In a sign of how lawmakers are turning up the heat on the issue of vehicle cybersecurity, a bipartisan group from the House Energy & Commerce (E&C) committee sent letters on the subject to 17 automakers and the National Highway Traffic Safety Administration(NHTSA) yesterday. The letter, signed by ten members of the E&C committee including Chairman Fred Upton (R-MI), asked auto execs such questions as how cybersecurity is managed at their companies and how possible vulnerabilities are addressed. The letter to NHTSA Administrator Mark Rosekind asked how the federal agency is structured to handle cyber threats to automobiles and what if any steps have been taken to study how security risks can be minimized as cars become more connected.
With in-car Wi-Fi and smartphone apps that connect to the cloud flooding into cars and the U.S. DOT working on mandating vehicle-to-vehicle communication on all new vehicles to reduce accidents, the lawmakers wrote that these technologies offer “tremendous opportunity for innovation, improved performance, convenience … and safety.” But they added that “all of these features …provide a gateway for potential threats. The explosion of new, connected devices and services is exacerbating existing cyber-security challenges and has introduced another potential consequence – the threat of physical harm,” the letter read.
The questions posed by the subcommittee members alluded to the extent of the challenge not just in connected cars, but in devices that connect to them, such as smartphones and OBD-II dongles. The committee members noted that “threats and vulnerabilities in vehicle systems may be inevitable.” But they want to know how the auto industry and NHTSA will address issues of cybersecurity.
Three years ago NHTSA established an office to handle cybersecurity issues and staffed it with around a dozen employees. At the end of 2014, the agency also issued a 40-page report detailing best practices that the auto industry should follow to ward off and deal with cyberattacks.
In a sign that the lawmakers want to get out ahead of the issue, the letter also addressed the nascent approach in automotive of using over-the-air (OTA) updates to add features to cars and also fix security flaws. In February, BMW issued OTA security updates to 2.2 million cars after outside researchers found a vulnerability that allowed hackers to remotely unlock the doors. While wireless OTA software updates can strengthen security and also has the potential to fix recalls issues without mechanics needing to physically access a vehicle, only Tesla has done routine OTA updates.
Lawmaker sent letters to top U.S. executives at Audi, Chrysler, Fiat Chrysler, Ford, General Motors, Honda, Hyundai, Nissan, Kia, Mazda, Mercedes-Benz, Mitsubishi, Porsche, Subaru, Tesla, Toyota, Volkswagen and Volvo. The lawmakers asked NHTSA and the car companies to respond by June 11.
The letter comes on the heels of a report issued in February by U.S. Senators Edward Markey (D-MA) and Richard Blumenthal (D-CT) that raised concerns about automotive cybersecurity and called for a rating system for passenger vehicle similar to those used for crash safety. The report was release the day after a 60 Minutes segment that showed correspondent Lesley Stahl helplessly stabbing the brakes, unable to stop an unnamed car after it had been “hacked” by researchers in a parking lot demonstration.
View the original content and more from this author here: http://ift.tt/1dCg9Ho
from cyber security caucus http://ift.tt/1AAWUbt
via IFTTT
No comments:
Post a Comment