SafeUM
Home Blog Services Download Help About Recharge

Axarhöfði 14, 110 Reykjavik, Iceland

Iceland - 2015
SafeUM
Blog
Services
Download
Help
About
Recharge
Menu
Archive
TOP Security!
3 Feb 2017

Bill calls for study of cybersecurity standards for cars

A House bill was introduced Tuesday that could accelerate the federal government’s involvement in regulating automobile cybersecurity.

The Security and Privacy in Your Car Study Act of 2017, authored by Reps. Ted Lieu (D-Calif.) and Joe Wilson (R-SC), calls on the National Highway Traffic Safety Administration to lead a study of necessary security standards that could be included in a law governing cars built in the U.S. or imported for sale.

A similar SPY Car Act of 2015 introduced by Sen. Edward Markey (D-MA) was much more prescriptive of the NHTSA in securing electronic controls and driving data collected by vehicle systems. This week’s bill calls for the NHTSA to study the issue alongside the Federal Trade Commission, NIST and other stakeholders. They have a year to produce a preliminary report, and another six months beyond that to draft a final report that includes dates for adoption and recommendations that would be included in legislation.

“Every American has a right to drive cars that are safe and secure. Cars don’t necessarily come to mind when most of us think about cybersecurity. But the Internet of Things (IoT) is bringing technology and connectivity into every part of our lives—including our motor vehicles,” Lieu said. “Without good cyber hygiene, a hacker could easily turn a car into a weapon.”

Yoni Heilbronn, an executive with Argus Cyber Security, a company specializing in automotive cybersecurity, said he had mixed feelings about the bipartisan bill. He acknowledged that while the proposal could bring some positives to the conversation, he wonders whether legislators believe the automotive industry is moving too slowly toward progress. He recalled a panel he attended last year with Sen. Gary Peters, a Michigan Democrat who urged industry to be more responsive and proactive.

“I heard him pleading with the industry to do things on its own, and not wait for the U.S. government to regulate,” Heilbronn said. “If regulation comes, it could be even more strict than what industry would do to itself.” The current bill asks NHTSA to identify a number of critical areas that could be exploited by hackers; researchers Charlie Miller and Chris Valasek, as well as researchers from the University of California at San Diego, have already demonstrated a number of high-profile hacks exploiting vulnerabilities in electronic communications systems in a number of vehicles.

Specifically, the SPY Car Study Act of 2017 asks officials to examine how to best isolate critical software from other code running inside a motor vehicle, and identify measures to detect vulnerabilities and code anomalies associated with malicious behavior. They’re also tasked with identifying how to best implement on-demand risk assessments and continuous penetration-testing of critical systems. Finally, they are asked to determine best practices to secure driving data as it’s collected and stored on board, in transit, and stored off-board.

Heilbronn said some in industry are more vigilant about cybersecurity than others; Jeep, for example, quickly patched vulnerabilities in its UConnect entertainment systems exploited by Miller and Valasek, and instituted an unprecedented vehicle recall. “If you ask Senators Markey and Peters, industry is not moving quickly,” Heilbronn said. “Theirs was a clear message to industry to start doing things, don’t wait.”

Last March, the FBI and NHTSA teamed up on a formal warning to the auto industry about vulnerabilities that leave cars exposed to internet-based attacks. The FBI warned that vulnerabilities in features such as UConnect and aftermarket devices pose an “unreasonable risk to safety.”

“I’ve never seen such a statement before,” Heilbronn said. “It’s unheard of. It also gives you a good idea of the way of thinking inside the US government, that these risks need to be addressed. If there is regulation some day, there will be enforcement. The question is, how long does industry wait before it does something.”

Tags:
data protection USA trends Internet of Things
Source:
Threatpost
1771
Other NEWS
3 Jul 2020 safeum news imgage An encrypted messaging service has been infiltrated by police
4 May 2020 safeum news imgage Two-Factor Authentication ​What Is It and Why You Should Use It
12 Dec 2019 safeum news imgage Encryption is under threat - this is how it affects you
4 Nov 2019 safeum news imgage Should Big Decisions Be Based on Data or Your Intuition?
7 Jun 2018 safeum news imgage VPNFilter malware infecting 500,000 devices is worse than we thought
4 Jun 2018 safeum news imgage Hackers target Booking.com in criminal bid to steal hundreds of thousands from customers
1 Jun 2018 safeum news imgage Operator of World's Top Internet Hub Sues German Spy Agency
30 May 2018 safeum news imgage US says North Korea behind malware attacks
29 May 2018 safeum news imgage Facebook and Google targeted as first GDPR complaints filed
25 May 2018 safeum news imgage A new reason to not buy these cheap Android devices
24 May 2018 safeum news imgage Flaws in smart pet devices, apps could come back to bite owners
23 May 2018 safeum news imgage Google sued for 'clandestine tracking' of 4.4m UK iPhone users' browsing data
21 May 2018 safeum news imgage LocationSmart reportedly leaked phone location data onto the web
18 May 2018 safeum news imgage The SEC created its own scammy ICO to teach investors a lesson
17 May 2018 safeum news imgage Thieves suck millions out of Mexican banks in transfer heist
All news
SafeUM
Confidential Terms of Use Our technologies Company
Follow us
Download
SafeUM © Safe Universal Messenger

Axarhöfði 14,
110 Reykjavik, Iceland

Iceland - 2015