Senators propose bills to improve cybersecurity for cars, planes

Dive Brief:

Sen. Richard Blumenthal, D-CT, and Sen. Ed Markey, D-MA, reintroduced two bills to address cybersecurity in vehicles and on airplanes in light of increasingly connected transportation devices.
The Security and Privacy in Your Car (SPY Car) Act would require the National Highway Traffic Safety Administration (NHTSA) and the Federal Trade Commission (FTC) to establish federal cybersecurity standards for vehicles as they increasingly become computerized. The FTC would devise a standardized, easy-to-understand ranking system and new vehicles would include a label showing consumers how well the vehicle protects a user's cybersecurity and privacy.
The Cybersecurity Standards for Aircraft to Improve Resilience (Cyber AIR) Act would require the disclosure of information related to cyber attacks on aircraft systems and new standards to find and fix aviation cyber vulnerabilities. It would also require a cybersecurity evaluation of consumer Wi-Fi on airplanes.

Dive Insight:

The SPY Car legislation recognizes that cybersecurity and privacy aren't the only issues with connected devices, but also manufacturers' transparency in informing consumers about which information is being gathered. In using digital devices and services ranging from cell phone apps to connected cars, consumers often don't pay attention to or understand what data they agree to surrender by using the product.

In some cases, product manufacturers might not disclose just how invasive the permissions are. Not understanding these privacy aspects can make consumers vulnerable to cyberattacks or breaches because they might not take the proper precautions to protect their data.

The SPY Car Act would aid transparency for connected vehicles by implementing a standardized federal rating system that shows consumers how far the manufacturer goes to protect security and privacy beyond the minimum standards. The information would be relayed via an easy-to-understand graphic sticker affixed to each car. The feature would provide consumers with more choices when purchasing a vehicle and with the ability to avoid products they feel might put them at undue risk.

The legislation also would require consumers to still be able to use a vehicle's navigation tools and other safety functions even if they opt out of the sharing and collection of driver data. This is a consumer protection measure to prevent manufacturers from essentially coercing consumers into sharing data in order to use basic vehicle features, especially safety features.

Under the legislation, the Federal Highway Administration would create a "cybersecurity tool" and appoint a "cyber coordinator" to help transportation authorities identify, detect, protect against, respond to and recover from cyber incidents.

"It only takes one hacker to access an aircraft or car's controls to cause a disaster," Sen. Markey said in a statement. "Evolving transportation technologies offer enormous potential to improve safety, help protect the environment, and entertain passengers. But these same technologies could pose massive cybersecurity and privacy vulnerabilities if appropriate safeguards are not in place."

Both pieces of legislation were just introduced last week and are still early in the legislative process. A statement from Sen. Markey notes the legislation was "reintroduced," meaning it didn't pass previously. The senators first proposed the Cyber AIR act in 2016.