Cyber official: Feds, companies need better dialogue on security of self-driving cars

The federal government needs to engage with private companies developing self-driving cars to make sure they are safe from cyber threats, a fellow at the National Institute of Standards and Technology (NIST) said Tuesday.

Ron Ross said the issue of the federal government’s responsibility to secure autonomous vehicle systems is the “most important question of the day” at a government forum hosted by software company Cloudera.

“Where do we fall on this balance point between regulation and free market?” Ross said. “We’re kind of in no man’s land right now. We have no carrots and there are no sticks.” 

The NIST is a nonregulatory agency under the Department of Commerce that develops optional standards for cybersecurity and information technology. 

{mosads}Ross said that the federal government needs to have a dialogue with the private sector on the cybersecurity of autonomous vehicles and possibly explore standards or regulations for the security of their technology.

He gave the example of a Silicon Valley startup developing an artificial intelligence program to power an autonomous vehicle. 

“I want to make sure they used secure coding techniques on that program,” Ross said.

The Department of Transportation previously rolled out guidelines for autonomous vehicles to meet federal safety standards last September. 

Companies like Google, Tesla and Apple have been working to develop driverless cars in recent years. Google’s autonomous vehicle project Waymo is now offering consumers in Phoenix the opportunity to test out its cars in a pilot ride-share program. 

At the same time, there have been concerns about the vulnerability of technology in self-driving cars to hacking. In 2015, a researcher in Ireland claimed to be able to defeat laser technology used by most autonomous vehicles with a $60 laser pointer.

Ross suggested that, if the federal government does not move forward on this issue, programs for autonomous vehicles could be targeted in a distributed denial of service (DDoS) attack. 

Analysts say that hackers leveraged tens of thousands of internet-connected devices to launch the massive DDoS attack targeting domain name system company Dyn last October that took down major websites like Amazon, PayPal and Twitter.

“That discussion is going to have to take place because this technology is not stopping and you’re not stopping buying it,” Ross said.