Baby, you can’(t) drive my car: Addressing new challenge in automotive cybersecurity
“Connected cars, especially when autonomous, present enormous opportunities for our economy and for public safety,” notes Watney. “But speed of technological innovation means traditional regulatory tools may not be able to keep up. Rather than force new cybersecurity problems through the traditional Federal Motor Vehicle Safety Standards process, we recommend embracing a more flexible regulatory approach that aligns manufacturer incentives, promotes the development of cybersecurity best practices, proactively tests their capabilities and holds companies accountable for their promises.”
As the authors point out, legislative and regulatory efforts should focus on supporting market-based security mechanisms, such as bug bounty programs, fostering independent research and promoting general cyber hygiene. They should also empower standard-setting bodies to address cybersecurity issues proactively, promote industry-led certification and testing efforts, share cyber and physical threat information, and encourage collaboration between stakeholders.
“The potential benefits offered by both connected and autonomous vehicles are far-ranging and substantial,” writes Draffin. “Because an estimated 94 percent of accidents are the result of human error, autonomous and connected vehicles have the opportunity to save tens of thousands of lives and hundreds of billions of dollars each year. Let’s not let allow needless regulation get in the way.”