Aug 13 2015

The Role Federal Agencies Will Play in Protecting Carmakers from Hacks

Government agencies are expected to set and implement the guidelines for emerging technology.

Recent concern over advanced cybersecurity threats on automobiles has led Fiat Chrysler Automobiles to recall over a million vehicles. This pushed two U.S. senators to draft legislation requiring government agencies to keep up with the technology they’ll be expected to regulate.

The legislation proposed by senators Richard Blumenthal (D-Conn.) and Ed Markey (D-Mass.) mandates that cars sold in the United States adhere to a certain level of protection against cyberattacks. The National Highway Traffic Safety Administration (NHTSA) and the Federal Trade Commission (FTC) will be tasked with establishing these provisions and with determining ways to protect the personal information that might be exposed.

In addition, Wired noted that the bill features three elements, with NHTSA and the FTC integral to two:

First, it will require the NHTSA and the FTC to set security standards for cars, including isolating critical software systems from the rest of a vehicle’s internal network, penetration testing by security analysts, and the addition of onboard systems to detect and respond to malicious commands on the car’s network. Second, it will ask those same agencies to set privacy standards, requiring carmakers to inform people of how they collect data from vehicles they sell, letting drivers opt out of that data collection and restricting how the information can be used for marketing. And finally, it will require manufacturers to display window stickers on new cars that rank their security and privacy protections.

NHTSA administrator Mark Rosekind told TheWall Street Journal that there would be a “swift and strong response” from the agency when threats are identified. Blumenthal and Markey’s bill signals another step toward the modernization of government technology, forcing agencies to familiarize themselves with trends. That way, demonstrations such as a remote attack on a car traveling 70 miles per hour won’t startle automobile makers into recalls.

This mission will be daunting, but it’s absolutely necessary that government agencies’ security plans evolve as cyberthreats do the same.