Network Security, Threat Management

Automakers, Uber, Google form Self-Driving Coalition for Safer Streets as GAO releases vehicle cybersecurity report

Google, Uber, Lyft, Ford, and Volvo joined forces to create the Self-Driving Coalition for Safer Streets to lobby for federal action to help bring self-driving cars to the market just one day after the Government Accountability Office (GAO) released a report on connected automobile security.

The coalition said in an April 26 statement it will "work with lawmakers, regulators and the public to realize the safety and societal benefits of self-driving vehicles."

Former National Highway Traffic Safety Administration (NHTSA) Administrator David Strickland, who issued the first-ever automated vehicle policy during his tenure, will serve as the coalition's counsel and spokesperson.

He said in the statement that self-driving vehicle technology will make America's roadways safer and less congested.

“The best path for this innovation is to have one clear set of federal standards, and the Coalition will work with policymakers to find the right solutions that will facilitate the deployment of self-driving vehicles,” Strickland said.

The coalition will impact the future of transportation safety, Lyft Director of Product Taggart Matthiesen said in comments emailed to SCMagazine.com. “Eventually, the world will move to one where autonomous vehicles are a major mode of transportation.” 

“They'll increase accessibility, affordability -- and importantly, improve safety," he said. "Working with this coalition is a great way to impact the future of transportation and our cities."

Separately, the GAO released its vehicle cybersecurity report after being tasked with reviewing information security issued that could impact passenger safety in modern vehicles and finding that the majority of selected industry stakeholders felt wireless attacks were a serious concern.

The report said that 23 out of 32 stakeholders queried agreed that wireless attacks, like those exploiting vulnerabilities in vehicles' built-in cellular-calling capabilities, would pose the largest risk to passenger safety.

However, others stakeholders said those attacks haven't been replicated outside of the research community and remain difficult to carry out because of the expertise needed.

Stakeholders also recognize the need to implement “domain separation” or separate certain connected systems to improve the safety of connected vehicles, the report found, with 22 out of 32 respondents saying that automakers should locate safety-critical systems and non-safety-critical systems on separate in-vehicle networks and limit communication between the two.

“However, some of these stakeholders also pointed out that complete separation is often not possible or practical because some limited communication will likely need to occur between safety-critical and other vehicle systems,” the report said.

To address these and other issues mentioned in the report, the GAO recommended that “the Secretary of Transportation should direct NHTSA to work expeditiously to finish defining and then to document the agency's roles and responsibilities in response to a vehicle cyberattack involving safety-critical systems." That information should include "how NHTSA would coordinate with other federal agencies and stakeholders involved in the response.”

Rep. Ted Lieu (D-Calif.), who is pushing for legislation to better secure connected vehicles, said the study highlighted the fact that “interconnected cars offer opportunities for safer highways, but also increase the risk that cyberattacks could turn our cars into weapons or paralyze an entire city,” according to an April 26 press release.

“The GAO study confirms this and shows that progress is being made by both the Department of Transportation and automakers, but there are some glaring holes that need to be addressed quickly,” he said.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.