Editor’s Note: CRE discussed the need for the transatlantic coordination of cybersecurity regulation to prevent cyber defenses from becoming potential trade barriers, here. The NHTSA plans to protect vehicle-to-vehicle communications and other automotive cyber systems discussed below provides a concrete example of how such protections could become a non-tariff trade barrier. Specifically, vehicles manufactured in Europe (and Asia) will need the American cybersecurity requirements. Unless the EU either forgoes development of comparable cybersecurity requirements or adopts the American plan, manufacturers will be faced with the need to develop multiple and potentially redundant and/or conflicting compliance measures. Coordination between the EU and the US on regulatory cybersecurity could prevent such needless conflicts from occurring. It should be noted that CRE discussed the issue of NHTSA regulation of automotive cybersecurity here with respect to protecting the integrity of vehicle’s data.
Criminals increasingly are exploiting security weaknesses in technology systems to commit their crimes. Earlier this month, a 21st-century gang of thieves, which teamed up Internet hackers with small-time street thugs, stole $45 million from thousands of ATMs around the globe in a matter of hours. Some federal officials worry that cyber-criminals could target cars next, as motor vehicles incorporate, and rely on, more electronic systems in their operation systems.
“These interconnected electronic systems are creating opportunities to improve vehicle safety and reliability, but are also creating new and different safety and cybersecurity risks,” David Strickland, head of the National Highway Traffic Safety Administration (NHTSA) told the Senate Commerce Committee last week. “We don’t want to be behind the eight ball.”
Today’s cars rely less and less on mechanical functions, and more and more on the integration of electronic systems. When a driver steps on the accelerator in a modern car, electronic communications, rather than a series of mechanical actions, tell the engine to churn faster and the car to speed up. Electronics also control other systems in many cars today, including the fuel-injection system, ignition and automatic transmission. In fact, software and electronics on average account for 40 percent of a vehicle’s production costs.
So far, there haven’t been any known cases of criminal attacks on automobiles’ electronic systems. But Strickland and other industry experts say hackers could potentially tap into these systems to steal cars, to eavesdrop on conversations or even to cause collisions. The NHTSA has proposed establishing a new Division of Vehicle Electronics and Emerging Technology to address potential vulnerabilities in vehicles’ electronic systems.
Strickland, appearing before the Commerce Committee, made the case for his agency’s budget requests for fiscal year 2014, beginning October 1, 2013, including $2 million for the new division. According to NHTSA’s budget overview, the funding that would be used to “address vehicle cybersecurity, conduct testing, acquire data and improve electronic systems reliability.”