Report: Cars are Vulnerable to Cyber Attack

U.S. Senator Edward Markey issued a report raising concerns about the ability of hackers to remotely take control of cars or steal personal information from increasingly sophisticated IT systems.

by Brent Snavely, Detroit Free Press / February 10, 2015

(TNS) -- U.S. Senator Edward Markey is calling on the U.S. automotive industry to adopt a rating system that would tell consumers how well cars are able to prevent cyber-security attacks.

Markey, D-Mass., issued a report today that raises concerns about the ability of hackers to remotely take control of cars or steal personal information from the car's increasingly sophisticated information technology systems.

The senator's report comes as the industry itself has become increasingly concerned about both cybersecurity and privacy issues even though there hasn't been a single documented hacking incident.

Today's cars and light trucks typically contain more than 50 electronic control units -- effectively small computers -- that are part of a network in the car. And most new cars include wireless entry points to these computers, such as tire pressure monitoring systems, Bluetooth, Internet access, keyless entry, remote start, navigation systems, Wi-Fi, anti-theft systems and cellular-telematics, the report said.

Markey said the industry should consider adopting a rating system similar to the Insurance Institute for Highway Safety's crash test ratings.

"I think what we need to say to the federal government is: Put up safety ratings on the vehicle as people are purchasing it," Markey said today during an appearance on CBS This Morning. "We now need a rating system for security for safety of that vehicle."

Markey collected information from 16 different automakers. The report concludes that their responses, "reveal there is a clear lack of appropriate security measures to protect drivers against hackers who may be able to take control of a vehicle or against those who may wish to collect and use personal driver information."

Today's new cars are full of computer chips, sensors and nanotechnology controlled by up to 100,000 lines of software code.

"My study indicated that many in the automotive industry don't even fully understand what the implications are of moving to this new computer based era," Markey said on CBS This Morning. "I think that is frightening."

Markey also says the data collected by the information technology systems in cars is "largely unprotected."

Last fall, David Friedman, who was the acting administrator of the National Highway Traffic Safety Administration at the time, called on automakers to develop uniform industry standards.

"The time is now: We need to make sure we move forward aggressively on cybersecurity," said Friedman, who is now the agency's deputy administrator.

Last July, the Alliance of Automobile Manufacturers and the Association of Global Automakers notified NHTSA that they want to share information to improve cybersecurity so that the industry can develop standards.

In November, the Alliance introduced a set of privacy principles build on what automakers have already been doing, and said the industry is committed both to protecting the security of vehicles and consumers' private information.

"The industry is in the early stages of establishing a voluntary automobile industry sector information-sharing and analysis center -- or other comparable program -- for collecting and sharing information about existing or potential cyber-related threats," the Alliance said in a statement.

"But even as we explore ways to advance this type of industry-wide effort, our members already are each taking on their own aggressive efforts to ensure that we are advancing safety," the statement said.

©2015 Detroit Free Press

Platforms & Programs