Sens. Ed Markey, D-Mass., and Richard Blumenthal, D-Conn., are asking the National Highway Traffic Safety Administration (NHTSA) about what the senators called a lack of public disclosure about cyber vulnerabilities in internet-connected vehicles, and suggested that the government may want to consider taking “possible regulatory action” to remedy that lack of public information.
In an Aug. 22 letter to NHTSA Deputy Administrator Heidi King, the senators referenced a report stating that vehicle makers have “acknowledged” the dangers of internet-connected cars to their investors, “but have not disclosed these same risks to the public at large.”
“We are concerned by the lack of publicly-available information about the occurrence and handling of cyber vulnerabilities in cyber connected cars, and believe that NHTSA should be aware of these dangers in order to take possible regulatory action,” the senators said.
“Connected vehicles can potentially be hacked and remotely controlled by malicious actors, creating risks not only to the lives of car drivers and passengers, but also to pedestrians and property along the road,” they said.
According to Sens. Markey and Blumenthal, about 50 million cars on U.S. roads have “safety-critical systems that are connected to the internet,” and by 2022 about two-thirds of new cars will have internet-connected features and systems.
The senators asked King to respond by Sept. 13 to a list of questions including whether NHTSA has ever been notified of malicious hacking attempts against internet-connected cars, what actions it may have taken in response, whether the agency has a formal process in place to receive reports of hacking, and what actions NHTSA plans to take to address cyber vulnerabilities and safety risks posed by internet-connected cars.
Last month, the senators reintroduced the SPY Car (Security and Privacy in Your Car) Act that would directly NHTSA and the Federal Trade Commission to establish federal standards to ensure cybersecurity in computerized vehicles.