Over time, the amount of software code in vehicles has grown exponentially to support a growing number of safety and other features. However, the reliance on software to control safety-critical and other functions also leaves vehicles more vulnerable to cyberattacks.
GAO was asked to review cybersecurity issues that could impact passenger safety in modern vehicles. This report addresses, among other things, (1) available information about the key cybersecurity vulnerabilities in modern vehicles that could impact passenger safety; (2) key practices and technologies, if any, available to mitigate vehicle cybersecurity vulnerabilities and the impacts of potential attacks; (3) views of selected stakeholders on challenges they face related to vehicle cybersecurity and industry-led efforts to address vehicle cybersecurity; and (4) DOT efforts to address vehicle cybersecurity.
GAO reviewed relevant existing regulations and literature and interviewed officials from DOT; the Departments of Commerce, Defense, and Homeland Security; industry associations; and 32 selected industry stakeholders, including automakers, suppliers, vehicle cybersecurity firms, and subject matter experts. The experts were selected based on a literature search and stakeholder recommendations, among other things.
What GAO Recommends
GAO recommends that DOT define and document its roles and responsibilities in response to a vehicle cyberattack involving safety-critical systems. DOT concurred with our recommendation.