Unlike House legislation, the bill envisions a cyber vulnerability disclosure program for the self-driving car sector.
Makers of self-driving cars would have 18 months to develop plans to mitigate the cybersecurity risks facing those cars, under discussion draft legislation being floated by the Senate Commerce Committee.
The plans should include ways to isolate and segment the cars’ critical digital systems and methods to detect and respond to cyber vulnerabilities when they occur, according to the bill draft obtained by Nextgov.
The plans should also address ways to spread cybersecurity lessons and best practices throughout the automated vehicle community, according to the draft legislation.
» Get the best federal technology news and ideas delivered right to your inbox. Sign up here.
The bill also envisions the Secretary of Transportation working with industry to build a voluntary cyber vulnerability disclosure program.
That program would make it easier for cybersecurity researchers to share newfound vulnerabilities with self-driving car manufacturers before they’re exploited and make it easier for companies to share cyber vulnerability information with each other.
The Senate bill would also require manufacturers to produce annual reports on safety components of their self-driving cars, including how they’re preventing software and hardware malfunctions, mitigating the risk when those malfunctions occur and protecting their cars’ systems against hacking.
The bill would direct the Transportation Department to review all current safety regulations and suggest alternate language, where necessary, so the regulations adequately cover self-driving cars.
It would also create a Highly Automated Vehicles Technical Safety Committee with members from industry, state and local governments, and the safety community, tasked with making safety recommendations for self-driving cars.
The committee would include a working group to tackle accessibility issues for self-driving car passengers with disabilities.