Congress

Could proposed legislation make cars MORE susceptible to hackers?

Shutterstock image (by fotomak): abstract, urban road.

House Republicans are looking to protect cars against hackers. But federal regulators told lawmakers at an Oct. 21 hearing that the bill might not work the way it is supposed to.

"The proposed legislation, as drafted, could substantially weaken the security and privacy protections that consumers have today," said Maneesha Mithal, head of the Federal Trade Commission's Division of Privacy and Identity Protection at the hearing of the Commerce, Manufacturing and Trade Subcommittee of the House Energy and Commerce Committee.

The draft bill -- which comes in the wake of news reports that showed how cyber adversaries can take over command and control of some automotive operating systems -- aims to improve vehicle security and provide more consumer autonomy over their personal information. The bill directs the National Highway Traffic Security Administration to form an advisory council to create and draft cybersecurity standards within the auto industry. Under the legislation, a $100,000 fine would be imposed on anyone who accesses a car's electronic system "without authorization," and car companies would be required to create and file privacy policies with the Transportation Department.

At the hearing, federal regulators warned that the bill would actually have the opposite of its intended effect. Mithal argued that under the proposed legislation, companies with privacy policies meeting the minimum requirements would be immune from FTC privacy laws. She also cautioned against the section authorizing fines for car hackers, saying that it could punish researchers testing for security flaws.

"By prohibiting such access, even for research purposes, this provision would likely [discourage] such research, to the detriment of consumers' privacy, security, and safety," Mithal said.

NHSTA Administrator Mark Rosekind, meanwhile, expressed concern that the bill would allow industry lobbyists to sway cybersecurity standards advisory council.

"The public expects NHTSA, not industry, to set safety standards," Rosekind said.

While Republicans defended their legislation, they acknowledged it still needed work.

"The staff discussion that we will review today is a starting point" said Energy and Commerce Committee Chairman and Fred Upton (R-Mich.) "[Some] ideas, like how to best ensure cybersecurity, may need to further evolve."

About the Author

Aleida Fernandez is an FCW editorial fellow.

Featured

  • FCW Perspectives
    human machine interface

    Your agency isn’t ready for AI

    To truly take advantage, government must retool both its data and its infrastructure.

  • Cybersecurity
    secure network (bluebay/Shutterstock.com)

    Federal CISO floats potential for new supply chain regs

    The federal government's top IT security chief and canvassed industry for feedback on how to shape new rules of the road for federal acquisition and procurement.

  • People
    DHS Secretary Kirstjen Nielsen, shown here at her Nov. 8, 2017, confirmation hearing. DHS Photo by Jetta Disco

    DHS chief Nielsen resigns

    Kirstjen Nielsen, the first Homeland Security secretary with a background in cybersecurity, is being replaced on an acting basis by the Customs and Border Protection chief. Her last day is April 10.

Stay Connected

FCW INSIDER

Sign up for our newsletter.

I agree to this site's Privacy Policy.