On November 18, 2015, two subcommittees of the U.S. House Oversight and Government Reform Committee – the Subcommittee on Information Technology and the Subcommittee on Transportation and Public Assets – convened a joint hearing titled “The Internet of Cars.” The hearing focused on emerging automotive technologies involving vehicle-to-vehicle (V2V) communications, such as Dedicated Short Range Communications (DSRC), as well as potential cybersecurity and privacy concerns associated with connected cars. The panel consisted of government and industry representatives, including automobile manufacturers and cybersecurity professionals.
At the hearing, members and panelists noted the many potential benefits of connected cars, such as warning systems and automatic breaking systems, but also discussed potential cybersecurity and consumer privacy vulnerabilities that could stem from the emerging technology. Nat Beuse, Associate Administrator, Vehicle Safety Research at the National Highway Transportation Safety Administration (NHTSA), stated that NHTSA’s approach to cybersecurity is focused on expanding its research plans and tools, facilitating industry self-regulation, developing new systems solutions, and considering mandatory minimum performance standards.
During the questioning period, the panel was asked about the potential need for automobile-specific cybersecurity legislation. A representative from the information technology industry stated that existing laws, like the Computer Fraud and Abuse Act (CFAA), already apply to hacking. Other panel members stated that there was no existing standard to prevent hacking. Vehicle manufacturers also described their current cybersecurity practices, including supplier audits and bug bounty programs to improve vehicle privacy controls. To close the hearing, Information Technology Subcommittee Chairman Will Hurd (R-TX) called on industry, not government, to develop privacy standards.