“Your car has been hacked!” may be the next warning light to flash on your car dashboard as the result of a bill introduced Tuesday in the Senate.
The legislation by Sens. Edward J. Markey (D-Mass.) and Richard Blumenthal (D-Conn.) is intended to address fears about the vulnerability of onboard car computers to hackers, particularly with connected-vehicle technology and autonomous cars on the horizon.
“Drivers shouldn’t have to choose between being connected and being protected,” Markey said in a statement. “We need clear rules of the road that protect cars from hackers and American families from data trackers.”
The bill tasks the National Highway Traffic Safety Administration (NHTSA) and the Federal Trade Commission (FTC) with establishing standards intended to protect car computers from hackers who could manipulate a vehicle’s behavior or violate the driver’s privacy.
“This legislation will set minimum standards and transparency rules to protect the data, security and privacy of drivers in the modern age of increasingly connected vehicles,” Markey said.
Automakers are well aware of the risks and worry that car buyers may be put off if they fear hackers can access their vehicles. Last week they announced the establishment of a joint Information Sharing and Analysis Center intended to assess hacking risks on an ongoing basis.
While dashboard warning lights might not show up in all vehicles, Markey and Blumenthal want federal regulators to create a “cyber dashboard” to tell drivers how well their cars are protected against an attack.
“Rushing to roll out the next big thing, automakers have left cars unlocked to hackers and data-trackers,” Blumenthal said in a joint statement with Markey. “Federal law must provide minimum standards and safeguards that keep hackers out of drivers’ private data lanes. Security and safety need not be sacrificed for the convenience and promise of wireless progress.”
The bill instructs NHTSA to work with the FTC in developing standards that would:
• Isolate onboard critical software systems to protect against hackers.
• Protect all data that is stored on the computer.
• Equip cars with technology that can detect and report hacking attempts in real time.
The bill also requires that car owners be made aware of data that is collected, retained or transmitted while driving, that drivers can opt out of that data collection and retention, and it prohibits the use of any collected data for advertising or marketing unless the driver agrees.
In addition to real-time communication with a driver when a car is hacked, the bill says federal regulators should display on the window sticker of cars at dealerships how well the vehicle is protected against hacking.
“As America’s vehicles become more and more connected to the internet, and wireless vehicle to vehicle technology adds important safety to tomorrow’s cars, vital security and privacy concerns need to be addressed as well,” Jack Gillis, of the Consumer Federation of America, said in a statement. “Senator Markey and Blumenthal’s [legislation] will help prevent hacking attacks and [ensure] personal privacy as new vehicle safety and monitoring technology is introduced.”
Although vehicles already are vulnerable to hacking, the possibilities will be amplified with the advent of connected vehicles and autonomous cars.
Connected vehicle systems extend many current systems such as radar, laser sensors and lane-control devices into a network of communication with other cars and roadside detection devices. Rather than just communicate data to the car’s driver, connected vehicles will share that information with computers in other vehicles via a short-range broadband network.
That shared information will make driving safer, provided it’s not susceptible to hackers who could compromise the system.