Cyber rules for self-driving cars stall in Congress
Major automakers are moving full steam ahead with their plans to put self-driving cars on the road, even as lawmakers and regulators in Washington fall behind on creating a cybersecurity framework for those vehicles.
The issue of cybersecurity is becoming increasingly important as large car manufacturers ramp up their testing of the vehicles on the road and begin to float ambitious plans to eventually bring them to market.
However, those strides come as lawmakers have failed to make progress on federal cybersecurity standards to protect the vehicles from hacking operations and other malicious cyber incidents.
On Capitol Hill, a bipartisan effort to pass legislation to set cybersecurity and other standards for autonomous vehicles failed during the previous Congress. Lawmakers expressed optimism they could revive those efforts this year, but objections from a group of Senate Democrats that language in the legislation, the AV START Act, did not do enough to address consumer safety and cybersecurity issues has scuttled those plans.
The American Vision for Safer Transportation through Advancement of Revolutionary Technologies Act, or AV START Act, was sponsored by Sens. John Thune (R-S.D.) and Gary Peters (D-Mich.), the chairman and ranking member of the Commerce, Science and Transportation Committee during the last Congress.
Thune told reporters in June he was looking to reintroduce the bill in the same form, but lawmakers have been sidetracked by a host of other issues and an impeachment inquiry is now threatening any bipartisan work.
Peters told The Hill on Tuesday there were “no updates” and that he is “still working on it,” adding that there is no timeline for the bill to be reintroduced.
The AV START Act’s initial language included provisions around cybersecurity intended to prevent autonomous vehicles from being hacked and included a provision requiring autonomous vehicle manufacturers to develop and execute a plan for reducing cyber vulnerabilities.
While there is no timeline for reintroducing legislation on autonomous vehicles, the Senate Commerce, Science and Transportation Committee and the House Energy and Commerce Committee are currently “working on a bipartisan and bicameral basis to develop a self-driving car bill,” according to a spokesperson for the House panel.
But there is pressure for lawmakers to act from both industry and other groups.
The committees sent out a joint letter to stakeholders at the end of July asking for feedback on language for a bill on self-driving cars.
According to a spokesperson for Republicans on the House Energy and Commerce Committee, more than 100 responses were received from “a variety of interested stakeholders.”
Senate Commerce Committee Chairman Roger Wicker (R-Miss.) told The Hill on Tuesday to expect “nothing this week” from his committee on autonomous vehicles, but added that “concerns have been voiced” by stakeholders on addressing the cybersecurity of self-driving cars.
During the last Congress, the House Energy and Commerce Committee cleared another bill, the Safely Ensuring Lives Future Deployment and Research In Vehicle Evolution Act, or Self Drive Act, which also passed the full House in 2017. However, the Senate never took the bill up, and it stalled out along with the AV START Act.
The Self Drive Act, sponsored by Rep. Bob Latta (R-Ohio) and more than 30 other lawmakers from both parties, would have required autonomous vehicle manufacturers to develop cybersecurity plans before being allowed to sell the cars. A spokesperson for Latta told The Hill in June that Latta plans to reintroduce the bill “this year.”
While the identities of the stakeholders who shared their input on legislating self-driving cars with the two committees have not been made public, a coalition of consumer rights, public health and first responder groups sent a letter to the leaders of the committees urging action on autonomous vehicles last month.
The groups cited concerns about the cybersecurity of the vehicles, among other issues, in calling on Congress to set policies around self-driving cars.
The coalition specifically advocated that any legislation should address “cybersecurity and vehicle electronics and human-machine interfaces for interacting with pedestrians, motorcyclists, and bicyclists and for when a human needs to take back control of a vehicle from a computer.”
While Congress has been slow to act on self-driving vehicle cybersecurity, the Department of Transportation (DOT) has taken steps to put regulations in place around autonomous vehicles.
DOT released its “Automated Vehicles 3.0” strategy last year for addressing the rollout and testing of self-driving cars, with cybersecurity a major issue it addressed. DOT vowed to work with agencies including the departments of Commerce, Homeland Security and Justice, along with the Federal Communications Commission, the Federal Trade Commission and industry experts to manage cyber risks.
“Surface transportation is a broad sector of the economy and requires coordination across all levels of government and the private sector in the event of a significant cyber incident to enable shared situational awareness and allow for a unified approach to sector engagement,” the DOT wrote.
The National Highway Traffic Safety Administration and the Federal Motor Carrier Safety Administration have been among the most involved agencies. They have requested public comment on how vehicles communicate with each other and with internet-connected devices, and how automated vehicles will affect the workforce, such as drivers.
The pressure to move quickly will only intensify as companies ramp up their work.
Toyota announced a partnership with Chinese startup Pony.ai last month to build self-driving cars, while Hyundai is partnering with auto parts company Aptiv with the goal of making self-driving platforms for taxi providers, fleet operators and auto manufacturers by 2022.
General Motors has plans to put self-driving cars on the roads this year, while Ford and Volkswagen announced a partnership in July to build self-driving cars. Ford began testing self-driving cars in Washington, D.C., last year, with the company aiming to have fully automated vehicles in commercial operation by 2021.
Other transportation groups including Uber and Lyft are also testing autonomous vehicles, though Uber suffered a setback last year when a pedestrian was hit and killed by an autonomous vehicle that was part of the company’s testing program in Arizona.
Lyft said at the end of May that, through its partnership with Aptiv, it had provided over 50,000 rides to customers in self-driving vehicles in Las Vegas.
The coalition of stakeholder groups noted in their August letter that a federal framework around autonomous vehicles in general, not simply focused on cybersecurity, is critical.
“Polls indicate that AV [autonomous vehicle] safety is of concern to the American people,” the groups wrote. “Any legislation must give the public confidence that this new technology will be safe and this can be accomplished through legislating needed safeguards.”