(c)iStock.com/graphicnoi

Even though the US government's Security and Privacy in Your Car Act (SPY Car Act) action is being taken to enhance car cyber security, automakers remain passive.

That’s the key finding from a whitepaper by Frost & Sullivan. The SPY Car Act is a major legislative milestone with the potential to protect vehicles that are communicating more with outside architecture and other cars, exposing themselves to cyber security risks. It is focused on setting up hack mitigation and data privacy standards, and ultimately aims to establish a mandatory 'cyber dashboard' rating system for vehicle privacy and security.

The act came about less than two months after House Energy and Commerce Committee leaders sent letters outlining cyber security challenges for cars to the National Highway Traffic Safety Administrations (NHTSA) as well as the heads of major automakers. Frost & Sullivan's whitepaper, titled 'Cybersecurity: Automakers Remain Passive as Government Takes Action', shows that automakers are willing to take steps to secure vehicles, but are less than enthusiastic of the new legislation.

Doug Gilman, automotive & transportation industry analyst, Frost & Sullivan, said, "Automakers must collaborate with the security community, become educated, and implement a holistic approach. Cybersecurity will continue to be a dominant topic, and OEMs, rather than the government, must take back the leadership role."

He added, "Global automakers have a difficult road ahead. The industry is constantly evolving, and vehicle vulnerabilities are increasing. With no proven vulnerability tracking, all connected vehicles are vulnerable. If automakers expect to have strong marks on their cyber dashboard, they cannot expect to accomplish it alone. The hacker needs to be right only once; automakers need to be right 100% of the time."

Car cyber security is becoming increasingly critical, as demonstrated by the hacking of Jeep Cherokee's infotainment system, which resulted in 1.4 million Chrysler vehicles being recalled. Over half the vehicles sold in the US in 2014 were connected vehicles. Frost & Sullivan predicts that there will eventually be malicious attempts to target vehicles on the road, with a clear and significant potential for fatalities. OEMs need to develop solutions to the cyber security challenges faced by future as well as existing connected cars, many of which have no security solutions at present.