On May 28, 2015, leaders on the U.S. House Energy and Commerce Committee from both parties wrote to the National Highway Traffic Safety Administration (NHTSA) and 17 auto manufacturers requesting information about plans to address cybersecurity issues in automobiles. The Committee leadership noted:
Connected cars and advancements in vehicle technology present a tremendous opportunity for economic innovation, consumer convenience, and public health and safety. These benefits, however, depend on consumer confidence in the safety and reliability of these technologies. While threats to vehicle technology currently appear isolated and disparate, as the technology becomes more prevalent, so too will the risks associated with it. Threats and vulnerabilities in vehicle systems may be inevitable, but we cannot allow this to undermine the potential benefits of these technologies. The industry has an opportunity to prepare for the challenges that advanced vehicle technologies present, and to develop strategies to mitigate risks.
The Committee then asked a series of questions related to how both the NHTSA and the industry is preparing for and evaluating potential cyber threats to automobiles. Several of the questions focused on the interaction between the federal government, industry, and the security research community.
Data security and automobiles is becoming an increasingly important issue as automobiles are no longer self-contained. At one point, the extent of a car’s interconnectivity was limited to the gps tracker. However, more and more components of automobiles interact with other systems outside the confines of the automobile. Today, insurance companies can remotely monitor a driver’s activities through the use of telematic sensors for purposes of setting premiums as a means of changing or supplementing traditional reliance on actuarial tables. This leads to questions about who owns the data. However, it also leads to additional questions about the security of these devices and whether additional systems that utilize similar technology could be compromised by a hacker.