July 2, 2022

Volume XII, Number 183

Advertisement
Advertisement

July 01, 2022

Subscribe to Latest Legal News and Analysis

June 30, 2022

Subscribe to Latest Legal News and Analysis

June 29, 2022

Subscribe to Latest Legal News and Analysis

Navigating the Data Privacy Landscape for Autonomous and Connected Vehicles: Implementing Effective Data Security

Autonomous vehicles can be vulnerable to cyber attacks, including those with malicious intent. Identifying an appropriate framework with policies and procedures will help mitigate the risk of a potential attack.

The National Highway Traffic Safety Administration (NHTSA) recommends a layered approach to reduce the likelihood of an attack’s success and mitigate ramifications if one does occur. NHTSA’s Cybersecurity Framework is structured around the five principles of identify, protect, detect, respond and recover, and can be used as a basis for developing comprehensive data security policies.

NHTSA goes on to describe how this approach “at the vehicle level” includes:

  • Protective/Preventive Measures and Techniques: These measures, such as isolation of safety-critical control systems networks or encryption, implement hardware and software solutions that lower the likelihood of a successful hack and diminish the potential impact of a successful hack.

  • Real-time Intrusion (Hacking) Detection Measures: These measures continually monitor signatures of potential intrusions in the electronic system architecture.

  • Real-time Response Methods: These measures mitigate the potential adverse effects of a successful hack, preserving the driver’s ability to control the vehicle.

  • Assessment of Solutions: This [analysis] involves methods such as information sharing and analysis of a hack by affected parties, development of a fix, and dissemination of the fix to all relevant stakeholders (such as through an ISAC). This layer ensures that once a potential vulnerability or a hacking technique is identified, information about the issue and potential solutions are quickly shared with other stakeholders.

Other industry associations are also weighing in on best practices, including the Automotive Information Sharing and Analysis Center’s (Auto-ISAC) seven Key Cybersecurity Functions and, from a technology development perspective, SAE International’s J3061, a Cybersecurity Guidebook for Cyber-Physical Vehicle Systems to help AV companies “[minimize] the exploitation of vulnerabilities that can lead to losses, such as financial, operational, privacy, and safety.”

© 2022 Varnum LLPNational Law Review, Volume XII, Number 138
Advertisement
Advertisement
Advertisement
Advertisement
Advertisement
Advertisement

About this Author

Adam Brody, Partner, Varnum
Partner

Adam is a partner in the Litigation Practice Team concentrating on complex civil litigation in both state and federal courts. He has extensive first-chair experience, including trial, appellate, and alternative dispute resolution work. While Adam has experience in a broad range of matters, including intellectual property litigation, the defense of wrongful death claims, property tax litigation, and cases involving covenants not to compete, his work is primarily focused on commercial contract...

616-336-6461
John J. Rolecki Litigation Attorney Varnum Grand Rapids, MI
Partner

John represents clients in various types of complex commercial litigation and provides counsel on matters including regulatory compliance, licensing and insurance coverage. He has successfully represented clients in a range of litigation including contractual and supply chain disputes, unfair competition, creditors' rights, securities disputes and administrative actions. John's background in complex matters includes bringing cases to summary judgment, trial and courts of appeal in state and federal courts throughout the country.

Practice Areas

  • Insurance
  • ...
616-336-6398
Jeffrey M. Stefan II Auto and Emerging Technology Attorney Varnum Law Firm
Counsel

Jeffrey is a technology-focused corporate attorney with broad legal authority in autonomous and connected vehicles. He previously served as autonomous vehicle counsel for a major global automaker providing regulatory counsel and transactional support. Prior to that role, he supported the automaker's emerging technology portfolio, which included connected vehicle services and other advanced safety technologies.

Jeffrey helps his clients navigate the evolving legal and public policy landscape for new and emerging technologies. He additionally focuses on technology startups assisting...

313-481-7343
Andrea M. Gumushian Attorney Data Privacy Varnum Law DC California
Associate

Andrea is an associate on Varnum’s data privacy and mobility practice teams. She advises leading mobility and technology providers on domestic and international data privacy laws and regulations. Her practice includes drafting and reviewing data protection impact assessments, privacy policies and product-specific privacy notices. Andrea helps clients implement policies and procedures for responding to consumer rights requests and data breaches under the EU-GDPR and California Consumer Privacy Act. She also has experience reviewing vendor and customer contracts with a...

313-481-7347
Justin M. Wolber Corporate Attorney Varnum Law Grand Rapids
Associate

Justin has a variety of experience working in several areas of the law. He is a skilled researcher with experience in litigation, corporate, real estate, and employment matters. Justin has experience in drafting organization and entity formation documents, performing due diligence in corporate matters, and providing research on commercial litigation and employment law matters.

While in law school, Justin was a member of Notre Dame’s Jessup International Law Moot Court team and participated in Notre Dame’s London Law Program.

616-336-6952
Advertisement
Advertisement
Advertisement