US legislation for connected car cybersecurity edges closer
Federal standards that secure cars and protect drivers’ privacy have taken a step closer to reality, after new legislation was announced at a Senate Commerce Committee hearing.
Senators Edward J. Markey of Massachusetts and Richard Blumenthal of Connecticut want the legislation to direct National Highway Traffic Safety Administration (NHTSA) and the Federal Trade Commission (FTC) to create these new federal standards.
The concerted push for legislation comes after Markey’s own office released a report on the various security holes in today’s connected cars, with Blumenthal revealing that there has been too much of a rush to bring the technology to market.
“Connected cars represent tremendous social and economic promise, but in the rush to roll out the next big thing automakers have left the doors unlocked to would-be cybercriminals,” he said.
“This common-sense legislation would ensure that drivers can trust the convenience of wireless technology, without having to fear incursions on their safety or privacy by hackers and criminals.”
Penetrative testing evaluation
Markey would like to see all wireless access points in cars protected against hacking attacks and evaluated using penetration testing. He also wants to ensure all collected information is securely encrypted to prevent breaches.
The senator wants the government to make it a requirement that car manufacturers and third-party feature providers are able to detect, report and respond to hacking as it occurs in real time too.
Security should not be the only focus, either. Markey wants a driver’s privacy to be protected at all times, with the Senator placing its importance on the same level as some of the safety features that already exist in cars.
“We need the electronic equivalent of seat belts and airbags to keep drivers and their information safe in the 21st century,” he said.
“There are currently no rules of the road for how to protect driver and passenger data, and most customers don’t even know that their information is being collected and sent to third parties.
Data collection transparency
If Markey has his way, then all drivers will be made explicitly aware of the data collection, transmission, and use of driving information they are being subjected to. They will also be able to opt out without disabling infotainment features.
The final part forbids personal driving information from being used for advertising or marketing purposes. No doubt non-personally identifiable information, like the data used in online advertising, will skirt around this particular ruling if it goes through.
Just like with fuel economy, the senators want to see a “cyber dashboard” displayed on new cars to show information on how well a vehicle protects drivers beyond the minimum standards.
Interestingly, US trade organisation the Alliance of Automobile Manufacturers announced a set of guidelines late last year that would offer consumers more privacy protection, but these did not go far enough for Markey and Blumenthal.