We're sorry but your browser is not supported by Marsh.com

For the best experience, please upgrade to a supported browser:


Risk in Context

Why Smart Cars and Cyber Risk May Lead to More Regulation for the Auto Industry

Posted by Matt McCabe September 07, 2016

Data privacy may emerge as the next stumbling block to introducing smart cars to America’s roadways.

Two nonpartisan groups, the Open Technology Institute at New America and Public Knowledge, petitioned the Federal Communications Commission (FCC) to delay deployment of internet technologies in cars until it enacts regulations governing security and data privacy for automotive communication technologies.

Personal Information and Driver Safety

At issue are vulnerabilities in devices that use short-range frequencies to allow vehicles to communicate with other vehicles, infrastructure, and the like. Car manufacturers intend to make the technology — known as “dedicated short-range communications” (DSRC) — commercially available by the end of this year.

The petition suggests DSRC technology will not protect personal information about location and driving habits. Also, the storage of financial and transactional information made through mobile connections may be at risk. The petition also extends to safety issues, such as hackers gaining control over driving functions like steering, acceleration, or braking.

More Regulation Expected

The comment period on the petition is over, and the FCC will soon make a decision. Even if it does not take the dramatic step of suspending the commercial use of DSRC service, stakeholders in the auto industry should expect increased legislative and regulatory activity in the coming year:

  • The FCC has previously shown interest in regulating data privacy. The agency earlier this year proposed privacy regulations on broadband internet service providers (ISPs).
  • A perceived regulatory vacuum could encourage the FCC to respond. In July, the automotive industry’s information sharing and analysis center released cybersecurity best practices for automobiles. The US National Highway Traffic Safety Administration (NHTSA) is expected to do so later this year. However, the petition to the FCC argues that NHTSA lacks both the jurisdiction to regulate some potential DSRC licensees and the expertise to address cybersecurity issues.
  • November elections could drive federal legislation. Two Democratic US senators co-sponsored legislation that would require cybersecurity and privacy standards for smart cars. This year they signed a letter to the FCC requesting it take steps to protect consumers from cyber and privacy threats in DSRC technologies. While the odds of such legislation advancing are now low,  chances improve if Democrats gain control of the Senate in November.

Smart car advances highlight the struggle to create regulations and practices to protect consumers. The auto industry and its suppliers should expect continuing regulatory challenges around such technologies. Working with risk and insurance advisors can help ensure you are positioned to manage the potential risks.

Related to:  Cyber Risk , Cyber Risk , Automotive

Matt McCabe