Automobile Cybersecurity Policy
Nathan Butler, ‘17
The vehicles used on American roads today have become extremely sophisticated. They have Bluetooth and wireless capabilities and use computers for anything from engine performance analysis to onboard navigation. Manufacturers can wirelessly monitor efficiency, update a vehicle’s systems, and even shut down the cars of customers who have not paid their loans. The cars of today--and of the future--rely on computers.
However, the debate on cybersecurity for cars tends to jump straight to the development of self-driving cars. These vehicles are still years away from ruling the roads of America, but the issue of securing onboard computers is at the forefront of issues in automobile cybersecurity today. In 2013, DARPA conducted an experiment in which researchers were able to hack into two cars (both 2010 model years) with nothing but a laptop and were able to control speed and dashboard readings, cut the brakes, and even steer the car. As a result, Senator Ed Markey launched an investigation into the current security measures implemented by manufacturers. He found that not only are there currently no compulsory industry standards, but manufacturers’ commitment to the security of onboard computers is inconsistent and variable.
Since the release of Markey’s report, the auto industry has finally shown signs of addressing the issue and beefing up security. Various organizations are working with manufacturers to increase security and make it harder for hackers to access car computers.
Even though companies are taking steps in the right direction, there are currently no cybersecurity standards to which auto manufacturers in the US are held accountable. This vulnerability, and the lack of enforceable policy, pose a hazard to all drivers and passengers, as a vehicle infected with malware could suddenly veer off course and cause accidents, severe injury, or death. Senator Markey is propelling legislation in Congress to set cybersecurity standards for cars, and independent companies have proposed industry policies such as I Am the Calvary’s 5 star Automotive Cyber Safety Framework. As policy surrounding the issue develops and evolves, it is of paramount importance to examine each policy and determine its effectiveness so that when the dust settles and a course is decided, consumers can know that their car is secure.
My research has three areas of focus. First, I intend to document and describe the current cybersecurity issues facing automobile manufacturers. There are many parties involved, and gaining a clear picture of the major players both in policy side and in technology will determine the parameters of my study. Second, I aim to determine why manufacturers are having trouble implementing tighter security measures and what problems they are facing in developing industry-wide standards. Senator Markey’s study does a great job in determining what is wrong, but not why it is wrong. Lastly, I intend to analyze all current proposed policies and determine which policy is best from the viewpoints of manufacturers, consumers, and government. I hope to predict the effects of each policy on vehicle development in the future.