Rain Blanken
No Comments

What Is the SPY Car Act of 2015?

Decrease Font Size Increase Font Size Text Size Print This Page

Put down the shoe-phone and receive your debriefing on this debonair new bill.

The Bond driver of the future, enjoying a nice bout of SPY Car Act.

The Bond driver of the future, enjoying a nice bout of SPY Car Act

The proposed SPY Car Act makes hacking-prevention sound like a James Bond foray–and that extra pizzazz may be required to get automotive companies to swallow this costly pill. Let’s take a look at the main points of the SPY Car Act, which, sadly, does not provide a cool spy car for every American man, woman, and child.

Official (not-so-cool) name: ‘Security and Privacy in Your Car Act of 2015’

Main Idea of the SPY Act of 2015:

The SPY Act of 2015 is intended to establish new “cybersecurity standards.” In a feat of abstraction that the only US Senate can achieve, the bill promises to “protect consumers from security and privacy threats to their motor vehicles, and for other purposes.” You know, all kinda purposes.

The idea is to force automotive companies to think like software companies. Vulnerable car companies like GM need to defensively assume that hackers are trying to get into the computerized systems that power new cars on the road, and then proactively find ways to prevent these deadly hacks.

For now, the SPY Act is just a bill sittin’ on Capitol Hill. Democratic Senators Ed Markey of Massachusetts and Richard Blumenthal of Connecticut just introduced the bill late last month. Here is the breakdown of what the bill wants to do:

SPY Car Act Hacker

Forget that hook-hand guy in the backseat 
Photo: Brian Klug

Cybersecurity

The first meaty section of the SPY Act of 2015 addresses cybersecurity and includes the ultimatum of all motor vehicles reaching compliance two years after the regulations are passed.

 “All motor vehicles manufactured for sale in the United States on or after the date that is 2 years after the date on which final regulations are prescribed…shall comply with the cybersecurity standards set forth…”

The next bit of the cybersecurity section covers the requirement for hacking prevention. Here, we see a phrase appear that is, at this moment, inspiring glee in the hearts of media outlets across America – “reasonable measures.”

“All entry points to the electronic systems of each motor vehicle manufactured for sale in the United States shall be equipped with reasonable measures to protect against hacking attacks.”

“All driving data collected by the electronic 20 systems that are built into motor vehicles shall be 21 reasonably secured to prevent unauthorized access.”

This section goes on to refer to “penetration testers,” which is fancy speak for third-party hackers that will be permitted to test the systems. This is a point of contention with critics, because there are currently no international standard in place for these testers.

Something tells me we’ll be hearing more about those “reasonable measures” from a bevy of talking heads when we’re on the treadmill at the gym. But let’s get back to the SPY stuff. We need something akin to Morse-code windshield wipers.  A cool hacker-thwarting device that K.I.T.T. would explain snidely to us as though we’re a bunch of kindergarten Neanderhoffs.

KITT Charger

Photo: ThinkGeek

The Cyber Dashboard

Now we’re talking. This Act requires that all cars made in 2017 will be required to have a cyber dashboard. Moreover, the Act goes into the features that the cyber dashboard will provide us lucky, lucky Jetsons.

  • (The cyber dashboard) shall inform consumers, through an easy-to-understand, standardized graphic, about the extent to which the motor vehicle protects the cybersecurity and privacy of motor vehicle owners, lessees, drivers, and passengers.

 

*Cue sad Price is Right tuba*

So, it’s not exactly an automatic shaving kit, laser-show headlamps, or a button that chucks bananas out the tailpipe, but we all love a good infographic, right? To me, this sounds, like a great opportunity for The Oatmeal  to sign on with Kia to create something within the parameters of that lovely “standardized graphic” (rabid hamsters, please).

And the Rest…

In addition to the Cybersecurity measures and the rockin’ Cyber Dashboard, the SPY Act makes sure that drivers who don’t want their data collected will still be able to access navigation, and that the manufacturer won’t be able to use collected data for marketing purposes.

Well, we can imagine that car companies will be footing the bill for the majority of these regulations. Right now, auto manufacturers are self-correcting in light of recent incidents, like the Jeep Cherokee that was recently stunt-hacked by Wired Magazine:

Experiments like these, and deadly real-life hacking incidents, should be enough to inspire car companies to start thinking like software companies. The expense involved in meeting all of the requirements of the SPY Act, however, will most likely show a lot of resistance on passing in the Senate.

Glutton for punishment? You can read the bill in its entirety here. It probably won’t self-destruct in 30 seconds, but that’s on you.