New bill to protect vehicles from hackers

By Tyson Fisher, Land Line staff writer | 7/23/2015

As motor vehicles begin to rely more on smart technology, the threat of vehicle hacking becomes more of a reality. Sens. Edward Markey, D-Mass., and Richard Blumenthal, D-Conn., have introduced a bill that addresses the issue of compromised vehicle databases.

Titled Security and Privacy in Your Car Act – or SPY Car Act – the bill attempts to set safety standards for manufacturers for what the bill describes as “critical software systems.” Although it is unclear what the exact standards are, the SPY Car Act requires manufacturers to equip vehicles with “reasonable measures” against hacking.

Although parts of the bill remain ambiguous in its early stages, SPY Car Act explicitly protects vehicle data physically and in the air. Not only will onboard data physically stored in the vehicle be protected, but information being sent wirelessly from or to the vehicle also falls within the guidelines.

In much the same way that financial institutions send annual statements of privacy standards to customers, the bill will require all new vehicles to display a “cyber dashboard” on the window sticker. This document will clearly and concisely inform potential buyers how their security and privacy is protected.

The buyer of a new vehicle will have the right to disable the collection and storage of driving data while still having access to navigation tools and other features. Exempt from opting out is information in systems required for post-incident investigations, emissions history checks, crash avoidance/mitigation or other regulatory compliance programs.

Information stored will also be protected from the use of advertising and marketing even if the owner has not clearly opted out.

In consultation with the Federal Trade Commission, the National Highway Traffic Safety Administration will be in charge of regulating and enforcing the act. Violators are punishable by a civil penalty of not more than $5,000 for each violation.

Despite heavy security measures, hackers have found a way to gain access into the computer systems of large corporations. Last September, more than 100 million payment cards and emails were stolen from Home Depot’s database. The retail industry went into a panic in 2013 after 110 million credit card numbers were stolen from Target’s database.

Even data secured by the government is vulnerable to hacking. In May, more than 100,000 taxpayers’ personal financial information was stolen after a data breach conducted by a cybercrime group.

Copyright © OOIDA