Sign up for our daily briefing

Make your busy days simpler with Axios AM/PM. Catch up on what's new and why it matters in just 5 minutes.

Please enter a valid email.

Please enter a valid email.

Subscription failed
Thank you for subscribing!

Catch up on coronavirus stories and special reports, curated by Mike Allen everyday

Catch up on coronavirus stories and special reports, curated by Mike Allen everyday

Please enter a valid email.

Please enter a valid email.

Subscription failed
Thank you for subscribing!

Denver news in your inbox

Catch up on the most important stories affecting your hometown with Axios Denver

Please enter a valid email.

Please enter a valid email.

Subscription failed
Thank you for subscribing!

Des Moines news in your inbox

Catch up on the most important stories affecting your hometown with Axios Des Moines

Please enter a valid email.

Please enter a valid email.

Subscription failed
Thank you for subscribing!

Minneapolis-St. Paul news in your inbox

Catch up on the most important stories affecting your hometown with Axios Twin Cities

Please enter a valid email.

Please enter a valid email.

Subscription failed
Thank you for subscribing!

Tampa Bay news in your inbox

Catch up on the most important stories affecting your hometown with Axios Tampa Bay

Please enter a valid email.

Please enter a valid email.

Subscription failed
Thank you for subscribing!

Charlotte news in your inbox

Catch up on the most important stories affecting your hometown with Axios Charlotte

Please enter a valid email.

Please enter a valid email.

Subscription failed
Thank you for subscribing!

Please enter a valid email.

Please enter a valid email.

Subscription failed
Thank you for subscribing!

Illustration: Aïda Amer/Axios

Amidst legislative stalling, a consortium of twelve manufacturers has developed a framework for automotive cybersecurity best practices.

The big picture: At first glance, their guidelines hit the right points — incorporating security into design, developing risk assessment and incident response strategies — but current security solutions are not sufficient against increasingly sophisticated threats.

Background: The Self-Drive Act, a bill that didn't make it through Congress, required “manufacturers of highly automated vehicles to develop written cybersecurity and privacy plans for such vehicles prior to offering them for sale.”

  • However, it fell short of prescribing specific guidelines for how security systems will ensure those objectives.
  • In developing their own safety and cybersecurity guidelines, automakers were trying to keep drivers and passengers safe — and also aiming to satisfy regulators who, in the absence of industry action or input, could impose rules that may be less favorable to companies.

What's happening: Today, most security solutions rely on rules, logic and signatures to detect threats, but this means they can only detect known threats. Contemporary security systems essentially do the bare minimum to comply with security guidances.

  • This is one reason current security measures are not the best place to start in designing a framework. Any time hackers develop new viruses or malware, cybersecurity programs play catch-up.

What's needed: To go beyond compliance and prevent hackers before they compromise security measures, manufacturers need to develop systems that will enable them to meet these still-unknown threats.

  • Examination of vehicle system behavior anomalies could be a solution. If a hacker tries to install malware into a vehicle's ECU, the system would detect activity in the ECU that should not be taking place.
  • In another scenario, if a vehicle's ECU is acting in an irregular manner, that could mean that malware is present. The system could be programmed to block vehicle operations until the threat is addressed, preventing the malware from acting.

The bottom line: Cyber threats are increasing as more vehicles become connected, and as connected vehicles become more sophisticated. Current solutions are not advanced enough to satisfy the spirit of even the strictest security and privacy guidelines. Updating the solutions and frameworks should go hand in hand.

Yossi Vardi is the CEO of SafeRide Technologies, an automotive cybersecurity startup.

Go deeper

Scoop: Gina Haspel threatened to resign over plan to install Kash Patel as CIA deputy

CIA Director Gina Haspel. Photo: Win McNamee/Getty Images

CIA Director Gina Haspel threatened to resign in early December after President Trump cooked up a hasty plan to install loyalist Kash Patel, a former aide to Rep. Devin Nunes (R-Calif.), as her deputy, according to three senior administration officials with direct knowledge of the matter.

Why it matters: The revelation stunned national security officials and almost blew up the leadership of the world's most powerful spy agency. Only a series of coincidences — and last minute interventions from Vice President Mike Pence and White House counsel Pat Cipollone — stopped it.

Updated 6 hours ago - Politics & Policy

Coronavirus dashboard

Illustration: Sarah Grillo/Axios

  1. Health: Coronavirus deaths reach 4,000 per day as hospitals remain in crisis mode — CDC warns highly transmissible coronavirus variant could become dominant in U.S. in March.
  2. Politics: Biden says, "We will manage the hell out of" vaccine distribution — Biden taps ex-FDA chief to lead Operation Warp Speed amid rollout of COVID plan — Widow of GOP congressman-elect who died of COVID-19 will run to fill his seat.
  3. Vaccine: Battling Black mistrust of the vaccines"Pharmacy deserts" could become vaccine deserts — Instacart to give $25 to shoppers who get vaccine.
  4. Economy: Unemployment filings explode againFed chair: No interest rate hike coming any time soon —  Inflation rose more than expected in December.
  5. World: WHO team arrives in China to investigate pandemic origins.

John Weaver, Lincoln Project co-founder, acknowledges “inappropriate” messages

John Weaver aboard John McCain's campaign plane in February 2000. Photo: Robert Schmidt/AFP via Getty Images)

John Weaver, a veteran Republican operative who co-founded the Lincoln Project, declared in a statement to Axios on Friday that he sent “inappropriate,” sexually charged messages to multiple men.

  • “To the men I made uncomfortable through my messages that I viewed as consensual mutual conversations at the time: I am truly sorry. They were inappropriate and it was because of my failings that this discomfort was brought on you,” Weaver said.
  • “The truth is that I'm gay,” he added. “And that I have a wife and two kids who I love. My inability to reconcile those two truths has led to this agonizing place.”

You’ve caught up. Now what?

Sign up for Mike Allen’s daily Axios AM and PM newsletters to get smarter, faster on the news that matters.

Please enter a valid email.

Please enter a valid email.

Subscription failed
Thank you for subscribing!