Security Architecture, Endpoint/Device Security, IoT, Security Strategy, Plan, Budget, Governance, Risk and Compliance, Compliance Management, Government Regulations, Privacy, Endpoint/Device Security, Endpoint/Device Security, Endpoint/Device Security

Automakers urge Congress to limit regulation on ‘Internet of Cars’

Automotive executives urged Congress Wednesday to limit legislation concerning connected automobiles while discussing cybersecurity and car hacking and at the “Internet of Cars” hearing held before two House subcommittees. 

The hearing highlighted the efforts that automakers are making to address cybersecurity concerns as well as to give members of the Subcommittee on Information Technology and the Subcommittee on Transportation and Public Assets an opportunity to learn more about connected vehicles.

Tesla's head of business development Diarmuid O'Connell told the committee members “regulation at a time of rapid innovation runs the risk of limiting the realization of the full extent of safety advances,” in his testimony

O'Connell added that overzealous or premature regulation that does not allow for innovation or creative solutions can actually deter and block safety innovations.

Toyota's head of connected services, Sandy Lowenstein urged the lawmakers to review existing laws to ensure they are adequately protect against malicious car hacking by providing clarity to the Computer Fraud and Abuse Act.  

Automotive representatives also discussed measures that could be taken to protect the physical components of vehicles from cyber attacks as well.

Dean C. Garfield, President and CEO Information Technology Industry Council, said in his testimony that automakers should take on the approach of “security by design.”

“Security must be built into both hardware and software at the outset to ensure there are redundancies, to help prevent intrusions, and to create secure and trusted IoT systems that are more secure,” Garfield said adding that automakers could consider building fuses into chips that will pop if an attacker attempts to rewrite code.

Privacy concerns from the data collected and shared between connected automobiles were also highlighted during the discussion.

Khaliah Barnes, associate director and administrative law counsel of the Electronic Privacy Information Center, said that legislation should be proposed to protect and clarify user privacy

"Every day without car privacy and safety protections places countless drivers at risk of having their personal information — or worse, their physical safety — compromised," Barnes said in her testimony.

Barnes pointed out that some cars collect personal information which could be turned over to law enforcement and create surveillance concerns.

She also noted that drivers risk having their sensitive driving and vehicle data disclosed or sold to unknown third parties for marketing purposes similar to how OnStar discloses account and vehicle information to nameless third parties “for joint marketing initiatives.”   

Last month auto industry professionals debated proposed legislation to outlaw car hacking at a different hearing in light of high-profile vulnerabilities that were exposed in Fiat Chrysler and GM vehicles.

Representatives from General Motors (GM) and The U.S. Department of Transportation, National Highway Traffic Safety Administration also testified. 

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.