Public Knowledge, OTI want FCC to protect DSRC users from cyberattacks

Pointing to a number of high-profile hacking incidents involving motor vehicles over the last year and General Motors' intention to deploy dedicated short-range communications (DSRC) in some model cars this fall, Public Knowledge (PK) and the New America Open Technology Institute (OTI) are petitioning the FCC to immediately prohibit use of DSRC until it adopts service rules that protect the cybersecurity and privacy of DSRC users.

In recent months, hackers have demonstrated the ability to seize control of braking, steering and acceleration functions, which would allow a hacker to remotely crash vehicles, the petition stated (PDF), noting that a report from Intel chronicled 14 different ways a hacker could gain access to a car's operating system.

As PK/OTI pointed out, DSRC is the auto industry's go-to technology for vehicle-to-vehicle (V2V) and vehicle-to-infrastructure (V2I) communication. While it's taken years to get it off the ground, the auto industry intends to deploy DSRC for both autonomous vehicles and in standard vehicles for purposes of collision avoidance. Plans also called for using DSRC to offer commercial services such as mobile payments, in-car advertising and "infotainment" systems such as video streaming, something the consumer groups objected to.

Public Knowledge's Petition for Rulemaking asked the FCC to adopt several safety measures before permitting the auto industry to deploy DSRC, including making automakers file a cybersecurity plan before activating DSRC systems and requiring them to inform customers what types of personal information they collect and how they will use that information. It also wants regulators to limit DSRC to life and safety issues only and not allow automakers to monetize the spectrum with advertising and mobile payments.

"In March, the FBI and Department of Transportation (DOT) issued a joint Public Service Announcement warning Americans to be careful against cyberattacks on their cars," said Harold Feld, senior vice president at Public Knowledge, in a statement. "A hacked car equipped with DSRC will spread the infection to any other car equipped with DSRC like a mosquito spreading Zika."

"When the FCC created the DSRC service rules in 2004, it did not impose any requirements with regard to cybersecurity or privacy protection. In light of these recent reports and warnings, that must change," he added.

For more:
- see this release
- see this petition (PDF)

Related articles:
Qualcomm, Intel, others urge Obama to release 5.9 GHz for Wi-Fi
Qualcomm, NCTA, auto makers push for 5.9 GHz testing for vehicles
Two FCC commissioners advocate new uses for DSRC
Sprint says its network not at fault in hacking demonstration of Chrysler vehicles