Senators Inquire into Carmakers Reporting Cyber Security Risks
Aug. 23, 2019—United States Senators Ed Markey and Richard Blumenthal wrote this week to the National Highway Traffic Safety Administration (NHTSA). They inquired into whether the carmakers have reported cybersecurity vulnerabilities in their internet-connected cars and what steps NHTSA is taking to address the problem.
The senators called for the answers from America's top car safety regulator in response to Consumer Watchdog's recent report, "Kill Switch: How Connected Cars Can Be Killing Machines and How to Turn Them Off." The report, prepared with the help of car industry technologists, found that all the top 2020 cars have internet connections to safety critical systems that leave them vulnerable to fleet-wide hacks.
"According to a recent report, companies such as BMW, Daimler Chrysler, Ford, General Motors, and Tesla have acknowledged the dangers of internet-connected cars to their investors and shareholders, but have not disclosed these same risks to the public at large," Senators Markey and Blumenthal wrote to NHTSA Deputy Administrator Heidi Kingtoday. "We are concerned that consumers are purchasing internet-connected vehicles without sufficient safety warnings..."
They asked NHTSA to answer the following questions:
- Has NHTSA ever been notified of malicious hacking attempts against or vulnerabilities in internet-connected cars?
- If NHTSA was notified of any such attempts, what actions did NHTSA take in response to the information?
- Further, if NHTSA was notified, why was the public not informed of the cyber risks?
- What actions has NHTSA taken, and what actions does NHTSA plan to take, in order to address the cyber vulnerabilities?
- Does NHTSA have a formal process in place to receive reports of hacking?
- In the event of a cyber incident, what entity would be expected to provide public disclosure?