Senators want more cyber answers from automakers

Senators want more cyber answers from automakers
© Getty Images

Two senators are pressing automakers for more answers on their plans to protect cars from the looming threat of hackers.

It’s the second round of questions Sen. Ed MarkeyEdward (Ed) John MarkeySanders offers bill to tax billionaires' wealth gains during pandemic Senate Democrats demand answers on migrant child trafficking during pandemic Budowsky: Why I back Kennedy, praise Markey MORE (D-Mass.) has sent automakers. His initial investigation was largely the basis for a bill known as the SPY Car Act, which would direct the government to set federal cybersecurity standards for car manufacturers.


“As vehicles become increasingly connected to the Internet and to one another through advanced features and services, we continue to see how these technologies present vulnerabilities that can compromise the safety and privacy of drivers and passengers,” said Markey and Sen. Richard Blumenthal (D-Conn.), who co-sponsored the SPY Car Act, in the letter.

The two lawmakers are seeking updated information on how these companies plan to thwart hackers from pilfering driver data and manipulating a vehicle’s functions, such as the air-conditioning, windshield wipers and even the steering wheel and transmission.

“A series of studies over the past few years have demonstrated how these systems can be remotely hacked to steal data or take control of the vehicle away from the driver,” the letter said.

The pair cited a recent demonstration, in which two researchers commandeered a car from 10 miles away, forcing it off the road. The event was profiled in a Wired article that made the rounds at federal agencies and on Capitol Hill, spurring a renewed discussion of the digital security shortcomings in cars.

The incident highlighted what Markey had pointed out in a February report based on his initial responses from automakers.

Markey's report described vehicles’ cybersecurity measures as “inconsistent and haphazard.” It said few auto manufacturers were able to detect and respond to hacks.

“Drivers have come to rely on these new technologies, but unfortunately the automakers haven’t done their part to protect us from cyberattacks or privacy invasions,” Markey said at the time. “Even as we are more connected than ever in our cars and trucks, our technology systems and data security remain largely unprotected.”

In Wednesday's letter, Markey and Blumenthal credited the auto industry for several moves it had made since then, including issuing a set of voluntary privacy standards to help secure customer data.

The two called this “a step in the right direction,” but added, “we believe that protecting the safety, security and privacy of American drivers should not be voluntary.”

“Consumers should have meaningful choice and transparency regarding any collection of their data derived from driving their vehicles,” they continued. “The voluntary industry measures also fail to adequately address rising cybersecurity concerns.”

The SPY Car act would create a rating system that tells customers how well each vehicle secures and protects their data.