Cybersecurity

House members ask: Who’s looking for cyber flaws in cars?

House lawmakers want to know who’s looking for cybersecurity flaws in cars.

Several members of the House Energy and Commerce Committee on Thursday sent a letter to the National Highway Traffic Safety Administration (NHTSA) and 17 automakers asking who oversees efforts to root out vulnerabilities in automobiles.

{mosads}“Modern vehicles are extremely complex machines reliant on multiple computers, networks and systems,” the members said. “Information technologies are inherently complex, and as a result are inherently vulnerable.”

Connected cars are becoming the standard in auto manufacturing. Navigation and entertainment systems, Wi-Fi, Bluetooth and keyless locks are commonplace in new cars.

But researchers have repeatedly shown these technologies to be poorly protected from hackers. Even the car’s steering system can be co-opted by a cyberattacker.  

“We are entering a new era in cybersecurity,” the lawmakers said. “The explosion of a new, connected devices and services is exacerbating existing cybersecurity challenges and has introduced another potential consequence — the threat of physical harm — as products responsible for public health and safety are integrated into the Internet ecosystem.”

The letter noted a current high-end car contains roughly 100 million lines of code, “double that of the Windows Vista operating system and nearly 10 times that of a Boeing 787.”

The lawmakers asked the NHTSA, a standards setting agency for vehicle and highway safety, whether it tracks and evaluates cyber flaws in cars. They also asked whether the agency is investigating how outside connected devices like smartphones could introduce vulnerabilities into a car’s system.

The letter was also sent to top automakers like GM, Ford and Volvo.

Over the past year, Capitol Hill has been paying greater attention to the potential dangers of connected cars.

Sen. Ed Markey (D-Mass.) conducted an investigation into automakers’ cybersecurity practices, concluding the companies weren’t doing enough to prevent hacks.

“Even as we are more connected than ever in our cars and trucks, our technology systems and data security remain largely unprotected,” Markey said after releasing his study in February.