SPY Act Answer to In-vehicle Safety of Connected Cars


09/08/2015



The threat of vehicle cyber security to customers as well as car manufacturers is immense as the connected car market grows and expands.
 
Mid-year calls due to breach in connected car systems worth millions of dollars have recently tormented the car manufacturers as well as threatened the safety of customers.
 
More than of 300 million lines of code are present in today’s connected car compared to a 747 airplane which has roughly 75 million lines.  
 
The recent calls by Fiat Chrysler Automobiles are evidence to the potential threat from car cyber hackers and have boosted the recent debate about joint effort to fight vehicle cyber security.
 
In this line, the Security and Privacy in Your Car Act or the SPY Car Act, introduced by senators Edward Markey and Richard Blumenthal in July this year is perhaps the first and the only step to form a joint effort to fight the threat.
 
The proposed legislation seeks to direct the National Highway Traffic Safety Administration (NHTSA) and the Federal Trade Commission (FTC) to formulate federal standards to ensure safety and security of the modern connected car. This is also the first instance that any legislation has been introduced that deals with in-vehicle systems.  
 
Frost & Sullivan believes the industry will see laser focus and fully secure systems within the next two to three years thanks to the introduction of the SPY Car Act and it would force auto manufacturers to comply to the safety of in-vehicle cyber security.
 
Apart from the Fiat Chrysler Automobiles incidents, Range Rovers and BMW also faced similar threats. While hackers managed to remotely steal functions of a Range Rovers, vulnerability was found in BMW vehicles that allowed experimental hackers to unlock doors and open windows through BMW’s ConnectedDrive system.
 
There are not high standards of security for in-vehicle systems. The growth of the connected car and the increased influx of software added into the car have resulted in unparalleled levels of fragmentation. While giving auto makers a measurable tool to secure their vehicles, the fragmentation issue would be addressed by the Security and Privacy Standards within the SPY Car Act.
 
An increase in the number of electronic control units (ECU) has increased the lines of software code that essentially drive a vehicle’s functionality. The ECUs that link directly to critical systems, e.g., power steering or brakes would be the prime focus of the SPY Car Act Security Standard.
 
This is a focus which, according to experts, would be critical in saving lives through the Isolation Measures as defined in the act. Though there have been no incidents of recorded deaths from car hacking, the threat to safety from hacking into the critical control systems cannot be under stressed.
 
There have been no recorded deaths related to vehicle hacking, and I believe that IF there is, it will be with a vehicle already on the road today. One can credit the SPY Car Act for this expectation.
 
The SPY Act also seeks to ensure that the automakers develop a “Detection, Reporting, and Responding to hacking” measure. Hence the auto manufacturers would have to create a completely system to incorporate the tracking aspect.

A recent finding by Frost and Sullivan consumer research indicates that customers are getting more concerned about the safety of vehicles while making purchases and the new Act would force automakers to create new safety levels for the connected car segment.

(Source:www.forbes.com)