House Committee Probing Auto Cybersecurity
Members of the U.S. House Energy and Commerce Committee last week sent letters to 17 automakers, requesting information about the auto industry’s measures to address cybersecurity challenges as vehicles become more connected.
The May 28 letters express concerns about the potential for hackers to assume control of vehicle systems over the Internet. The letters also urge the industry and the National Highway Traffic Safety Administration to work together to develop strategies to mitigate any growing risks.
Committee members also sent a letter to NHTSA Administrator Mark R. Rosekind, asking for details about the agency’s means for evaluating, testing and monitoring potential cyber vulnerabilities.
“Connected cars and advancements in vehicle technology present a tremendous opportunity for economic innovation, consumer convenience, and public health and safety,” the letters state. “These benefits, however, depend on consumer confidence in the safety and reliability of these technologies. While threats to vehicle technology currently appear isolated and disparate, as the technology becomes more prevalent, so too will the risks associated with it. Threats and vulnerabilities in vehicle systems may be inevitable, but we cannot allow this to undermine the potential benefits of these technologies.”
The letters to automakers and NHTSA pose a series of questions and request responses by June 11. Rep. Fred Upton (R-Mich.) chairs the House Energy and Commerce Committee.
Some of the questions posed to the automakers include:
- What are the greatest challenges to cybersecurity in the automobile industry?
- What policies, procedures, and practices do you employ to evaluate potential cyber vulnerabilities during the design, implementation and testing of vehicle components or technology?
- Who within your organization structure is responsible for evaluating, testing, and monitoring potential cyber vulnerabilities in your products?
- How do you work with suppliers to minimize, evaluate, and address potential vulnerabilities in the supply chain?
- What steps have you taken to evaluate how connected elements, such as in-vehicle Wi-Fi and infotainment services, connect to or interact with vehicle safety systems and/or functions?
- How is the automobile industry working with the federal government to address the challenge of cybersecurity?
The letters were mailed to General Motors, Ford, FCA US, Toyota, Honda, Nissan, Hyundai, Mazda, Mitsubishi, Kia, Subaru, Mercedes Benz, Volvo, Volkswagen, Audi, Porsche and Tesla.
To view copies of the letters, click here. To view a Consumer Reports video about NHTSA's efforts to prevent cybersecurity threats, click here.