The SPY Car Study Act would charge the involved parties with the tasks of identifying necessary security efforts.
The SPY Car Study Act would charge the involved parties with the tasks of identifying necessary security efforts.

A bipartisan group of legislators recently proposed a bill that would call for federal regulating agencies and other industry professionals to study how to secure connected vehicles.

The bill, known as the Security and Privacy in Your Car Study Act of 2017 or SPY Cart Study Act, would require the National Highway Traffic Safety Administration, the Federal Trade Commission, the National Institutes of Standards and Technology, the Department of Defense, OEMs and suppliers, SAE international, and academics and other industry experts to come up with a set of appropriate cybersecurity standards for new vehicles.

The SPY Car Study Act would charge the involved parties with the tasks of identifying necessary isolation measures necessary to separate critical software systems, measures to detect and prevent or minimize in the software systems of motor vehicles anomalous codes associated with malicious behavior, techniques to detect and prevent, discourage, or mitigate intrusions into the software systems of motor vehicles and other cybersecurity risks in motor vehicles.

The bill would also require them to identify best practices for securing driving data collected by the vehicle and a timeline for implementing systems and software that reflect said measures. A preliminary report would be due no later than a year after the act is enacted and a final report would be due no later than six months afterwards.

While it may fall short of all the issues in connected vehicles, New York University Assistant Professor Justin Cappos told SC Media the bill is a good start.

"While the study does not emphasize all of the areas I would like, it is an important step toward understanding security problems in the automotive space and potential fixes for them," Cappos said.

He added that the bill should also include measures about promptly patching security bugs when they are spotted.