The Hill: Driverless cars and digital security
https://thehill.com/opinion/op-ed/275273-driverless-cars-and-digital-security
General Motors has accelerated its plans to develop automated car technology by acquiring Cruise Automation. The company has also announced a partnership with Lyft to build an entire fleet of self-driving cars. The purchase of Cruise Automation and the $500 million deal between Lyft and the United States’s biggest automaker follows on the heels of investments by Google, BMW and Volvo in self-driving cars. President Obama also requested $4 billion in his 2017 budget proposal to test driverless cars over the next 10 years.
All this means one thing: A new era of mobility — a nationwide system of driverless transportation — may be a reality much, much sooner than anyone expected.
This new mobility age holds boundless promise to energize key sectors of our economy, to greatly expand public transport and to potentially save 300,000 American lives per decade. However, as members of the U.S. Congress dedicated to bipartisan work on issues of cybersecurity, we know this rapidly approaching driverless era poses a critical challenge in terms of digital security.
In 2013, security experts Charlie Miller and Chris Valasek hacked the computer software of a Ford Escape and a Toyota Prius, at one point unexpectedly slamming on the Toyota’s brakes while a driver was accelerating at high speed. Miller and Valasek’s subsequent remote hack of a Jeep Cherokee prompted a recall of 1.4 million Chrysler cars to fix a security vulnerability.
Increasing automation and Internet connectivity in cars is an incredible innovation nearly every automaker provides that enhances consumer’s lives and satisfaction. We must encourage continued private sector innovation; yet, as cars become more Internet-connected and automated, their software systems become vulnerable to malicious and potentially deadly attacks by hackers, criminals and even violent extremists.
Through public-private partnership, the federal government has an important role to play in securing the digital safety of an increasingly connected auto industry. Our bipartisan legislation, the Security and Privacy in Your (SPY) Car Study Act, is a first step in bringing industry, advocates and government together to encourage innovation while ensuring consumer protection. The bill requires the National Highway Safety Transportation Commission to conduct a one-year study, consulting with the Federal Trade Commission, National Institutes of Standards and Technology, the Department of Defense, industry leaders and higher education institutions to recommend a framework for regulating car automotive software, such as diagnostic, navigation and entertainment systems.
The SPY Car Study Act also puts a premium on exploring the strongest possible cybersecurity standards and privacy protections. Several car companies’ recent changes to their terms of service that allow them to sell user data collected from navigation and entertainment systems has called into question the security and privacy of millions of Americans driving today. As the “Internet of Things” brings technology and connectivity into our cars, and into every corner of lives, these cybersecurity protections become more vital than ever.
It’s something of a daunting challenge to balance disruptive technological innovation with federal safety and privacy protections. As a result, all applicable government agencies need to be on the same page when assessing a cyber threat or measuring a cyberattack. A clear standard of measurement is the foundation of a rapid and effective response by the federal government to a variety of complex cyber threats, like the threats to connected cars.
As the future of driverless cars rapidly arrives, the public and private sectors must work together to ensure that a car can never become a weapon. It remains critical that the federal government leverage the expertise and research that the private sector has already invested in this critical issue. Joint accountability and innovation will help us get car cybersecurity right.