Ten members of the House of Energy and Commerce Committee are questioning how the government and auto-makers are prepping for the potential cybersecurity risks of reliance on software in vehicles.
"Connected cars and advancements in vehicle technology present a tremendous opportunity for economic innovation, consumer convenience, and public health and safety," wrote a group led by Chairman Fred Upton (R-Mich.) and ranking Democrat Frank Pallone (N.J.) in letters sent to 17 car manufacturers including Ford, Toyota and General Motors, as well as the National Highway Transportation and Safety Administration on Thursday.
"These benefits, however, depend on consumer confidence in the safety and reliability of these technologies," they wrote.
The lawmakers want the agency and automakers to provide details on what they are doing to protect against cyber-vulnerabilities now -- including how they test vehicles for such vulnerabilities while they are being designed and once they are on the road. Letter recipients were asked to respond by June 11.
NHTSA did not immediately respond to a Washington Post inquiry about the letter, but the issue is on their radar. The agency is researching cybersecurity issues related to cars and released a summary of cybersecurity best practices as well as a report on potential security threats to vehicles last September.
And the industry has also taken note of cybersecurity threats. "Auto engineers are incorporating security solutions into vehicles from the first stages of design and production, and their security testing never stops," says a fact sheet on the issue from the industry's The Alliance of Automobile Manufacturers. The Vehicle Electrical System Security Committee. The International Society of Automotive Engineers has a committee that studies the challenges of securing vehicle's electronic control systems and the U.S. Council for Automotive Research has a "Cyber-Physical Systems Task Force."
But some cybersecurity experts have warned that the auto industry is lagging behind some other sectors while the increasing complexity of systems in vehicles could leave them vulnerable to hacking. In 2013, researchers Chris Valasek and Charlie Miller were able take over the brakes and steering of a Ford Escape and a Toyota Prius using a laptop connected to the vehicles with a cable. And last year, the pair released a report laying out potential wireless "attack surfaces," like WiFi connections and Bluetooth in many cars on the market, that might be targeted by a malicious attacker.
Earlier this year, Sen. Ed Markey (D-Mass.) released a report warning that consumers security and privacy were put at risk by the the increasing connectivity of vehicles. Nearly all cars on the market "include wireless technologies that could pose vulnerabilities to hacking or privacy intrusions," the report, which was based on information solicited from auto-makers, concluded.
Last November, two auto industry groups announced a set of privacy principles for vehicles. But Markey and Sen. Richard Blumenthal (D-Conn.) are currently at work on legislation that would direct NHTSA and the Federal Trade Commission to establish federal standards for vehicular cybersecurity and privacy.