Congress Introduces SPY Act to Protect Cars From Hackers

Cybersecurity risks pose a safety risk to drivers, but should NHTSA be involved?

Darknet
Florian Gaertner—Photothek via Getty Images

New features through over-the-air updates and WiFi hotspots may be selling points to consumers, but those features are also an entry point for hackers. To protect motorists on the road, U.S. Representative Joe Wilson (SC-2) is introducing the Security and Privacy in Your Car (SPY) Study Act of 2017, which would order the National Highway Transportation and Safety Administration to work with other agencies and groups to create a set of cyber security standards that manufacturers would have to follow for all new vehicles.

If passed, the bill would direct regulators to conduct a study that would form "best practices." These standards would ensure that mission critical systems are isolated, that data on board the vehicle and elsewhere (e.g., cloud-based) is secured, and there's a system in place to monitor and detect for cyber attacks.

In 2015, two hackers tapped into a Jeep Cherokee's On Board Diagnostic (OBD) port, and were able to take control the SUV's steering and brakes. The security risk forced Fiat-Chrysler to recall for 1.4 million cars. However, the vulnerabilities didn't stop there. The same group also found that it could also update the vehicle's computer system through the OBD port.

In light of these security shortcomings, protecting vehicles from electronic attacks seems prudent as nearly all new models offer some level of Internet connectivity. However, this also sounds like the type of regulatory red tape that manufacturers oppose, and that Trump promised to cut.