Feeds

US government wants security research on car-to-car nets

Car crashed? Have you topped up its anti-virus or turned it off and on again?

Protecting against web application threats using SSL

David Strickland, Administrator of the USA's National Highway Traffic Safety Administration (NHTSA), has told that nation's Senate Committee on Commerce, Science, and Transportation that he plans to research the security requirements of automated cars and vehicle-to-vehicle (V2V) networks.

Strickland appeared before the committee this week and gaped with appropriate metaphorical awe at the likes of Google's self-driving vehicles and V2V network proposals that would see one car radio another to tell it when heavy braking is required. Such systems, Strickland said, could “potentially address about 80 percent of crashes involving non-impaired drivers once the entire vehicle fleet is equipped with V2V technology.”

He's also worried about what he called “vehicle cybersecurity”, because he believes more technology in cars creates ”growing potential for remotely compromising vehicle security through software and the increased onboard communications services”

NHTSA has asked for an extra $US2m to research the problem, with the aim of “of developing a preliminary baseline set of threats and how those threats could be addressed in the vehicle environment”. Standards for car-makers are also on the agenda.

Strickland detailed other objectives as follows:

For the V2V program, our research is evaluating a layered approach to cybersecurity. Such an approach, if deployed, would provide defense-in-depth, managing threats to ensure that the driver cannot lose control and that the overall system cannot be corrupted to send faulty data. In partnership with the auto companies and other stakeholders we have developed a conceptual framework for V2V security. We are also developing countermeasures to prevent these security credentials from being stolen or duplicated. Additionally, we are developing protocols to support a V2V security system that is designed to share data about nefarious behavior and take appropriate action.”

Just what that last sentence means is anyone's guess. Here in Vulture South we imagine privacy groups might imagine liberty-challenging driver tracking, or at the very least cars letting it be known when someone's tickling their digital innards in suspicious ways.

Strickland's testimony (PDF) also signalled his agency has started work on a policy framework to allow self-driving cars. He offered the Committee an interesting hierarchy of vehicle automation:

  • Level 0—No Automation. At the initial Level 0, the driver is in complete control of the primary vehicle controls (steering, brake, and throttle) at all times, and is solely responsible for monitoring the roadway and for safe operation of all vehicle controls.
  • Level 1—Function Specific Automation. Level 1 automation involves one specific control function that is automated. The driver still maintains overall control, and is solely responsible for safe operation, but can choose to cede limited authority over a primary control.
  • Level 2—Combined Function Automation. Level 2 automation means that under some circumstances “the driver can disengage from physically operating the vehicle by taking hands off the steering wheel and feet off the pedals at the same time.”
  • Level 3—Limited Self-Driving Automation. Level 3 automation enables the driver to cede full control of all steering, brake, and throttle functions to the vehicle while remaining “available for occasional control, but with a comfortable transition time that will enable the driver to regain situational awareness.”
  • Level 4—Full Self-Driving Automation. The vehicle is designed to perform all safety-critical driving functions and monitor roadway conditions for an entire trip.

Strickland also said the agency is looking into whether guidelines are needed for how voice-activated in-car technology is designed, with an eye to possible future guidelines. ®

Reducing the cost and complexity of web vulnerability management

More from The Register

next story
Infosec geniuses hack a Canon PRINTER and install DOOM
Internet of Stuff securo-cockups strike yet again
Apple Pay is a tidy payday for Apple with 0.15% cut, sources say
Cupertino slurps 15 cents from every $100 purchase
Israeli spies rebel over mass-snooping on innocent Palestinians
'Disciplinary treatment will be sharp and clear' vow spy-chiefs
YouTube, Amazon and Yahoo! caught in malvertising mess
Cisco says 'Kyle and Stan' attack is spreading through compromised ad networks
Hackers pop Brazil newspaper to root home routers
Step One: try default passwords. Step Two: Repeat Step One until success
Greater dev access to iOS 8 will put us AT RISK from HACKERS
Knocking holes in Apple's walled garden could backfire, says securo-chap
Microsoft to patch ASP.NET mess even if you don't
We know what's good for you, because we made the mess says Redmond
NORKS ban Wi-Fi and satellite internet at embassies
Crackdown on tardy diplomatic sysadmins providing accidental unfiltered internet access
prev story

Whitepapers

Providing a secure and efficient Helpdesk
A single remote control platform for user support is be key to providing an efficient helpdesk. Retain full control over the way in which screen and keystroke data is transmitted.
WIN a very cool portable ZX Spectrum
Win a one-off portable Spectrum built by legendary hardware hacker Ben Heck
Storage capacity and performance optimization at Mizuno USA
Mizuno USA turn to Tegile storage technology to solve both their SAN and backup issues.
High Performance for All
While HPC is not new, it has traditionally been seen as a specialist area – is it now geared up to meet more mainstream requirements?
Security and trust: The backbone of doing business over the internet
Explores the current state of website security and the contributions Symantec is making to help organizations protect critical data and build trust with customers.