Washington D.C. - Senators Edward J. Markey (D-Mass.) and Richard Blumenthal (D-Conn.), members of the Commerce, Science and Transportation Committee, today sent a letter to the National Highway Traffic Safety Administration (NHTSA), calling out the agency's "dangerously reactive approach to cybersecurity" in Internet connected cars.
Their letter questions NHTSA's "deafening silence" in response to demonstrated car hacks.
"We are very grateful that Senators Markey and Blumenthal are pressing NHTSA for answers as to why it is not monitoring and protecting against the hacking of Internet connected cars," said Jamie Court, president of Consumer Watchdog. "Our government needs a pro-active plan for the cybersecurity risks that spring from today's fleet of connected cars."
The Senators' inquiry springs from Consumer Watchdog's report, "Kill Switch: How Connected Cars Can Be Killing Machines and How To Turn The Off," which details the cyber security risks of connected cars.
The Senators' letters today also follows up on their prior inquiry about the cybersecurity risks of internet-connected cars.
In their original letter, the Senators asked NHTSA to share any information it has on the cyber vulnerabilities of connected cars, as well as any actions it is taking to protect the public from such threats.
In NHTSA’s reply, the agency claimed it is “not aware of any malicious hacking attempts that have created safety concerns for the motoring public.” However, this statement belies examples of demonstrated vulnerabilities in connected-cars and indicates a hands-off approach to this growing threat to public safety, the senators said.
Moreover, NHTSA’s reply revealed that the agency is also neglecting to oversee and keep the public informed about over-the-air (OTA) software updates designed to fix safety defects in cars without a physical recall.
“We are deeply troubled by NHTSA’s deafening silence in response to the repeated reports of vulnerabilities and risks of hacking of internet-connected cars,” write the Senators in their letter to Acting Administrator James Owens. “We believe NHTSA must end its dangerously reactive approach to cybersecurity and do more to protect consumers before a malicious attack leading to a fatality occurs.”
Internet-connected vehicles can potentially be hacked and remotely controlled by malicious actors, creating risks not only to the lives of car drivers and passengers, but also to pedestrians and property along the road.
In today’s letter, Senators Markey and Blumenthal ask questions that include:
- How is NHTSA proactively protecting the public from cybersecurity threats to internet-connected cars?
- Is NHTSA monitoring, and does it act, when researchers demonstrate successful hacks on connected cars?
- How does NHTSA monitor and respond to OTA software updates for internet-connected cars?
- Does NHTSA have the legal authority to change its regulations to require public disclosure of OTA software updates designed to correct safety-related defects?
- 30 -