IE 11 Not Supported

For optimal browsing, we recommend Chrome, Firefox or Safari browsers.

Michigan Senator Wants Auto Industry to Lead Vehicle Cyberdefense

Sen. Gary Peters is hoping that the private industry will take measures to protect driver information and build defenses to vehicle hacking rather than the federal government.

(TNS) -- Sen. Gary Peters said today he would prefer if automakers and suppliers, rather than government regulators, would deal with the threats of hackers redirecting vehicles or stealing a driver's personal information, but keeping up with hackers' ability to disrupt may stymie regulators and engineers alike.

"The way to prevent Congress from pushing it further is for the industry to step up," said Peters, who took part in the TU-Automotive Cybersecurity USA conference in Novi. "The technology is moving so fast that the problem will be the regulators not being able to keep up."

That is a more industry-friendly position than that taken two weeks ago by Sens. Edward Markey, D-Mass., and Richard Blumenthal, D-Conn., who during a Senate hearing suggested Congress establish standards that would protect drivers' information and security as their vehicles become more sophisticated.

"Witnesses sat here 30 years ago and said the same thing about air bags and seat belts," Markey said. "So I understand the consistency over the decades. At the same time, people expect air bags to protect their children. And they're going to expect certain standards across the board that are going to protect people."

Another approach could be to update and enforce existing criminal laws against computer hacking. Many hackers escape detection and even become heroes.

"There needs to be a deterrent to this activity," Peters said. "The government could make a difference by more aggressive enforcement and punishing the hackers. There are statutes that apply, but we need to toughen them."

There are two broad areas of concern. The first is the privacy of consumers' data, an increasing amount of which will be collected in their cars as vehicles become smartphones/laptops on wheels.

The second is the risk that external parties can hack and redirect the software that handles the vehicle's steering, acceleration or braking.

That risk took on a higher profile last summer when Wired magazine put a reporter in a Jeep Cherokee that had been hacked. Two hackers, Charlie Miller and Chris Valasek, who had been working on ways to penetrate the Chrysler Uconnect infotainment system, then took control of mulitple functions in the Cherokee from the climate controls to the stereo volume to ultimately cutting off the engine.

Shortly thereafter, Fortune magazine published a graphic pointing out 15 access points of a vehicle through which hackers could wreak havoc.

Earlier this month, the FBI, U.S. Department of Transportation and National Highway Traffic Safety Administration issued a public service announcement warning drivers about the threat of over-the-Internet attacks on cars and trucks.

Even so, very few if any incidents of hijacking by hacking have been proven.

David Strickland, former head of NHTSA and now an auto safety consultant, said all industries are facing a shortage of trained software coders with the savvy to prevent these attacks.

"There are 200,000 unfilled cybersecurity jobs in the country, and there's a lack of testing capacity," Strickland said.

The new American Center for Mobility, to be built on the site of the former World War II B24 bomber factory in Willow Run, will enable automakers and suppliers to test their connected vehicle and autonomous technology after it opens.

Peters said the state of Michigan has committed $20 million for the project with about $60 million more expected to come from a combination of the federal government and private funds raised from the participating companies.

NHTSA currently has a Vehicle Research and Testing Center on the site of a former Honda test track in East Liberty, Ohio.

Meanwhile, one strategy for automakers and suppliers may be to hire actual or potential hackers who can show them how to make existing software more secure.

©2016 the Detroit Free Press Distributed by Tribune Content Agency, LLC.