Major automakers plan to work with the U.S. government to try to deter hacks of connected cars before they become a major issue.
To date, there haven’t been any major cyberattacks on cars, but a number of security researchers demonstrated potentially serious attacks in 2015, and that has the government worried.
So the U.S. Department of Transportation (DOT) is hoping it can get the auto industry to mirror proactive safety work that already takes place in the aviation industry. The agreement has been signed by all major automakers that operate in the U.S.
“Real safety is finding and fixing defects before someone gets hurt, rather than just punishing after the damage is done,” U.S. Transportation Secretary Anthony Foxx said Friday when he announced the initiative at the North American International Auto Show in Detroit.
Under the plans, car makers and the government will develop best practices for keeping cars resilient against cyber attacks and work out the best way to collaborate with the wider cybersecurity research community.
Additionally, the group will look at ways to improve information sharing through a recently formed industry group called Auto-ISAC.
The group will encourage car companies to continue sharing threat and vulnerability information and to begin sharing common or generic countermeasures used to address common threats and vulnerabilities, the DOT said in a statement.
Membership will also be opened up to automotive suppliers and researchers working on connected and autonomous vehicles.
“I like some of the themes I see here,” said Joshua Corman, co-founder of I Am The Cavalry cybersecurity association. He said several parallel his groups’s “Five Star Automobile Cyber Safety Program,” which is a framework for avoiding, learning from, responding to and isolating failures that can lead to cybersecurity problems.
Work in the area can’t come soon enough, he said.
“The very worst thing is waiting for something bad to happen because it takes so long to design a car, we won’t see corrective actions for five or more years.”
It is the second major announcement made by the DOT at the Detroit auto show this week. On Thursday, Foxx said his department will deliver in six months a set of model guidelines for self-driving cars.
The DOT is eager to head off a patchwork of state laws on self-driving cars popping up across the country that make national testing and research difficult. Some of those regulations are likely to include provisions on cybersecurity.