Confronting the Regulatory Challenge of Cyber Security in Smart Cars – H-CSRCL Newsletter Editorial #9

Welcome to the ninth newsletter of the HUJI CyberLaw Program.

One of the missions of our Program is to identify fields of human and cyber activity that suffer from under-regulation or are regulated in ways that are outdated or otherwise inappropriate. Through comparative research across legal systems and regulatory schemes, quantitative and qualitative study of policy problems, and the application of theoretical models of law, regulation, and behavioral studies, we strive to make concrete policy recommendations. Such recommendations can have very practical applications for regulators, industry, lawyers, and other concerned individuals, interest groups, and public and private entities.

One area we have identified as presenting a particularly acute challenge is cyber security for smart cars. All new cars rely heavily on multiple computerized control systems – effectively a sub-category of the internet of things – that are vulnerable to cyberattacks at various stages of their production, installation, and operation. It has already been demonstrated that hackers can overtake vehicle control systems and cause them to crash – see e.g. https://www.youtube.com/watch?v=MK0SrxBC1xshttps://www.youtube.com/watch?v=MK0SrxBC1xs). Software-based monitoring systems have been manipulated in order to circumvent quality inspections (see e.g. https://qz.com/669808/all-the-creative-ways-carmakers-manipulate-emissio...).

Against this background, the Program (in collaboration with Or Yarok – an Israeli non-profit organization dedicated to fighting traffic accidents – and the Israeli Association of Insurance Companies) recently launched a new research program designed to propose new approaches to regulating smart cars. Although the regulatory challenge is significant, given the large number of relevant systems and their supply chains, the overlapping jurisdiction of multiple countries and multiple businesses, and the interplay in this field between private, public, and criminal law, the regulation of smart cars also present some unique opportunities. Cars are subject to multiple import, licensing, and testing requirements; their use is also subject to legal regulation and mandatory insurance. Arguably, car mechanics, insurance officers and regulators can and should incorporate into the standards of review they utilize concerns about cybersecurity and, more broadly, privacy and other human rights.

Our research team, spearheaded by Dr. Haim Wismonsky, is embarking on a research of law, technology, and regulatory practices in Israeli and abroad, with a view to clarifying the legal terrain, developing alternative policy options, and proposing policy recommendations. The work of the research team will hopefully have a real impact on the law and practice in this field in Israel. Furthermore, we are exploring the possibility of expanding the research to other jurisdictions with a large car industry and even more complex regulatory framework. More broadly, the findings of the research will no doubt contribute to our understanding of the regulatory challenges confronting the field of cyber security as a whole.

With the start of the Israeli academic year, let me wish you all a very successful year of studies, teaching, and research.

Sincerely,

Yuval Shany

Program Director

Confronting the Regulatory Challenge of Cyber Security in Smart Cars – H-CSRCL Newsletter Editorial #9

Latest News

Comment on Fairness in the Context of the Israeli Credit Scoring Initiative

Interview - Maria Varaki

Interview - Eduardo Iglesias Jiménez

New Lex Cybernetica Podcast – Vulnerability of Smart Medicine

New Blog Post – Bursting the Bubble on Echo Chambers of Radicalization