Security Experts:

Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Vulnerabilities

Senators Reintroduce Bills to Improve Cybersecurity of Vehicles and Airplanes

Legislation Would Protect Drivers From Auto Security and Privacy Risks, Implement Cybersecurity Standards for Aircraft

Legislation Would Protect Drivers From Auto Security and Privacy Risks, Implement Cybersecurity Standards for Aircraft

Senators Edward J. Markey (D-Mass.) and Richard Blumenthal (D-Conn.), members of the Commerce, Science and Transportation Committee, reintroduced two pieces of legislation that would implement and improve cybersecurity standards for cars and aircraft.

The Security and Privacy in Your Car (SPY Car) Act directs the National Highway Traffic Safety Administration and the Federal Trade Commission to establish federal standards to secure our cars and protect drivers’ privacy, as well as establishes a rating system – or “cyber dashboard” – that informs consumers about how well the vehicle protects drivers’ security and privacy beyond those minimum standards. In 2014, Senator Markey released the report “Tracking & Hacking: Security & Privacy Gaps Put American Drivers at Risk,” which detailed major gaps in how auto companies are securing connected features in cars against hackers.

The second piece of legislation, the Cybersecurity Standards for Aircraft to Improve Resilience (Cyber AIR) Act, requires the disclosure of information relating to cyberattacks on aircraft systems and establish standards to identify and address cybersecurity vulnerabilities to the United States commercial aviation system. The bill also seeks a report to study cybersecurity vulnerability of consumer wi-fi on planes. In 2015, Senator Markey began an investigation about airline and aircraft manufacturer protections and protocols against the threat of cyberattacks in relation to the integration of new technologies onboard modern aircraft. Last year, Senators Markey and Blumenthal called on the Federal Aviation Administration (FAA) to adopt robust regulations to ensure that aircraft and ground support equipment are not vulnerable to cyberattacks.

“Whether in their cars on the road or in aircraft in the sky, Americans should be protected from cyberattack and violations of their privacy,” said Senator Markey. “If hackers access the critical systems of a car or plane, disaster could ensue and our public safety could be compromised. We must ensure that as technologies change, our safety and privacy is maintained. I thank Senator Blumenthal for his partnership on this critical issue.”

“This critical legislation will help protect the public against cybercriminals who exploit advances in technology like wireless-connected aircraft and self-driving cars,” said Senator Blumenthal. “As technology rapidly advances, we must ensure the auto and airline industries protect their systems from cybersecurity attacks. Security and safety cannot be sacrificed as we achieve the convenience and promise of wireless progress.”

SOURCESenator Edward J. Markey

Related: Proposed Cyber AIR Act Forces Cybersecurity Standards for Aircraft

Written By

Click to comment

Expert Insights

Related Content

Cloud Security

VMware vRealize Log Insight vulnerability allows an unauthenticated attacker to take full control of a target system.

Mobile & Wireless

Apple rolled out iOS 16.3 and macOS Ventura 13.2 to cover serious security vulnerabilities.

Mobile & Wireless

Technical details published for an Arm Mali GPU flaw leading to arbitrary kernel code execution and root on Pixel 6.

IoT Security

Lexmark warns of a remote code execution (RCE) vulnerability impacting over 120 printer models, for which PoC code has been published.

Mobile & Wireless

Apple’s iOS 12.5.7 update patches CVE-2022-42856, an actively exploited vulnerability, in old iPhones and iPads.

Vulnerabilities

Security researchers have observed an uptick in attacks targeting CVE-2021-35394, an RCE vulnerability in Realtek Jungle SDK.

Email Security

Microsoft is urging customers to install the latest Exchange Server updates and harden their environments to prevent malicious attacks.

Vulnerabilities

Google has awarded more than $25,000 to the researchers who reported the vulnerabilities patched with the release of the latest Chrome update.