Hacking Legislation Designed To Protect Drivers From Auto Security Risks | Edmunds

Hacking Legislation Designed To Protect Drivers From Auto Security Risks

WASHINGTON — The Security and Privacy in Your Car or "SPY" Act, legislation introduced on Tuesday to prevent the hacking of U.S. vehicles, underscores the growing concern over self-driving and connected cars.

Edmunds' Senior Consumer Advice Editor Ron Montoya said cybersecurity "is a legitimate issue for automakers and they have been proactively addressing these security concerns ever since the first connected car was introduced."

He added: "Automakers are notoriously competitive, but this is one area where manufacturers are working together to address these sorts of vulnerabilities."

The legislation, unveiled by Senators Richard Blumenthal (D-Conn.) and Edward Markey (D-Mass.), follows the highly publicized recent hacking of a 2014 Jeep Cherokee SUV. Fiat-Chrysler has now provided owners with a software update to enhance vehicle security.

Montoya said car owners may be "understandably concerned" about this particular incident, but reassured drivers that "this is not an issue that should keep them up at night."

"This was an isolated hack that could only be performed on one specific vehicle and it was not something that could be replicated on a mass scale," he said. "Jeep Cherokee owners who are concerned that this can happen to their car can go to a dealership to install a patch to address the vulnerability or they can even do it themselves."

Still, it's clear the federal safety regulators and legislators have hacking protection high on their priority lists.

The SPY Act would direct the National Highway Traffic Safety Administration and the Federal Trade Commission to establish federal standards to secure vehicles and protect drivers' privacy.

It also establishes a rating system — or so-called "cyber dashboard" — that informs consumers about how well the vehicle protects drivers' security and privacy.

"Rushing to roll out the next big thing, automakers have left cars unlocked to hackers and data-trackers," said Sen. Blumenthal in a statement. "This common-sense legislation protects the public against cybercriminals who exploit exciting advances in technology like self-driving and wireless connected cars.

"Federal law must provide minimum standards and safeguards that keep hackers out of drivers' private data lanes."

The legislation follows a February report released by Sen. Markey entitled Tracking & Hacking: Security & Privacy Gaps Put American Drivers at Risk.

The report said only two of the 16 car companies examined had developed any capability to detect and respond to a hacking attack in real time and that most owners don't know that their information is being collected and sent to third parties.

In a Tuesday speech to the Automated Vehicles Symposium 2015 in Ann Arbor, Michigan, NHTSA Administrator Mark Rosekind echoed the call to reassure vehicle owners that their data is secure and that they are protected from threats from hackers and those who might tamper with technology.

"Cybersecurity and privacy must be high-priority items for industry and for NHTSA," he said.

Rosekind said NHTSA is working with "the most effective security experts in the business to design, implement and test a security system for V2V (vehicle-to-vehicle) transmissions."

NHTSA has also reorganized its vehicle safety research operation to meet the cybersecurity challenge and is assessing "the various threat vectors" that could endanger vehicle security and privacy.

Edmunds says: Auto security and privacy risks will continue to be a top priority for automakers and safety regulators.

Leave a Comment