FCC Studying Cybersecurity of Connected Vehicle Tech

The Internet Law Resource Center™ is the complete information solution for practitioners in cyberlaw. Follow the latest developments on ICANN’s gTLD program, keyword advertising, online privacy,...

By Lydia Beyoud

July 27 — The Federal Communications Commission is weighing cybersecurity concerns about automotive industry technology to enable vehicle-to-vehicle communications.

The agency issued a public notice July 25 seeking comment on a petition from public interest groups asking for an emergency stay to keep automakers such as General Motors Co. from rolling out cars later this year equipped with special vehicle-to-vehicle technology until the FCC creates formal cybersecurity standards.

If the FCC were to grant the petition, it would be a serious blow to car makers, an automotive industry representative told Bloomberg BNA on background. Auto makers such as GM might reconsider their schedules for introducing connected cars if it seems the FCC might grant a stay, the auto industry source said.

Modern cars are already under increased scrutiny from a range of industries, lawmakers and public interest groups for vulnerabilities to hackers and other cybersecurity threats. As the industry gears up for widespread deployment of autonomous vehicle technology, cybersecurity standards to combat such threats are caught up in a jurisdictional tug-of-war between the FCC and the U.S. Department of Transportation's National Highway Traffic Safety Administration (NHTSA).

NHTSA has been working since 2014 on a rule addressing vehicle-to-vehicle communications technology standards, including safety, privacy and security issues. That rule is under review by the White House Office of Management and Budget.

Now the FCC is stepping in to examine cybersecurity issues surrounding technology the auto industry has developed for vehicle-to-vehicle (V2V) communications, known as dedicated short range communication (DSRC) technology.

If the FCC decides to move ahead on vehicle-to-vehicle cybersecurity rules, then it will make itself responsible for an issue seen by automotive groups as more appropriately overseen by NHTSA, the source said. Such a move might lead the NHTSA to defer to the FCC on cybersecurity for connected vehicles, the source added.

The auto industry and Wi-Fi supporters differ over whether the cybersecurity and spectrum sharing issues can or should be separated, but it appears that the FCC is taking seriously the June 28 petition filed by Public Knowledge and the New America Foundation's Open Technology Institute.

The groups asked the FCC to limit the use of DSRC technology to life and safety uses only, in addition to requiring automakers to file a cybersecurity plan before activating DSRC systems.

Public interest groups believe the FCC, as the regulator of commercial radio spectrum, has the authority to determine what the auto industry may do with the spectrum it's been given.

“They should create a docket where these issues can be addressed as core issues, as opposed to a side point in a spectrum sharing proceeding,” Harold Feld, senior vice president at Public Knowledge, told Bloomberg BNA.

“The FCC in 2004 contemplated that this would be voluntary and that the auto industry would deploy without a NHTSA mandate,” Feld said. “But the fact is, if they're not going to wait for NHTSA to finish its rulemaking process and jump out there right away, they need to recognize that they're acting under the FCC's grant of authority, which goes back to 2004, and not under NHTSA's safety mandate, which has not yet completed the rulemaking process.”

Auto Industry Pushback

Auto industry representatives hit back on both the public interest groups's petition and concerns that automakers aren't factoring security into their technology on their own.

“Public Knowledge’s petition does nothing to advance the public’s safety,” Wade Newton, a spokesman for the Alliance of Automobile Manufacturers. This is really the Wi-Fi community’s attempt to slow down what can be a pillar of future automotive safety,” Newton said. “The fact of the matter is that DSRC systems have been developed and deployed” with privacy protections built in, he said.

Broader Issues in Spectrum Sharing Policy

The DSRC cybersecurity issue is part of a larger debate among industry and public interest groups, and Congress, over whether the spectrum originally allocated to the auto industry in 1999 should be opened up to share with unlicensed Wi-Fi users.

The technology is intended to dramatically reduce traffic accidents and fatalities, but will require up to a decade to reach the point at which the majority of the U.S. automotive fleet includes DSRC to enable the communications necessary for safety applications. Meanwhile, the auto industry is contemplating other uses of the spectrum, including mobile ads, mobile payments, parking location and toll payments, among others .

Wi-Fi groups, backed by cable interests such as Comcast Corp. and the National Cable and Telecommunications Association, are asking the FCC to open the DSRC airwaves to sharing. The spectrum band where the technology will operate lies adjacent to spectrum on which Wi-Fi is already deployed.

If engineers can prove that spectrum uses critical to prevent accidents and provide vehicle-to-vehicle safety applications can be protected from interference, Wi-Fi supporters have said opening the band for shared use with the auto industry would enable faster Wi-Fi.

To contact the reporter on this story: Lydia Beyoud in Washington at lbeyoud@bna.com

To contact the editor responsible for this story: Keith Perine at kperine@bna.com

For More Information

Text of the public notice is at http://src.bna.com/g8E.

Text of the public interest groups' petition is at http://src.bna.com/ha6.

Text of the Symantec report is at http://src.bna.com/haC.

Copyright © 2016 The Bureau of National Affairs, Inc. All Rights Reserved.