Via The Drive.com
As the House of Representative ponders new legislation for self-driving cars, the U.S. Senate is looking at possible cybersecurity regulations that could address issues with connected cars and the fear of car hacking. A new Senate bill aims to enact stricter security protocols for the array of connected devices that comprise the so-called "Internet of Things," including cars. Put forward by a bipartisan group of senators, the bill is one of the first major legislative steps to address security vulnerabilities in consumer products.
According to Reuters, the bill would require companies to provide Internet-connected devices to the federal government to determine whether they are patchable, and whether they meet other cybersecurity requirements. It would also prohibit companies from selling products with unchangeable passwords, or that possess known security vulnerabilities.
The bill would also expand legal protections for cybersecurity researchers working in "good faith." These researchers often hack consumer products to expose vulnerabilities and bring them to the attention of manufacturers. Such research was demonstrated in dramatic fashion in 2015, when white hat hackers Charlie Miller and Chris Valasek digitally cracked into a Jeep Cherokeethrough its infotainment system. Fiat Chrysler Automobiles subsequently issued a software update to address the vulnerability.
Vehicles were previously insulated from hacking because any computer-controlled systems were not accessible through the Internet. But the onrushing age of automotive connectivity has changed that; as automakers continue to pile on connectivity features, they increase potential routes of attack for hackers. Over the past couple of years, both Nissan and General Motors have had to address security issues with their telematics systems. Likewise, in two recent cases, thieves in San Diego and Houston allegedly stole Jeeps off dealer lots by hacking into them using laptops.
The trend toward cars with Internet connections may be unstoppable; automakers view it as essential to winning attention from consumers enamored with smartphones, and it allows software-based systems to be updated without bringing vehicles into dealerships. That being the case, strong regulations will be necessary in order to keep companies from introducing insecure systems to cars.