Automakers asked to explain cyber-security protections

Democratic senators Edward Markey and Richard Blumenthal wrote to 18 automakers yesterday asking how they test electronic components and communications technology to ensure attackers cannot gain access to on-board systems.

The move follows a review that Markey began in December 2013 that concluded in a February 2015 report, which stated that the growth of connected vehicles had outpaced industry and government efforts to protect them from hackers.

"As vehicles become increasingly connected to the Internet, and to one another through advanced features and services, we continue to see how these technologies present vulnerabilities that can compromise the safety and privacy of drivers and passengers," the senators' letter said.

Many modern cars contain dozens of small computers to control various systems, but as more of these become able to connect to external networks they have become increasingly vulnerable to cyber-attacks.

In July, two cyber-security researchers demonstrated how they could remotely turn off the engine of a
Jeep Cherokee while it was travelling on an American highway, which prompted Fiat Chrysler to recall some 1.4 million vehicles for a software update.

Letter recipients included BMW, Fiat Chrysler, Ford Motor, General Motors, Toyota Motor and Volkswagen, but the letter also noted that the industry has made some progress in recent years.

"We appreciate that many automotive companies have begun to take concrete steps to close these security gaps," the senators wrote.

A solution to the issue is likely to take years, according to security experts, as computers have been integrated into cars for decades, but their cyber-security has only come to the fore very recently.

"They've been trying to fix the problems, but it takes a long time," Chris Rouland, founder and chief technology officer of cyber-security firm Bastille, told Reuters.