Two U.S. senators filed a bill that would require the federal government to establish standards to ensure automakers secure a driver against vehicle cyber attacks.
The Security and Privacy in Your Car (SPY Car) Act, filed by Sens. Edward Markey (D-Mass.) and Richard Blumenthal (D-Conn.), also establishes a rating system — or "cyber dashboard"— that informs consumers about how well the vehicle protects drivers' security and privacy beyond the proposed federal minimum standards, said ComputerWorld.
The SPY Act would address cybersecurity standards to help prevent hacking into vehicle controls systems and data security concerns to help ensure all collected information would be secured from unwanted access while stored on-board, in transit, and stored off-board.
The legislation also calls for vehicles to be equipped with technology that can detect, report and stop hacking attempts in real time, said ComputerWorld. And it calls on the FTC to develop privacy standards on the data collected by vehicles, including transparency, so that owners are explicitly aware of any data collection. Owners would be able to opt out of data collection by automakers and others, said ComputerWorld.
"Drivers shouldn't have to choose between being connected and being protected," Sen. Markey said in a statement. "We need clear rules of the road that protect cars from hackers and American families from data trackers. This legislation will set minimum standards and transparency rules to protect the data, security and privacy of drivers in the modern age of increasingly connected vehicles."
The legislation would also ban the use of personal driving information collected by automakers from vehicle computer system for advertising or marketing purposes without the owner clearly opting in.
According to ComputerWorld, other examples of vehicle vulnerabilities include:
•A 92-page report revealing "the 20 most hackable cars" that was presented last year at the Black Hat security conference in Las Vegas by two industry experts.
•A device built by a 14-year-old to wirelessly communicate with a vehicle's controller area network (CAN) and remotely control non-safety related equipment such as headlights, window wipers and the horn. (He was also able to unlock the car and engage the vehicle's remote start.) The device was publicized at the CyberAuto Challenge in Columbus, Ohio.
