April 25, 2017

April 24, 2017

Subscribe to Latest Legal News and Analysis

Cybersecurity: Yes, They Will Hack Your Car

Auto manufacturers are increasingly equipping vehicles with rapidly advancing technologies, raising concerns regarding how the public will be affected by these changes. Manufacturers are beginning to implement automated driving and vehicle-to-vehicle (V2V) communication capabilities into their cars, extending potential cybersecurity threats and associated safety issues to road users.

Auto Traffic, NightimeAs consumers, we already see cybersecurity threats and breaches in many areas of our day-to-day lives. With the spike of auto-driven and connected cars across the auto industry, these same threats and breaches have a strong potential to sprout in our lives on the road as well.

NHTSA has outlined the factors it will consider in evaluating cybersecurity threats as potential safety-related defects. They are as follows:

  • The amount of time elapsed since the vulnerability was discovered (e.g., less than one day, three months, or more than six months)

  • The level of expertise needed to exploit the vulnerability (e.g., whether a layman can exploit the vulnerability or whether it takes an expert to do so)

  • The accessibility of knowledge of the underlying system (e.g., whether how the system works is public knowledge or whether it is sensitive and restricted)

  • The necessary window of opportunity to exploit the vulnerability (e.g., an unlimited window or a very narrow window)

  • The level of equipment needed to exploit the vulnerability (e.g., standard or highly specialized)

Additionally, NHTSA’s guidance suggests policies that manufacturers :

  • Participating in the Automotive Information Sharing and Analysis Center (Auto-ISAC), which became fully operational in January 2016

  • Developing policies around reporting and disclosure of vulnerabilities to external cybersecurity researchers

  • Instituting a documented process for responding to incidents, vulnerabilities, and exploits and running exercises to test the effectiveness of these processes

  • Developing a documentation process that will allow self-auditing, which may include risk assessments, penetration test results, and organizational decisions

  • For original equipment, developing processes to ensure vulnerabilities and incidents are shared with appropriate entities throughout the supply chain

  • As vehicle technologies continue to progress, we expect that NHTSA’s guidance will evolve to address future concerns

To continue reading through NHTSA’s enforcement plans on motor vehicle safety as it pertains to recent technological advances, be sure to check out Thursday’s post on automated vehicle regulations.

© 2017 Foley & Lardner LLP

TRENDING LEGAL ANALYSIS


About this Author

Partner

Christopher H. Grigorian is a partner with Foley & Lardner LLP. His practice focuses on federal motor vehicle safety law, antitrust, trade regulation and related litigation.

Mr. Grigorian represents motor vehicle manufacturers and major parts suppliers on National Highway Traffic Safety Administration issues, including recalls, defect investigations and related enforcement proceedings, compliance with Federal motor vehicle safety standards, rulemaking proceedings, FOIA and confidentiality matters, and other compliance issues under the...

202.672.5542
Nicholas Englund, Motor Vehicle Safety Attorney, Foley Lardner Law Firm
Special Counsel

Nicholas Englund is special counsel and business lawyer with Foley & Lardner LLP, and a member of the firm’s NHTSA & Motor Vehicle Safety Practice. Mr. Englund focuses his practice on federal motor vehicle safety law. He represents motor vehicle manufacturers and major parts suppliers on National Highway Traffic Safety Administration issues, including advising on safety-related and noncompliance recalls, investigations and enforcement proceedings, compliance with Federal motor vehicle safety standards, rulemaking proceedings, FOIA and confidentiality matters, and other compliance issues under the Motor Vehicle Safety Act, TREAD Act, and implementing regulations.

202.295.4792