New legislation that would create the first-ever automotive cybersecurity standards could force automakers to push out more software updates and allow owners to use Internet services without their vehicles being tracked.
The bill introduced by Sens. Edward Markey (D-Mass., at left above) and Richard Blumenthal (D-Conn., at right) would direct the National Highway Traffic Safety Administration to establish minimum security levels for any vehicle software in contact with physical driving controls. The basic idea, according to a draft copy posted on Markey’s website, is to ensure the sensational hacking demonstrations at tech conferences and “60 Minutes”—where software engineers have remotely controlled steering, throttle, brakes, and other essential equipment—never actually happen to unsuspecting drivers.
While NHTSA and the Federal Communications Commission would have the ultimate say, the bill wants automakers to establish real-time monitoring to “immediately detect, report, and stop” hacking attempts in their cars. It’s a direct response to a February report from Markey’s office, which polled 16 automakers on their security practices and data privacy policies. In that report, most of the automakers could not demonstrate any method to prevent remote attacks or were vague about how they collected and used data from various in-car systems, including telematics and apps.
Markey also suggests automakers slap “cyber dashboard” stickers on every car to show drivers how they’re protected and wants every connectivity feature to explicitly mention the company’s data collection practices in “clear and plain” language, along with the ability to disable data collection as it pertains to marketing and vehicle tracking. Markey’s bill would prevent automakers from disabling key functions, such as navigation, if a driver were to opt out of data collection, but any rules would not apply to vehicle safety systems like the Event Data Recorder used for tracking airbag deployment and other vehicle information in a crash. (A separate bill addressing that exact issue has been stalled over a year.) NHTSA would also be required to update the rules with automakers at least once every three years.
The bill’s announcement was coincidentally timed with a Wired story on Tuesday that claimed to have witnessed the first wireless attack on a new car without any prior, physical tampering. In March, Markey and Blumenthal, who are on the Senate Committee on Commerce, Science, and Transportation investigating the GM ignition switch and Takata airbag recalls, entered a bill that would require all car owners to complete recalls as a condition of registration.
This entry passed through the Full-Text RSS service - if this is your content and you're reading it on someone else's site, please read the FAQ at http://ift.tt/jcXqJW.
from Car and Driver Blog http://ift.tt/1eeSEmZ
via IFTTT
0 comments:
Post a Comment