A House Democrat introduced legislation this week pushing for a federal agency-led study on the regulation of Internet-connected cars and other vehicles.
California Rep. Ted Lieu’s Security and Privacy in Your Car Study Act of 2015 — the SPY Car Study Act for short — would require the National Highway Safety Transportation Administration to conduct a yearlong study on framework recommendations for vehicle cybersecurity. Rep. Joe Wilson, R-S.C., co-sponsored the bill.
In the study, NHSTA — consulting with the Federal Trade Commission, the National Institute of Standards and Technology, and the Defense Department, as well as industry and academic leaders — would report on measures necessary to separate critical software from extraneous vehicle programming, and detect and prevent “anomalous codes associated with malicious behavior”; techniques to prevent, deter and stop cyberattacks; and best practices for protecting data stored in a vehicle.
“Americans have a right to drive cars that are safe and protected from hackers. Frankly, without adequate protections, a hacker could turn a car into a weapon,” Lieu, co-chair of the Cloud Computing Caucus and a member of the Internet of Things Caucus, said in a statement. He is notably also one of four House representatives with a background in computer science, earning a CS degree from Stanford University.
This bill, Lieu continued, “is a first step in bringing industry, advocates and government together to strike a balance between innovation and consumer protection to ensure that car navigation, entertainment and operating systems are safe and the data gleaned from such systems kept private.”
Earlier this year, Sens. Ed Markey, D-Mass., and Richard Blumenthal, D-Conn., also introduced an automobile cybersecurity bill that was then referred to the Senate Committee on Commerce, Science, and Transportation. Their legislation, called the Security and Privacy in Your Car Act, or SPY Car Act for short, would establish federal cybersecurity and privacy standards for connected cars and set up a rating system — or “cyber dashboard”— that would let consumers know how well vehicles were secured beyond those minimum standards.
The security of connected vehicles made its way into the national conversation in recent months as buzz around the Internet of Things has grown and hackers have continually proven they could hack into and disable features on cars through manufacturer software. Earlier this year, a Wired magazine story showed how hackers could tap into the author’s Jeep system and disable his acceleration remotely.
“The Internet of Things, brings technology and connectivity into every corner of our lives, including our cars,” Lieu said. “However, with the pervasiveness of technology, cybersecurity standards and privacy protections become more important than ever.”
The bill, if passed, would require the NHSTA to submit a preliminary report a year after the law’s enactment, and another final report six months thereafter with its complete findings and a timeline for implementing its standards recommendations.