Markey, Blumenthal Continue Investigation of Automotive Cybersecurity and Privacy Practices
Lawmakers have introduced legislation to establish federal standards to secure cars from cyberattack and protect drivers’ privacy
Washington (September 16, 2015) – Continuing the investigation begun by Senator Edward J. Markey (D-Mass.) in 2013, Senator Markey and Richard Blumenthal (D-Ct.) today sent new, expanded queries to 18 automakers asking for an update to the information on each company’s protections against the threat of cyberattacks or unwarranted invasions of privacy related to the integration of electronic systems into and within automobiles. Additionally, the Senators ask the companies for a description of any changes to their vehicle fleet or characteristics, policies, practices and experiences that may have occurred since the company first responded to Senator Markey’s original letter.
Last year, Senator Markey released the report “Tracking & Hacking: Security & Privacy Gaps Put American Drivers at Risk,” which detailed major gaps in how auto companies are securing connected features in cars against hackers. Most recently, researchers Chris Valasek and Charlie Miller wirelessly hacked a Jeep Cherokee from miles away while the vehicle was on a highway, showing how hackers could control the air conditioning, windshield wipers and fluid, radio, transmission, the brakes and steering. As a result of the demonstration, Fiat Chrysler recalled 1.4 million vehicles to fix this vulnerability. In July, the Senators wrote to the National Highway Traffic and Safety Administration (NHTSA) urging it to take immediate action and investigate potential widespread risk for consumers because of vulnerabilities in auto information and entertainment systems.
“As vehicles become increasingly connected to the Internet and to one another through advanced features and services, we continue to see how these technologies present vulnerabilities that can compromise the safety and privacy of drivers and passengers,” write Senators Markey and Blumenthal, members of the Commerce, Science and Transportation Committee. “We have specifically learned how third parties can access the electronic controls and data of vehicles from many different entry points, including wireless connections, and we appreciate that many automotive companies have begun to take concrete steps to close these security gaps.”
A sample copy of the Senators’ letter to automakers can be found HERE.
Senators Markey and Blumenthal sent letters to Aston Martin, BMW North America, Fiat Chrysler, Ford Motor Company, General Motors, American Honda Motor Co., Hyundai Motors North America, Jaguar Land Rover North America, Lamborghini, Mazda North America, Mercedes Benz USA, Mitsubishi, Nissan North America, Porsche, Subaru Motors America, Tesla, Toyota North America, Volkswagen Group of America (with Audi), and Volvo.
In July, Senators Markey and Blumenthal introduced the Security and Privacy in Your Car (SPY Car) Act, legislation that would direct NHTSA and the Federal Trade Commission to establish federal standards to secure our cars and protect drivers’ privacy. The SPY Car Act also establishes a rating system — or “cyber dashboard”— that informs consumers about how well the vehicle protects drivers’ security and privacy beyond those minimum standards.