Feds Issue Guidance on CyberSecurity for Vehicles
Following up on September's Automated Vehicles Policy, the National Highway Traffic Safety Administration has issued guidance for automakers on cybersecurity. As vehicles are becoming more technologically advanced, the potential for dangerous cyber-attacks increase. Since automakers have been connecting vehicles to the internet through cellular networks, and including sophisticated computers capable of controlling every feature on a car, the NHTSA believed that cyber-security guidance was necessary to protect consumers and the public from vehicle cyber attacks.
In August, the cybersecurity researchers/hackers that famously took over a 2014 Jeep, demonstrated again that although one security flaw was fixed, the vehicle was far from secure. This time, while directly plugged into the vehicle, they were able to engage the brakes and turn the steering wheel via their connected computer, while overriding the security measures that should have prevented their actions. In response, Chrysler representatives explained that the attack was not done remotely, and as such was not as significant as the prior 2014 hack where the same researchers were able to remotely control a Wired magazine writer's Jeep.
What the Federal Guidance Means
The guidance issued by the NHTSA is meant to provide automakers, and manufacturers of auto accessories, with information about the best practices related to automotive cybersecurity. The guidance explains that automakers should use layered security principles so that vehicle systems are protected by more than one layer of security.
For example, it is recommended that on-top of using encryption, that additional fail-safe security measures be implemented that can detect when a cyber-attack occurs. While the guidance may not be law, it may provide the basis for new legislation or regulations relating to vehicle cybersecurity in the future.
How Vulnerable Is Your Vehicle?
Assessing whether your vehicle is vulnerable to a cyber attack is simple. If you drive a car that can connect to the internet or a cellular network, such as an OnStar equipped car, your car will be more vulnerable than others. If your car has wireless communication features that link to the engine, central computer, or other parts of the vehicle, such as a remote start or remote kill-switch, then your vehicle may also be susceptible.
However, even if your car doesn't have wireless features, if a hacker is able to find a way to plug into your vehicle, they may be able to take over the internal computer systems. Fortunately, incidents of car hacking are exceedingly rare, and as of yet, are not something to be concerned about.
Good news for drivers of older vehicles: Cars made in the mid-1990s and earlier are essentially hack-proof, though brake lines can always be cut, so don't go making enemies.
Related Resources:
- Federal Automated Vehicles Policy (PDF) (NHTSA)
- Lawsuit: Heart Devices Are Vulnerable to Hackers (FindLaw's Common Law)
- Samsung Products Keep Blowing Up, Literally (FindLaw's Common Law)
- Insulin Pumps Are Vulnerable to Hacking (FindLaw's Common Law)