Traffic Safety Agency Calls Vehicle Cyber Security Standards

The U.S. Government’s lead agency for vehicle safety has told Congress that more research into “vehicle cyber security” to address the threats to a coming generation of networked automobiles that connect to the public Internet and to each other.

In testimony before Congress on Thursday,  David Strickland, the chief Administrator for the National Highway Traffic Safety Administration (NHTSA) told a Senate Committee that the electronics systems are “critical to the functioning” of modern autos, and are becoming increasingly interconnected, leading to “different safety and cyber security risks.”  The agency is requesting $2 million in the 2014 budget to research “vehicle electronics and emerging technologies” with an eye to developing requirements for the safety and reliability of vehicle controls.

“With electronic systems assuming safety critical roles in nearly all vehicle controls, we are facing the need to develop general requirements for electronic control systems to ensure their reliability and security,” Strickland told the Senate Committee on Commerce, Science and Transportation Thursday.

NHTSA has created a special division, the Electronics Systems Safety Research Division, which will focus on issues like software security and its implications on vehicle electronics and automotive engineering. Software reliability is one of five focus areas that NHTSA would research, should funding become available.

NHTSA says that it will take a page out of other industries that have addressed electronic system failures in the context of “loss of life,” such as medicine devices and aviation. On the issue of cyber security, NHTSA wants to “build of relevant voluntary industry standards” to “evaluate what manufacturers are already doing.” The goal is to develop a basic understanding of what threats exist and how they can be addressed in the vehicle environment, Strickland said.

That would include the emerging area of vehicle to vehicle communications, in which cars on the road can relay information to each other on their location, speed and so on. Strickland told the Senate that NHTSA would look at a “defense-in-depth” approach for security Vehicle-to-vehicle (V2V) communications, “managing threats to ensure that the driver cannot lose control and that the overall system cannot be corrupted to send faulty data”.

Auto manufacturers are already marketing a wide range of safety features that use onboard sensors to take control away from the driver, specifically in luxury autos and in areas such as accident avoidance. However, onboard sensors of various types been standard issue on U.S. cars since 2008. Security researchers have shown that, often, those sensors have few or any security protections built in, making them susceptible to tampering.

In 2010, for example, researchers at Rutgers University and the University of South Carolina showed how electronic control units (ECUs) used as tire pressure sensors could be used to track vehicles, or hacked and used to feed bad data to the car. 

Comments are closed.