WASHINGTON — Consensus is growing on the need for national legislation to govern autonomous-vehicle development, but cybersecurity protection for connected vehicles looms as a potential area of conflict.
High-profile Democrats on the Senate Commerce Committee are pushing for mandatory federal standards to defend against hackers taking control of vehicles or interrupting wireless communications and deliberately causing accidents.
Automakers say they share the objective of keeping malware out of self-driving vehicles but need a more flexible approach to deal with the risk.
"We think the best way to realize your objective is to have a dynamic approach," Mitch Bainwol, president of the Alliance of Automotive Manufacturers, testified at a Commerce Committee hearing this month. "Our fear is that standards would become obsolete very quickly."
Millions of vehicles on the road today are already vulnerable to hacks by virtue of their connectivity technology, but the huge number of interconnected components in autonomous vehicles could offer bad actors many more opportunities to infiltrate driving systems. Self-piloting cars will wirelessly exchange information among themselves, with cloud-based computers and with public infrastructure, such as traffic lights, to sense their environment and determine how to navigate.
"Once a vehicle connects to the Internet, it is hackable," Yoni Heilbronn, chief marketing officer for Argus Cyber Security in Israel, said in a phone interview. "A vehicle has multiple penetration vectors, with 100 million lines of software code and an average of 10,000 known software bugs in it when it rolls out of Detroit or Stuttgart."
An additional concern is that cybercriminals may try to penetrate a vehicle system to steal personal information or determine a driver's location, technology experts say.
Cybersecurity was one of the principles for autonomous vehicle legislation announced two weeks ago by Commerce Committee leaders, who said protections must be an integral feature of self-driving vehicles from the inception of development. A comprehensive bill is expected to be introduced this summer.
Last fall, the National Highway Traffic Safety Administration released voluntary recommendations for developers to focus on during the design process, such as secure development practices, information sharing, disclosure of vulnerabilities, incident response and self-auditing.