Is a Hackable Vehicle Inherently Defective?

How safe must a vehicle be from malicious cyber attacks to avoid being considered defective? Automakers, regulators and lawmakers are pondering that difficult question now, notes The Wall Street Journal.

Safety advocates argue any hack that threatens a car's occupants is a safety issue and should trigger a recall. Carmakers look at it differently. They liken such an attack to having your tires slashed by a vandal, where the damage done does not mean the vehicle itself is defective.

Sorting out the answer is critical as carmakers expand in-car wireless features, which increase the possibility of malicious access to their control systems, the Journal says. Recent demonstrations show the potential for cyber attacks. But there are no common rules to thwart them.

A U.S. Senate bill would order federal regulators to develop cyber security standards for cars. Asserts the bill's cosponsor Sen. Edward Markey (D-Mass.), "A cyber security vulnerability is a safety defect in the same way an exploding airbag or malfunctioning ignition switch is a safety defect."

Not so, retorts Mitch Bainwol, who heads the Alliance of Automobile Manufacturers. He tells the Journal there's a difference between a flaw in a routine vehicle function and the effect of an outsider who deliberately disrupts that function.

Carmakers, working with standards-making groups such as SAE International, have launched several initiatives to coordinate information about cyber security threats. A common aim is to establish standardized approaches to designing and constructing safe in-vehicle electronic controls.