Could proposed legislation make cars MORE susceptible to hackers?

Shutterstock image (by fotomak): abstract, urban road.

House Republicans are looking to protect cars against hackers. But federal regulators told lawmakers at an Oct. 21 hearing that the bill might not work the way it is supposed to.

"The proposed legislation, as drafted, could substantially weaken the security and privacy protections that consumers have today," said Maneesha Mithal, head of the Federal Trade Commission's Division of Privacy and Identity Protection at the hearing of the Commerce, Manufacturing and Trade Subcommittee of the House Energy and Commerce Committee.

The draft bill -- which comes in the wake of news reports that showed how cyber adversaries can take over command and control of some automotive operating systems -- aims to improve vehicle security and provide more consumer autonomy over their personal information. The bill directs the National Highway Traffic Security Administration to form an advisory council to create and draft cybersecurity standards within the auto industry. Under the legislation, a $100,000 fine would be imposed on anyone who accesses a car's electronic system "without authorization," and car companies would be required to create and file privacy policies with the Transportation Department.

At the hearing, federal regulators warned that the bill would actually have the opposite of its intended effect. Mithal argued that under the proposed legislation, companies with privacy policies meeting the minimum requirements would be immune from FTC privacy laws. She also cautioned against the section authorizing fines for car hackers, saying that it could punish researchers testing for security flaws.

"By prohibiting such access, even for research purposes, this provision would likely [discourage] such research, to the detriment of consumers' privacy, security, and safety," Mithal said.

NHSTA Administrator Mark Rosekind, meanwhile, expressed concern that the bill would allow industry lobbyists to sway cybersecurity standards advisory council.

"The public expects NHTSA, not industry, to set safety standards," Rosekind said.

While Republicans defended their legislation, they acknowledged it still needed work.

"The staff discussion that we will review today is a starting point" said Energy and Commerce Committee Chairman and Fred Upton (R-Mich.) "[Some] ideas, like how to best ensure cybersecurity, may need to further evolve."

About the Author

Aleida Fernandez is an FCW editorial fellow.


  • Defense
    Soldiers from the Old Guard test the second iteration of the Integrated Visual Augmentation System (IVAS) capability set during an exercise at Fort Belvoir, VA in Fall 2019. Photo by Courtney Bacon

    IVAS and the future of defense acquisition

    The Army’s Integrated Visual Augmentation System has been in the works for years, but the potentially multibillion deal could mark a paradigm shift in how the Defense Department buys and leverages technology.

  • Cybersecurity
    Deputy Secretary of Homeland Security Alejandro Mayorkas  (U.S. Coast Guard photo by Petty Officer 3rd Class Lora Ratliff)

    Mayorkas announces cyber 'sprints' on ransomware, ICS, workforce

    The Homeland Security secretary announced a series of focused efforts to address issues around ransomware, critical infrastructure and the agency's workforce that will all be launched in the coming weeks.

Stay Connected