The Government Accountability Office has recommended the Transportation Department define and document its roles and responsibilities for responses to cyber attacks against vehicles with an emphasis on systems that affect passenger safety.
GAO said in a report publicly released Monday it found modern vehicle interfaces for functions such as braking and steering that rely on software can be vulnerable to attacks via both short-range and long-range wireless connections.
Auditors at GAO consulted 32 selected industry stakeholders on practices that work to identify and mitigate potential vehicle cybersecurity risks such as lack of transparency, communication and collaboration on vehicles’ cyber defenses as the automobiles move through supply chains.
GAO found the DOT’s National Highway Traffic Safety Administration has worked to address potential vehicle cybersecurity issues and looks to determine its role in responding to a real-world attack.
GAO conducted the study to address available information about risks in modern vehicles that could affect passenger safety, practices and technologies to mitigate vehicle cybersecurity challenges and its impacts, opinions of selected stakeholders and DOT’s efforts to address vehicle cybersecurity.
Auditors also reviewed existing regulations and literature and interviewed DOT officials as well as other government heads from the Commerce Department, Defense Department, Department of Homeland Security, industry associations and various other subject matter experts.