— Following the much publicized hacking of a Jeep Cherokee that sent its driver into a panic, two U.S. senators have introduced the Security and Privacy in Your Car Act of 2015, or the SPY Car Act of 2015.
Introduced by Senators Richard Blumenthal (D-Conn.) and Edward J. Markey (D-Mass.), the SPY Car Act of 2015 requires the National Highway Traffic Safety Administration and the Federal Trade Commission to set minimum standards and safeguards to protect drivers and their cars from hackers.
To add protection against hacking, the proposed legislation requires all vehicles manufactured in the U.S. to be equipped with "reasonable measures" to protect against wireless and wired attacks.
The most important measure would incorporate isolation procedures to separate "critical software systems" from "noncritical software systems." The legislation describes critical software systems as "software systems that can affect the driver’s control of the vehicle movement."
This has always been a stumbling block for automakers because of something called the CAN bus. The CAN (Controller Area Network) bus is the internal communication network that connects the engine control units with each other. It's the standard in the auto industry and can allow hackers to access the powertrain and other vital systems of a car.
The legislation would also require something called a "cyber dashboard" to inform consumers, using a standardized graphic, about how each vehicle protects the cybersecurity and privacy of owners and lessees. The information would become a component of the label required to be affixed to each vehicle manufactured in the U.S.
Additional sections of the proposed legislation are meant to give consumers more control over their privacy and how their personal data is used. The SPY Act would mandate all driving data collected by the electronic systems shall be "reasonably secured" to prevent unauthorized access while the data is stored onboard, in transit from the car to another location and in offboard usage and storage.
With visions of firewalls and anti-virus software used on home computers, all vehicles will need to be equipped with capabilities to immediately "detect, report, and stop attempts to intercept driving data or control the vehicle."
The proposed measures would also need to be tested and updated by automakers to ensure the cars stay protected. Part of the testing would require the use of third-party hackers to be used as penetration hackers to test the security of the vehicles.