Is The NHTSA Doing Enough To Identify Cybersecurity Flaws In Cars?

Governments are showing increasing concern over potential cybersecurity flaws in connected cars. Several members of the House Energy and Commerce Committee sent a letter to the National Highway Traffic Safety Administration (NHTSA) and 17 automakers, in which they asked who oversees efforts to identify vulnerabilities in cars.

“Modern vehicles are extremely complex machines reliant on multiple computers, networks and systems,” the members said. “Information technologies are inherently complex, and as a result are inherently vulnerable.”

There’s no question that connected cars are becoming the standard in auto manufacturing, with navigation and entertainment systems, Bluetooth and Wi-Fi now being very common in new vehicles. However, there are many researchers that have shown that these technologies are poorly protected from hackers, and the potential for dangerous problems has been raised, as even the car’s steering system could theoretically be co-opted by a cyberattacker.

“We are entering a new era in cybersecurity,” the lawmakers said. “The explosion of new, connected devices and services is exacerbating existing cybersecurity challenges and has introduced another potential consequence – the threat of physical harm – as products responsible for public health and safety are integrated into the internet ecosystem. This will be a significant challenge for the automobile industry. The integration and convergence of transportation and communication technologies in connected cars offers tremendous opportunity for innovation, improved performance, convenience and safety. All of these features, however, provide a gateway for potential threats.”

In the letter, it was noted that a current high-end vehicle contains approximately 100 million lines of code, “double that of the Windows Vista operating system and nearly 10 times that of a Boeing 787.” The lawmakers asked the NHTSA whether it tracks and evaluates cyber flaws in cars, as well as asking whether the agency is investigating the ways that outside connected devices, such as smartphones, could introduce additional vulnerabilities into a car’s system. The letter was also sent to many automakers, including GM, Ford, Tesla, Toyota, Honda and Volvo.

These are important ideas to consider, and Capitol Hill has been paying more attention to the potential dangers of connected cars in recent times as their prevalence has grown. Earlier this year, Sen. Ed Markey conducted an investigation into automakers’ cybersecurity practices, after which he concluded that the companies weren’t doing enough to prevent hacks.

“Even as we are more connected than ever in our cars and trucks, our technology systems and data security remain largely unprotected,” said Markey.