As more connected and autonomous vehicles hit the road, policymakers must be prepared to address the risk of increased cyber assaults from hackers, cybercriminals and even nation states. In a new policy study, R Street Technology Policy Associate Caleb Watney and Cyril Draffin of the MIT Energy Initiative discuss the role burdensome regulatory hurdles play in preventing important security innovations from coming to market and, ultimately, protecting citizens.

“Connected cars, especially when autonomous, present enormous opportunities for our economy and for public safety,” notes Watney. “But speed of technological innovation means traditional regulatory tools may not be able to keep up. Rather than force new cybersecurity problems through the traditional Federal Motor Vehicle Safety Standards process, we recommend embracing a more flexible regulatory approach that aligns manufacturer incentives, promotes the development of cybersecurity best practices, proactively tests their capabilities and holds companies accountable for their promises.”

As the authors point out, legislative and regulatory efforts should focus on supporting market-based security mechanisms, such as bug bounty programs, fostering independent research and promoting general cyber hygiene. They should also empower standard-setting bodies to address cybersecurity issues proactively, promote industry-led certification and testing efforts, share cyber and physical threat information, and encourage collaboration between stakeholders.

“The potential benefits offered by both connected and autonomous vehicles are far-ranging and substantial,” writes Draffin. “Because an estimated 94 percent of accidents are the result of human error, autonomous and connected vehicles have the opportunity to save tens of thousands of lives and hundreds of billions of dollars each year. Let’s not let allow needless regulation get in the way.”

Featured Publications