As vehicle manufacturers add more sophisticated connected controls to cars this increases the risk of compromise, and a potential car hack could lead to the actual loss of lives depending on how the operation is leveraged. The US Senate is preparing to tackle this very issue and is proposing a set of cyber security standards for cars:
The Security and Privacy in Your Car Act of 2015 seeks to get a step ahead of what is seen by some as one of the next fronts in hacking: connected vehicles, which are always on the Internet and rely on sophisticated computer control systems.
Proposed by Senators Edward J. Markey, a Democrat from Massachusetts, and Richard Blumenthal, a Democrat from Connecticut, the act would mandate that critical software systems in cars be isolated and the entire vehicle be safeguarded against hacking by using “reasonable measures.” The proposed bill doesn’t define those measures.
Data stored in the car should be secured to prevent unauthorized access and vehicles will also have to detect, alert and respond to hacking attempts in real time.
Under the proposed law, new privacy standards, to be developed by the National Highway Traffic Safety Administration (NHTSA), will require vehicle owners be made aware of what data is being collected, transmitted and shared. Owners will be offered the chance to opt out of such data collection without losing access to key navigation or other features where feasible.
The NHTSA will also be tasked with developing an easy method for consumers to evaluate how well an automaker goes beyond the minimum standards defined in the proposed law.
To date, there have been few examples of cyber attacks on cars, but security researchers have demonstrated that it’s possible to take over the critical control systems of a car while it is in motion.