117 HR 3262 IH: Guarding against Unauthorized Attacks Related to Driving Act U.S. House of Representatives 2021-05-14 text/xml EN Pursuant to Title 17 Section 105 of the United States Code, this file is not subject to copyright protection and is in the public domain.

I117th CONGRESS1st SessionH. R. 3262IN THE HOUSE OF REPRESENTATIVESMay 14, 2021Mr. Upton introduced the following bill; which was referred to the Committee on Energy and CommerceA BILLTo require the Secretary of Transportation to submit a report on cybersecurity risks to motor vehicle safety, and for other purposes.

1.

Short title

This Act may be cited as the Guarding against Unauthorized Attacks Related to Driving Act or the GUARD Act.

2.

Cybersecurity risks to motor vehicle safety study and report required

(a)

Study required

Not later than 1 year after the date of the enactment of this Act, the Secretary of Transportation, in coordination with any other appropriate Federal agency, shall conduct a study on the state of cybersecurity regarding motor vehicles. In conducting such study, the Secretary shall—(1)develop a comprehensive list of Federal agencies with jurisdiction over cybersecurity and a brief description of such jurisdiction or expertise of such agencies;(2)identify all interagency activities taking place among Federal agencies related to cybersecurity regarding motor vehicles, including working groups or any other relevant coordinated effort;(3)develop a comprehensive list of public-private partnerships focused on cybersecurity regarding motor vehicles, as well as any industry-based bodies, including international bodies, which have developed, or are developing, mandatory or voluntary standards for cybersecurity and the status of such standards;(4)identify each regulation, guideline, mandatory standard, voluntary standard, and other policy implemented by each Federal agency identified under this subsection and each guideline, mandatory standard, voluntary standard, and other policy implemented by industry-based and recognized international bodies;(5)review the technology, measures, guidelines, or practices used across the motor vehicle industry as of the date of the enactment of this Act to identify, protect, detect, respond to, or recover from cyber security incidents affecting the safety of a motor vehicle, focusing on the most advanced vehicle security solutions such as AI-driven vehicle security software;(6)identify existing cybersecurity resources to assist individuals in maintaining awareness of cybersecurity risks associated with motor vehicle safety and mechanisms for alerting a human driver or operator regarding cybersecurity vulnerabilities;(7)identify means to protect vehicle occupants from cybersecurity incidents affecting safety that may arise while the motor vehicle is operating; and(8)identify pervasive industry vehicle software security solutions, such as, embedded in at least 150 million vehicles and 50 percent of the electric vehicle marketplace at the time of enactment.(b)

Report required

Not later than 6 months after completion of the study required pursuant to subsection (a), the Secretary shall submit to the Committee on Energy and Commerce of the House of Representatives and the Committee on Commerce, Science, and Transportation of the Senate a report that contains—(1)the results of the study;(2)recommendations to enable the exchange of information and lessons learned across the industry, and across relevant Federal agencies, regarding cybersecurity incidents, threats, and potential vulnerabilities in a timely manner; and(3)recommendations for other measures deemed reasonable, appropriate, and practicable with respect to cybersecurity related to motor vehicle safety.(c)

Motor vehicle defined

The term motor vehicle has the meaning given that term in section 30102 of title 49, United States Code.