The House Energy and Commerce Committee will consider automotive safety reforms that, among other proposed changes, would make it illegal to hack vehicles. A draft of the legislation was released Wednesday.
Sponsored by Rep. Michael C. Burgess, M.D. (R-Texas), chairman of the Commerce, Manufacturing, and Trade subcommittee, the legislation would make vehicle hacks punishable by civil penalties up to $100,000.
In a release, Rep. Burgess and committee chairman Rep. Fred Upton (R-Mich.) said automotive innovation “is an ever-changing landscape, and we look forward to working with our colleagues and stakeholders as this important process continues.”
Apparently prompted by incidents like the Jeep's Cherokee hack in July by security researchers Charlie Miller and Chris Valasek, and GM's OnStar RemoteLink mobile application vulnerability in 2015, the bill would establish a cybersecurity advisory council, led by the National Highway Traffic Safety Administration.
The proposed legislation has raised concerns among researchers that making it illegal to hack vehicles could make it easier for automotive manufacturers to avoid fixing vulnerabilities.
In speaking with SCMagazine.com, Samy Kamkar, the security researcher who discovered the OnStar vulnerability, said the committee should be careful in the language of the legislation to not make it illegal to hack one's own vehicle. The results, he said, “would be terrible because you will still have lots of bad guys who will continue to hack, and there will not be any researchers exposing vulnerabilities.”
Kamkar said consumers typically do not think about the extent of hacking that is sponsored by nation-states and criminal organizations. “They will never release their exploits publicly,” he said, warning that these entities will instead use the exploits that they discover to carry out their own attacks.
A representative of the House Energy and Commerce Committee told SCMagazine.com that the committee will discuss the proposed reforms on October 21. The representative declined to comment further on the changes.