Keep up with the latest developments and legal issues in the telecommunications and emerging technology sectors, with exclusive access to a comprehensive collection of telecommunications law news,...
The House Energy and Commerce Committee plans to mark up a bill July 27 that would regulate autonomous vehicles, amid questions about whether lawmakers should set cybersecurity standards for the emerging technology.
U.S. drivers may be slow to adopt autonomous vehicles being developed by companies such as Ford Motor Co. and Tesla Inc. because of worries about hacks that could result in vehicle theft or harm to occupants, consumer surveys have shown. Cybersecurity fears are second only to worries about perceived higher vehicle expenses among barriers to consumer adoption, according to a September 2016 survey by Kelley Blue Book, a vehicle research and valuation company.
“I think every single member up here is worried about cybersecurity and privacy,” Rep. Debbie Dingell (D-Mich.) told Bloomberg BNA recently. “How do you make sure you’re moving fast enough with the speed at which technology is changing, but at the same time not moving so fast as for somebody to get hurt?”
Lawmakers, autonomous vehicle industry groups and consumer and safety advocacy groups agree that a cybersecurity framework is needed to spur consumer adoption. But they disagree on whether the government should establish the framework, leave it to the private sector, or find a compromise between the approaches.
“Even with a multi-layer defense against cyber threats, automakers must be nimble and adaptive because the cyber world is always changing,” Gloria Bergquist, vice president at the trade group Alliance of Automobile Manufacturers, told Bloomberg BNA. “Locking in what seems proactive now may not be so effective when the future demands another approach.”
There is also widespread concern among lawmakers, autonomous vehicle industry groups and consumer and safety advocacy groups that the Department of Transportation’s National Highway Traffic Safety Administration (NHTSA), the federal government agency that would be in charge of implementing a vehicle cybersecurity plan, does not have sufficient expertise or resources to handle the task. A NHTSA spokesperson did not immediately respond to a Bloomberg BNA request for comment.
Marc Scribner, a fellow at the Competitive Enterprise Institute, said the gaps in cybersecurity policy in an agency draft rule issued on connected cars in 2016 is cause for concern that NHTSA won’t be able to meet the challenge of writing autonomous vehicle cybersecurity standards.
“I think it’s very naive of Congress to think that they can just fix this with more legislation, especially charging an agency to do more, when it’s proven that it can’t do what it’s supposed to be doing right now,” Scribner told Bloomberg BNA.
Dingell told Bloomberg BNA July 19 that lawmakers are aware that NHTSA does not currently have the resources or staff to address autonomous vehicle issues.
“NHTSA doesn’t have money it needs,” Dingell said. “We are not funding these kinds of agencies at the levels they need to be funded to do what they’ve got to do.”
House and Senate lawmakers have taken different approaches to autonomous vehicle cybersecurity so far. The House committee is taking up a bill (H.R. 3388) by Rep. Bob Latta (R-Ohio). The panel’s Digital Commerce and Consumer Protection Subcommittee approved a draft of the bill July 19 that called for autonomous vehicle companies to develop a cybersecurity plan.
Lawmakers have since been negotiating over language that may mandate that NHTSA approve the industry plan. It was unclear July 26 whether those negotiations were successful, but the full committee said late July 25 it would consider a substitute amendment to the bill during its markup.
Senate lawmakers, including Commerce, Science and Transportation Committee Chairman John Thune (R-S.D.) circulated a legislative proposal earlier this month that took a more expansive approach in its cybersecurity section, according to several industry stakeholders who viewed the proposal.
The Senate proposal called for partnering NHTSA with the Auto-ISAC , an industry-led group created in 2015 through a presidential directive to share cybersecurity vulnerabilities and threat information, the industry sources said. The proposal appeared to direct the Department of Transportation to use enforcement authorities and publish guidelines for when cyber vulnerabilities constitute a safety defect, the sources said.
Cybersecurity researchers and industry groups are concerned that mandating particular security standards may make technologies more vulnerable by feeding hackers information about a company’s plans or creating a rigid framework that can’t easily be adapted for fast-moving threats.
There are also gaps and conflicts in federal agency jurisdiction over cybersecurity standard-setting. Acting Federal Trade Commission Chairman Maureen Ohlhausen said during a June workshop that the FTC should address consumer privacy and data security issues around connected cars, but should avoid conflicting with NHTSA’s oversight of vehicles.
NHTSA’ September 2016 guidelines for autonomous vehicles nodded to the need to assess cyber threats and vulnerabilities, but stopped short of mandating standards, stating cybersecurity is an “evolving area” and “more research is necessary before proposing a regulatory standard.” In October, the agency released a series of best practices for cybersecurity in all vehicles.
Some lawmakers, cybersecurity researchers and industry officials say that cybersecurity measures are best left to the private sector, because it has a strong incentive to avoid the litigation and bad publicity that likely would follow an autonomous vehicle hack.
Still, consumer advocacy groups say industry promises aren’t enough. In a July 18 letter to lawmakers, groups including Citizens for Reliable and Safe Highways and Advocates for Highway and Auto Safety called for NHTSA to issue cybersecurity standards within three years after Congress passes an autonomous vehicle bill.
– With assistance from Jimmy H. Koo
To contact the reporter on this story: Michaela Ross in Washington at firstname.lastname@example.org
To contact the editor responsible for this story: Keith Perine at email@example.com
Copyright © 2017 The Bureau of National Affairs, Inc. All Rights Reserved.
All Bloomberg BNA treatises are available on standing order, which ensures you will always receive the most current edition of the book or supplement of the title you have ordered from Bloomberg BNA’s book division. As soon as a new supplement or edition is published (usually annually) for a title you’ve previously purchased and requested to be placed on standing order, we’ll ship it to you to review for 30 days without any obligation. During this period, you can either (a) honor the invoice and receive a 5% discount (in addition to any other discounts you may qualify for) off the then-current price of the update, plus shipping and handling or (b) return the book(s), in which case, your invoice will be cancelled upon receipt of the book(s). Call us for a prepaid UPS label for your return. It’s as simple and easy as that. Most importantly, standing orders mean you will never have to worry about the timeliness of the information you’re relying on. And, you may discontinue standing orders at any time by contacting us at 1.800.960.1220 or by sending an email to firstname.lastname@example.org.
Put me on standing order at a 5% discount off list price of all future updates, in addition to any other discounts I may quality for. (Returnable within 30 days.)
Notify me when updates are available (No standing order will be created).
This Bloomberg BNA report is available on standing order, which ensures you will all receive the latest edition. This report is updated annually and we will send you the latest edition once it has been published. By signing up for standing order you will never have to worry about the timeliness of the information you need. And, you may discontinue standing orders at any time by contacting us at 1.800.372.1033, option 5, or by sending us an email to email@example.com.
Put me on standing order
Notify me when new releases are available (no standing order will be created)