The federal government is concerned about hackers seizing control of cars — and it wants your help.
In a Request for Information issued Tuesday (Aug. 2), the U.S. Department of Transportation (USDOT) asks for "information that may be useful in identifying research needs and formulating a research roadmap to establish essential motor vehicle safeguards against cybersecurity threats and assure the reliability and safety of automotive electronic control systems."
In other words, the feds want to know how to protect, and presumably regulate, the rapidly evolving computers and electronic control units (ECUs) that control more and more systems in cars every year.
It's a timely request. Just yesterday (Aug. 3), two researchers at the Black Hat hacker conference in Las Vegas remotely unlocked and started a car using a laptop and a cellphone.
A few months ago, another researcher was able to take control of a car by putting a specially crafted CD into the vehicle's stereo.
Computerized car components have moved far beyond the ECUs that handle fuel injectors and anti-lock brakes. In-dash navigation systems, collision-alert systems and entertainment systems all use sophisticated — i.e., hackable — software.
Vehicle tracking and safety systems, such as GM's OnStar, are even more versatile. They can communicate using cellular and satellite networks, access a vehicle's navigational, diagnostic and security systems and even start or turn off vehicles remotely.
As the USDOT puts it, all this new technology brings with it "new failure modes and mechanisms that are not well understood with respect to safety hazards and security vulnerabilities."
And the agency wants advice from other industries that have already gone down this road. It's asking for information "from specific industry segments that include automotive, aviation, military, industrial controls, information technology, communications, energy/Smart Grid, and medical devices/healthcare information systems."
As Michael Cooney at NetworkWorld pointed out, the USDOT is especially interested in protecting its proposed "Connected Vehicles" program, which would develop industry standards for "smart" vehicles that could communicate with each other and with traffic controllers to avoid collisions, roadway hazards and traffic jams.
Anyone interested in assisting the USDOT with this request is invited to contact Jeremy Barrasso in the agency's Cambridge, Mass., office: jeremy.barrasso@dot.gov.