Lawmakers move to study car hacking

Lawmakers move to study car hacking
© Greg Nash

Two congressmen want to study vehicle cybersecurity after several high-profile car hacking incidents thrust the issue into the limelight.

ADVERTISEMENT

The so-called SPY Car Study Act, set to be introduced Thursday by Reps. Joe WilsonAddison (Joe) Graves Wilson75 years after D-Day: Service over self Valerie Plame to run for Congress in New Mexico Pollster says younger lawmakers more likely to respond to State of the Union on social media MORE (R-S.C.) and Ted Lieu (D-Calif.), would require a cross-sector study to examine detection protocols, deterrence techniques and privacy best practices.

The bill is much less ambitious than similar legislation in the Senate, introduced in July by Sens. Ed MarkeyEdward (Ed) John MarkeyHillicon Valley: Investigation finds federal agencies failed to address cyber vulnerabilities | Officials crack down on illegal robocallers | Warren offers plan to secure elections | Senators grill Google exec on 'persuasive technology' YouTube critics urge FTC to crack down on handling of children's videos Senate set to bypass Iran fight amid growing tensions MORE (Mass.) and Richard Blumenthal (Conn.).

That bill would require the Federal Trade Commission (FTC) and the National Highway Traffic Safety Administration (NHTSA) to develop standards to protect drivers' privacy and to guard against a potentially deadly hack of a vehicle.

Wilson urged a more cautious approach to vehicle cybersecurity.

“I am proposing the SPY Car Study Act because it is irresponsible to mandate changes in a developing field before accurately assessing the situation,” Wilson said in a statement.

Concerns about the dangers of Internet-connected cars came to a head this summer when “white hat hackers” exploited a vulnerability and took control of a Jeep's steering, brakes and transmission and brought it to a halt on the highway.

That hack was widely criticized by auto manufacturers who suggested that by going public with their findings, the researchers recklessly exposed vulnerabilities and gave manufacturers no time to resolve concerns.

“Under no circumstances does [Fiat Chrysler of America] condone or believe it’s appropriate to disclose ‘how-to information’ that would potentially encourage, or help enable hackers to gain unauthorized and unlawful access to vehicle systems,” the company, which makes the hacked Jeep, said in a statement.

The dispute is part of a larger debate around what legal standing security researchers have to explore and expose vulnerabilities in proprietary technology. 

Wilson and Lieu both emphasized the need for partnership across the auto industry and with government partners, which under the provisions of the bill include the NHTSA, the FTC, the Defense Department, the National Institute of Standards and Technology and others.

“Without adequate protections, a hacker could turn a car into a weapon,” Lieu said in a statement. “The SPY CAR Study Act is a first step in bringing industry, advocates and government together to strike a balance between innovation and consumer protection.”