ever in our cars
along with trucks, our technology systems along with data security
remain largely unprotected.”
— Sen. Ed Markey (D-MA)
“Even if they started off tomorrow, we would likely be behind,” he said. “along with which’s if we decided right at This kind of point which we’re going to go implement what NHTSA has already put forth. By dragging our feet, we are wasting years of potential exposure.”
In some sense, the three-month-old NHTSA guidance makes the proposed SPY Act redundant. the item essentially asks the agency to study cybersecurity problems along with report back to Congress in a year.
On one hand, the clock can be ticking. On the additional, Corman says there may be a benefit if the additional study encourages NHTSA to fix what he sees as the shortcomings from the October guidance rather than merely repeating what the item has already delivered. He says the agency needs to push for faster adoption of over-the-air software update capabilities, which may allow for fast fixes of vulnerabilities which surface.
Further, Corman, whose several Star Automotive Cyber Safety Program has been used as the basis for some of the Auto-ISAC along with NHTSA best practices, says which NHTSA needs to mandate the inclusion of black boxes which capture evidence of cyber anomalies or attacks in all brand-new vehicles.
“We have no such capacity in vehicles right at This kind of point,” he said. “As we see high-profile attacks on vehicles which shatter public confidence, the inability to harvest data by which black box will have a material impact on important parts of our economy. We need the data, along with we need to see which data can be being processed. We will regret not having the item when we need the item.”
This kind of isn’t once Congress has tried to spur greater action on automotive cybersecurity. Within days after the Jeep breach became public, Sen. Ed Markey (D-MA) introduced a bill by a similar name – the Security along with Privacy in Your Car Act of 2015, also known as the SPY Act. which bill never made the item out of a Senate subcommittee.
“By dragging our feet, we are wasting years of
potential exposure.” — Josh Corman,
Cyber Statecraft Initiative
While the nearly identical names may suggest the bills are intended to be reconciled at some point, there are substantial differences between them, chiefly which Markey’s type would likely charge NHTSA with initiating formal rulemaking which requires automakers to isolate sensitive systems, while the newer House type would likely only compel a study of cyber best practices.
Further, the Senate type would likely require carmakers to create a “cyber dashboard” which informs consumers about the security measures installed in their vehicles along with the extent to which their personal data can be protected.
- Ransomware: The Next Big Automotive Security Threat?
- How the Connected Car Might Protect against Hacking
- Fiat Chrysler Starts Bug Bounty Program, yet There’s A Catch
Markey has been perhaps the most ardent Congressional proponent of stronger automotive security measures in Congress. In 2015, he authored a report called Tracking along with Hacking: Security along with Privacy Gaps Put American Drivers at Risk, along with in 2016, he pressed the Federal Communications Commission to consider protections for consumer information as vehicle-to-vehicle along with vehicle-to-infrastructure communications systems develop for cars.
“Even as we are more connected than ever in our cars along with trucks,” he said, “our technology systems along with data security remain largely unprotected.”