Car manufacturers have acknowledged cyber vulnerabilities to investors but not to the public


Washington (August 22, 2019) – Senator Edward J. Markey (D-Mass.) and Senator Richard Blumenthal (D-Conn.), members of the Commerce, Science and Transportation Committee, today sent a letter to the National Highway Traffic Safety Administration (NHTSA) inquiring about any information it has, and any actions it has taken, regarding the cyber vulnerabilities of internet-connected cars. Connected vehicles can potentially be hacked and remotely controlled by malicious actors, creating risks not only to the lives of car drivers and passengers, but also to pedestrians and property along the road. According to a recent report, companies such as BMW, Daimler Chrysler, Ford, General Motors, and Tesla have acknowledged the dangers of internet-connected cars to their investors and shareholders, but have not disclosed these same risks to the public at large.


“We are concerned by the lack of publicly available information about the occurrence and handling of cyber vulnerabilities in internet-connected cars, and believe that NHTSA should be aware of these dangers in order to take possible regulatory action,” write the Senators to NHTSA Deputy Administrator Heidi King.


A copy of the letter can be found HERE.  


Today, there are approximately 50 million cars on U.S. roads with safety-critical systems that are connected to the internet. By 2022, two-thirds of all new cars will include internet-connected features and systems.


In their letter to NHTSA, Senators Markey and Blumenthal ask questions that include:

  • Has NHTSA ever been notified of malicious hacking attempts against or vulnerabilities in internet-connected cars?
  • If NHTSA was notified of any such attempts, what actions did NHTSA take in response to the information? If no action was taken, why not?
  • Does NHTSA have a formal process in place to receive reports of hacking or vulnerabilities in internet-connected cars?
  • What actions has NHTSA taken, and what actions does NHTA plan to take, in order to address the cyber vulnerabilities and public safety risks created by the increasing number of internet-connected cars on U.S. roads?


In July, Markey and Blumenthal reintroduced the Security and Privacy in Your Car (SPY Car) Act, legislation that directs NHTSA and the Federal Trade Commission to establish federal standards to ensure cybersecurity in increasingly computerized vehicles and to protect drivers’ privacy.