 


114 HR 3994 IH: Security and Privacy in Your Car Study Act of 2015
U.S. House of Representatives
2015-11-05
text/xml
EN
Pursuant to Title 17 Section 105 of the United States Code, this file is not subject to copyright protection and is in the public domain.



I 
114th CONGRESS
1st Session
H. R. 3994 
IN THE HOUSE OF REPRESENTATIVES 
 
November 5, 2015 
Mr. Wilson of South Carolina (for himself and Mr. Ted Lieu of California) introduced the following bill; which was referred to the Committee on Energy and Commerce
 
A BILL 
To direct the Administrator of the National Highway Traffic Safety Administration to conduct a study to determine appropriate cybersecurity standards for motor vehicles, and for other purposes. 
 
 
1.Short titleThis Act may be cited as the Security and Privacy in Your Car Study Act of 2015 or the SPY Car Study Act of 2015. 2.Study on cybersecurity standards for motor vehicles (a)Study requiredThe Administrator of the National Highway Traffic Safety Administration, in consultation with the Federal Trade Commission, the Director of the National Institute of Standards and Technology, the Secretary of Defense, the Automotive Information Sharing and Analysis Center, SAE International, manufacturers of motor vehicles, manufacturers of original motor vehicle equipment, and relevant academic institutions, shall conduct a study to determine appropriate standards for the regulation of the cybersecurity of motor vehicles manufactured or imported for sale in the United States that should be adopted by the Administration and any other appropriate Federal agencies. The study shall include an identification of— 
(1)the isolation measures that are necessary to separate critical software systems from other software systems; (2)the measures that are necessary to detect and prevent or minimize in the software systems of motor vehicles anomalous codes associated with malicious behavior; 
(3)the techniques that are necessary to detect and prevent, discourage, or mitigate intrusions into the software systems of motor vehicles and other cybersecurity risks in motor vehicles, such as continuous penetration testing and on-demand risk assessments; and (4)best practices to secure driving data collected by the electronic systems of motor vehicles while such data are stored onboard the vehicle, in transit from the vehicle to another location, and in offboard storage. 
(b)Reports to Congress 
(1)Preliminary reportNot later than 1 year after the date of the enactment of this Act, the Administrator shall submit to the Committee on Energy and Commerce of the House of Representatives and the Committee on Commerce, Science, and Transportation of the Senate a report containing the preliminary findings of the study conducted under subsection (a). (2)Final reportNot later than 6 months after the submission of the report under paragraph (1), the Administrator shall submit to the committees described in such paragraph a report containing the complete findings of the study conducted under subsection (a), including recommended dates for the adoption and effectiveness of the standards determined to be appropriate in such study and recommendations for any legislation that may be necessary to authorize the adoption of such standards. 
(3)Form of reportThe report required by paragraph (2) shall be submitted in unclassified form but may contain a classified annex.  (c)DefinitionsIn this section: 
(1)AdministratorThe term Administrator means the Administrator of the National Highway Traffic Safety Administration. (2)Critical software systemThe term critical software system means a software system of a motor vehicle that can affect the driver’s control of the movement of the vehicle. 
(3)Driving dataThe term driving data includes any electronic information collected about— (A)a vehicle’s status, including its location or speed; or 
(B)any owner, lessee, driver, or passenger of a vehicle.  