In a letter last month, Sen. Ed Markey (D-Mass.) asked the nation's leading automakers to respond to his cyber threat-related questions by today. Automakers asked for more time, and he has extended the deadline to February 3. Even then, he may not get the information he's seeking.
"In many cases, the information you have asked for is either security sensitive or involves confidential business information," wrote Mitch Bainwol, the CEO of the Alliance of Automobile Manufacturers and Mike Stanton of the Association of Global Automakers, in a response to Markey's letter. "Individual companies will have to determine how best to respond to your requests."
Automotive cyber security has been a concerning topic in Washington, D.C., since last summer, when researchers Chris Valasek and Charlie Miller demonstrated they could manipulate a vehicle's steering, braking and engine after hacking into the controller area networks of a Ford Escape and Toyota Prius.
While Valasek and Miller operated the cars from their back seats, previous research has shown hackers could also gain wireless entry into a car's controller area network and manipulate similar functions.
Markey highlighted the work of those researchers from both studies as he pressed automakers for answers in his letter. The seven pages of questions he asked included:
- "How would you be alerted to the possibility that a cyber-attack or inadvertent introduction of malicious code has occurred?"
- "For each of the past five years, please list and fully describe all instances in which ... your company was made aware of an alleged intentional effort to infiltrate a wireless entry point of one of your company's vehicles."
- "Does any of the testing described above include the use of independent third parties who are contracted by your company to attempt to infiltrate your vehicles' wireless entry points?"
In recent years, automakers and government officials alike have grown concerned that hackers could cause a car accident, or in a worst-case scenario, multiple accidents at one time by exposing a common weakness throughout an automaker's software.
"We are in the process of responding to Senator Markey's request for information," said Toyota spokesperson Ed Lewis. "Based on the extensive scope of his questions, we plan to provide thoughtful and thorough answers on our approach to cyber security threats."
The U.S. Council for Automotive Research, a research wing funded by American automakers, set up a Cyber-Physical Systems Task Force in 2007, and the National Highway Traffic Safety Administration, which is charged with traffic safety oversight, opened a 12-person division last year that monitors and researches automotive cyber security threats.
Earlier this year, the Senate Commerce Committee held hearings on the topic of automotive cyber threats at which Markey's colleague, Sen. Jay Rockefeller (D-W.V.) asked, "Can some 14-year-old in Indonesia shut a bunch of cars down because everything is wired up?"
Markey's office did not respond to a request for comment Friday, but in his letter, he wrote that he's concerned that "as vehicles become more integrated with wireless technology, there are more avenues through which a hacker could introduce malicious code."
Beyond the research conducted by Valasek, Miller and Center for Automotive Embedded Systems Security, there are no known or no proven cyber attacks on an American motorist to date.
"One reason for the industry's success in preventing bad actors from doing malicious things to vehicles is that individual automakers have done a very good job of keeping security sensitive information from falling into the wrong hands," Bainwol and Stanton wrote.
Pete Bigelow is an associate editor at AOL Autos. He can be reached via email at firstname.lastname@example.org and followed on Twitter @PeterCBigelow.