As the auto industry changes, so will rules and regulations. While automakers try to fight the government and official organizations that make the rules when it comes to calling a self-driving vehicle safe, there’s another issue starting on the rise – cybersecurity. Mechanically engineered vehicles have their safety and security systems in play, but now that vehicles are becoming more dependent on software, new security issues are on the rise. Software-defined vehicles (SDV) are cool and all, but with how many automakers work with other companies and mix and match hardware/software, it’s going to become an issue for automakers to make sure everything is safe.

Here’s the crazy thing. The National Highway Traffic Safety Administration (NHTSA), the organization in charge of all vehicle safety, doesn’t have much to say on cybersecurity. If anything, it’s “voluntary”, with the first occurrence is the NHTSA’s Cybersecurity Best Practices for the Safety of Modern Vehicles publication, last published in 2016. The technology has changed drastically since then, and the new version published last year (2022) only focuses on the potential manipulation of data produced by the Light Detection and Ranging (lidar) and radar sensors automobiles use for Level 3 autonomy features.

Currently, the Biden administration has been making some changes that affect automakers. First, the Inflation Reduction Act that limited the federal tax credit on battery-electric vehicles (BEVs) and plug-in hybrid electric vehicles (PHEVs) to vehicles made with battery components of a BEV were mostly assembled or made in North America; the materials for it were also extracted by U.S. entities, processed in the U.S. (or in a country where the U.S. has a free-trade agreement); and made from materials that were recycled in North America. Now, the administration wants to shift the cybersecurity burdens from individuals, small businesses, and local governments to automakers. This brings us back to the above problem about automakers signing contracts with other businesses to fill their interior cabins with all kinds of modern features.

"Vehicles are increasingly integrating into a broader ecosystem of connected infrastructure, devices, and features — many of which are beyond the control of the auto companies themselves,", - Hilary Cain, vice president for technology, innovation and mobility policy at the Alliance for Automotive Innovation

The NHTSA did offer one option to keep everyone happy. It’s time to get serious about artificial intelligence (AI). It may sound a little like science fiction, but if automakers put smart AI into vehicles with level 3 autonomy and above. Currently vulnerable to lidar- and radar-jamming, GPS spoofing, remote road sign modifications, camera-blinding, and other hacking methods, a little AI could go a long way. This is especially the case for SDVs. Vehicles run completely on an operating system can have a lot of bugs to work out and vulnerabilities not yet identified. AI installed to fight back against these would-be hackers with strategies like producing fake data and false positives.

The European Union and the 58 members of the United Nations Economic Commission for Europe have become stricter about CO2 emissions in recent years, and now they’re bringing the hammer down on cybersecurity. U.S> automakers are a little more lax when it comes to cybersecurity, probably because it’s so new and seems invulnerable. That’s clearly not the case. Most recently, Kia models became victim to a trending TikTok video featuring auto theft, and the automaker had to release a software update to help consumers fight back.

Until the NHTSA makes cybersecurity mandatory, automakers may continue to view it as a voluntary act until they get hit with a lawsuit. That will only lead to an outcome that nobody likes. We need regulations, not recommendations.

What are your thoughts on cybersecurity in automobiles? Join the discussion on NowCar social media.

Photo Source/Copyright: Unsplash/Jefferson Santos @jefflssantos