Feeds

US government wants security research on car-to-car nets

Car crashed? Have you topped up its anti-virus or turned it off and on again?

Securing Web Applications Made Simple and Scalable

David Strickland, Administrator of the USA's National Highway Traffic Safety Administration (NHTSA), has told that nation's Senate Committee on Commerce, Science, and Transportation that he plans to research the security requirements of automated cars and vehicle-to-vehicle (V2V) networks.

Strickland appeared before the committee this week and gaped with appropriate metaphorical awe at the likes of Google's self-driving vehicles and V2V network proposals that would see one car radio another to tell it when heavy braking is required. Such systems, Strickland said, could “potentially address about 80 percent of crashes involving non-impaired drivers once the entire vehicle fleet is equipped with V2V technology.”

He's also worried about what he called “vehicle cybersecurity”, because he believes more technology in cars creates ”growing potential for remotely compromising vehicle security through software and the increased onboard communications services”

NHTSA has asked for an extra $US2m to research the problem, with the aim of “of developing a preliminary baseline set of threats and how those threats could be addressed in the vehicle environment”. Standards for car-makers are also on the agenda.

Strickland detailed other objectives as follows:

For the V2V program, our research is evaluating a layered approach to cybersecurity. Such an approach, if deployed, would provide defense-in-depth, managing threats to ensure that the driver cannot lose control and that the overall system cannot be corrupted to send faulty data. In partnership with the auto companies and other stakeholders we have developed a conceptual framework for V2V security. We are also developing countermeasures to prevent these security credentials from being stolen or duplicated. Additionally, we are developing protocols to support a V2V security system that is designed to share data about nefarious behavior and take appropriate action.”

Just what that last sentence means is anyone's guess. Here in Vulture South we imagine privacy groups might imagine liberty-challenging driver tracking, or at the very least cars letting it be known when someone's tickling their digital innards in suspicious ways.

Strickland's testimony (PDF) also signalled his agency has started work on a policy framework to allow self-driving cars. He offered the Committee an interesting hierarchy of vehicle automation:

  • Level 0—No Automation. At the initial Level 0, the driver is in complete control of the primary vehicle controls (steering, brake, and throttle) at all times, and is solely responsible for monitoring the roadway and for safe operation of all vehicle controls.
  • Level 1—Function Specific Automation. Level 1 automation involves one specific control function that is automated. The driver still maintains overall control, and is solely responsible for safe operation, but can choose to cede limited authority over a primary control.
  • Level 2—Combined Function Automation. Level 2 automation means that under some circumstances “the driver can disengage from physically operating the vehicle by taking hands off the steering wheel and feet off the pedals at the same time.”
  • Level 3—Limited Self-Driving Automation. Level 3 automation enables the driver to cede full control of all steering, brake, and throttle functions to the vehicle while remaining “available for occasional control, but with a comfortable transition time that will enable the driver to regain situational awareness.”
  • Level 4—Full Self-Driving Automation. The vehicle is designed to perform all safety-critical driving functions and monitor roadway conditions for an entire trip.

Strickland also said the agency is looking into whether guidelines are needed for how voice-activated in-car technology is designed, with an eye to possible future guidelines. ®

Mobile application security vulnerability report

More from The Register

next story
NEW, SINISTER web tracking tech fingerprints your computer by making it draw
Have you been on YouPorn lately, perhaps? White House website?
HIDDEN packet sniffer spy tech in MILLIONS of iPhones, iPads – expert
Don't panic though – Apple's backdoor is not wide open to all, guru tells us
LibreSSL RNG bug fix: What's all the forking fuss about, ask devs
Blow to bit-spitter 'tis but a flesh wound, claim team
Black Hat anti-Tor talk smashed by lawyers' wrecking ball
Unmasking hidden users is too hot for Carnegie-Mellon
Manic malware Mayhem spreads through Linux, FreeBSD web servers
And how Google could cripple infection rate in a second
NUDE SNAPS AGENCY: NSA bods love 'showing off your saucy selfies'
Swapping other people's sexts is a fringe benefit, says Snowden
Own a Cisco modem or wireless gateway? It might be owned by someone else, too
Remote code exec in HTTP server hands kit to bad guys
prev story

Whitepapers

Reducing security risks from open source software
Follow a few strategies and your organization can gain the full benefits of open source and the cloud without compromising the security of your applications.
Consolidation: The Foundation for IT Business Transformation
In this whitepaper learn how effective consolidation of IT and business resources can enable multiple, meaningful business benefits.
Application security programs and practises
Follow a few strategies and your organization can gain the full benefits of open source and the cloud without compromising the security of your applications.
Boost IT visibility and business value
How building a great service catalog relieves pressure points and demonstrates the value of IT service management.
Consolidation: the foundation for IT and business transformation
In this whitepaper learn how effective consolidation of IT and business resources can enable multiple, meaningful business benefits.