Lawmakers Push Bill to Study [Vehicle Software Security]

A new bill introduced in the House of Representatives on Tuesday would force the federal government to conduct a long-term study on the security and privacy controls of software running on vehicles, including its navigation, entertainment, and other systems.

Vehicle Software Security

The bill is sponsored by Rep. Ted Lieu (D-Calif.) And Rep. Joe Wilson (RS.C.), and is another indication that federal regulators are reviewing the safety of a wide range of devices, including Vehicles , Medical devices and IoT equipment. The main objective of the project is to require the National Highway Traffic Safety Administration, along with NIST, the FTC and the Secretary of Defense, to conduct a study on the standards required to regulate the cybersecurity of vehicles.

“Every American has the right to drive safe and secure cars.” Cars do not necessarily come to mind when most of us think about cybersecurity.But the Internet of Things (IoT) is bringing technology and connectivity to every part of our lives – including Without good cybernetic hygiene, a hacker could easily turn a car into a weapon, “Lieu said in a statement.

“The SPY Car Study Act is based on the important work carried out by the National Highway Traffic Safety Administration, emphasizing the protection of personal data of users, and developing clear deadlines for the implementation of these standards. We need to know that our navigation, entertainment and operating systems are Insurance – and that our data is kept private. We must be proactive about our privacy and security now more than ever. ”

Known as the SPY Car Study Act, the bill asks NHTSA and other agencies-in cooperation with manufacturers-to identify a number of key items, including:

(1) the insulation measures necessary to separate critical software systems from other software systems; (2) measures necessary to detect 21 and prevent or minimize automotive software systems malfunction codes associated with malicious behavior; (3) techniques necessary to detect and prevent, discourage or mitigate intrusions in motor vehicle software systems and other cybersecurity hazards in motor vehicles such as continuous penetration testing and on-demand risk assessments.

The bill would give the agencies one year after their ratification to deliver a preliminary report, and then another six months to deliver a final version. Vehicle software systems have been under scrutiny for the last two years, as researchers have shown methods to remotely attack them and disable major systems, including brakes and the engine. In September last year, researchers at China’s Keen Laboratory published research showing they could take control of a Tesla several miles away.

Regulators and industry groups have begun to take notice. In July, Auto-ISAC published a set of best practices for vehicle software security.