Congress

Could proposed legislation make cars MORE susceptible to hackers?

Shutterstock image (by fotomak): abstract, urban road.

House Republicans are looking to protect cars against hackers. But federal regulators told lawmakers at an Oct. 21 hearing that the bill might not work the way it is supposed to.

"The proposed legislation, as drafted, could substantially weaken the security and privacy protections that consumers have today," said Maneesha Mithal, head of the Federal Trade Commission's Division of Privacy and Identity Protection at the hearing of the Commerce, Manufacturing and Trade Subcommittee of the House Energy and Commerce Committee.

The draft bill -- which comes in the wake of news reports that showed how cyber adversaries can take over command and control of some automotive operating systems -- aims to improve vehicle security and provide more consumer autonomy over their personal information. The bill directs the National Highway Traffic Security Administration to form an advisory council to create and draft cybersecurity standards within the auto industry. Under the legislation, a $100,000 fine would be imposed on anyone who accesses a car's electronic system "without authorization," and car companies would be required to create and file privacy policies with the Transportation Department.

At the hearing, federal regulators warned that the bill would actually have the opposite of its intended effect. Mithal argued that under the proposed legislation, companies with privacy policies meeting the minimum requirements would be immune from FTC privacy laws. She also cautioned against the section authorizing fines for car hackers, saying that it could punish researchers testing for security flaws.

"By prohibiting such access, even for research purposes, this provision would likely [discourage] such research, to the detriment of consumers' privacy, security, and safety," Mithal said.

NHSTA Administrator Mark Rosekind, meanwhile, expressed concern that the bill would allow industry lobbyists to sway cybersecurity standards advisory council.

"The public expects NHTSA, not industry, to set safety standards," Rosekind said.

While Republicans defended their legislation, they acknowledged it still needed work.

"The staff discussion that we will review today is a starting point" said Energy and Commerce Committee Chairman and Fred Upton (R-Mich.) "[Some] ideas, like how to best ensure cybersecurity, may need to further evolve."

About the Author

Aleida Fernandez is an FCW editorial fellow.

Featured

  • Cybersecurity

    DHS floats 'collective defense' model for cybersecurity

    Homeland Security Secretary Kirstjen Nielsen wants her department to have a more direct role in defending the private sector and critical infrastructure entities from cyberthreats.

  • Defense
    Defense Secretary James Mattis testifies at an April 12 hearing of the House Armed Services Committee.

    Mattis: Cloud deal not tailored for Amazon

    On Capitol Hill, Defense Secretary Jim Mattis sought to quell "rumors" that the Pentagon's planned single-award cloud acquisition was designed with Amazon Web Services in mind.

  • Census
    shutterstock image

    2020 Census to include citizenship question

    The Department of Commerce is breaking with recent practice and restoring a question about respondent citizenship last used in 1950, despite being urged not to by former Census directors and outside experts.

Stay Connected

FCW Update

Sign up for our newsletter.

I agree to this site's Privacy Policy.