The Department of Transportation announced on Tuesday that they were proposing a rule that would require all new vehicles to include technology for vehicle-to-vehicle systems. The protocol could help prevent a whole lot of accidents, but that is, thankfully, not the only way they’re thinking about drivers’ safety.
The new vehicle-to-vehicle systems, commonly called “V2V” aim to prevent accidents by warning drivers about potential dangers and cars they might not see. Short-range radios allow cars to communicate with each other—sending data like speed, direction, braking status—in order to give them a fuller picture of oncoming cars at an intersection, or when they’re changing lanes.
“Once deployed, V2V will provide 360-degree situational awareness on the road and will help us enhance vehicle safety,” said U.S. Transportation Secretary Anthony Foxx. The NHTSA thinks it could reduce up to 80 percent of non-impaired crashes.
But though the transmission would only be broadcasting generic safety information, not personal information about the driver, the NHTSA is making sure it’s building cybersecurity in from the ground floor, as CNET reports:
When operating on a specific bandwidth (a 75MHz band of the 5.9GHz spectrum, to be specific), there is a cybersecurity concern. The government recognizes this, and points out that its current proposed design employs “at least” 128-bit encryption and is compliant with National Institute of Standards and Technology (NIST) standards and guidelines.
Even if it doesn’t seem like a hole hackers would currently exploit, that’s an important notion to have baked into any digital concept. In an ever-shifting area like cybersecurity it’s not enough to be on top of things, you need to be ahead of the game. You see regrets in things like Fiat’s recall of their cars with an “infotainment” system that it turns out was easily hackable, and even in connected toys for kids.
Even if it has the power to prevent accidents, allowing V2V is the sort of thing that cyber-nightmares might be made of. After all, you may be surprised at what kind of data a hacker most wants, or how little of a crack they need to get through. Driving data might not be the sexiest, or even the best foothold in to the rest of a user’s car or life. But any hole is a hole, and cybersecurity works best when it’s fully integrated to a system, not added on later.
As Cheryl Falvey notes in her piece last year for Retail & Consumer Products Law Observer, the FTC really appreciates companies incorporated from the get-go:
To tackle the challenges of launching products on the Internet of Things, the FTC recommends designing security into interconnected products from the outset as well as monitoring products post sale to quickly identify security risks…Whether designing for safety or security, regulators expect design engineers to play a central role in an overall program that operationalizes safety and security as part of ordinary business processes. Both the CPSC and FTC demand engineering solutions for legal compliance and ask companies to build multiple layers of safety and security into a product by design. Protecting against cybersecurity risks and safeguarding data collected by products on the Internet of Things needs to become business as usual, not some special new legal requirement. Existing corporate process development programs built to ensure a continuous improvement loop in product design need to be updated to ensure that safety, security and privacy are built into every product on the Internet of Things.
It’s nice to see that the government is working to practice what they preach here, instead of looking to companies to set the standard. After all, we can’t afford to swerve around on cybersecurity, even if tools can save lives.
“We’re hopeful that this technology will help prevent crashes and save lives, alongside proven built-in safety features like automatic emergency braking. But vehicle-to-vehicle communications must be secure as Fort Knox,” said William Wallace, policy analyst for Consumers Union. “Automakers must be required to meet baseline, enforceable standards to protect both privacy and cybersecurity as they roll out this technology. Communications should be protected through strong encryption, and security measures should be seamlessly updated so that consumers don’t have to worry about getting into a crash because their car has been hacked.”
The NHTSA’s rule is now open to a comment period of 90 days.