[Congressional Bills 117th Congress]
[From the U.S. Government Publishing Office]
[H.R. 3262 Introduced in House (IH)]

<DOC>






117th CONGRESS
  1st Session
                                H. R. 3262

   To require the Secretary of Transportation to submit a report on 
  cybersecurity risks to motor vehicle safety, and for other purposes.


_______________________________________________________________________


                    IN THE HOUSE OF REPRESENTATIVES

                              May 14, 2021

  Mr. Upton introduced the following bill; which was referred to the 
                    Committee on Energy and Commerce

_______________________________________________________________________

                                 A BILL


 
   To require the Secretary of Transportation to submit a report on 
  cybersecurity risks to motor vehicle safety, and for other purposes.

    Be it enacted by the Senate and House of Representatives of the 
United States of America in Congress assembled,

SECTION 1. SHORT TITLE.

    This Act may be cited as the ``Guarding against Unauthorized 
Attacks Related to Driving Act'' or the ``GUARD Act''.

SEC. 2. CYBERSECURITY RISKS TO MOTOR VEHICLE SAFETY STUDY AND REPORT 
              REQUIRED.

    (a) Study Required.--Not later than 1 year after the date of the 
enactment of this Act, the Secretary of Transportation, in coordination 
with any other appropriate Federal agency, shall conduct a study on the 
state of cybersecurity regarding motor vehicles. In conducting such 
study, the Secretary shall--
            (1) develop a comprehensive list of Federal agencies with 
        jurisdiction over cybersecurity and a brief description of such 
        jurisdiction or expertise of such agencies;
            (2) identify all interagency activities taking place among 
        Federal agencies related to cybersecurity regarding motor 
        vehicles, including working groups or any other relevant 
        coordinated effort;
            (3) develop a comprehensive list of public-private 
        partnerships focused on cybersecurity regarding motor vehicles, 
        as well as any industry-based bodies, including international 
        bodies, which have developed, or are developing, mandatory or 
        voluntary standards for cybersecurity and the status of such 
        standards;
            (4) identify each regulation, guideline, mandatory 
        standard, voluntary standard, and other policy implemented by 
        each Federal agency identified under this subsection and each 
        guideline, mandatory standard, voluntary standard, and other 
        policy implemented by industry-based and recognized 
        international bodies;
            (5) review the technology, measures, guidelines, or 
        practices used across the motor vehicle industry as of the date 
        of the enactment of this Act to identify, protect, detect, 
        respond to, or recover from cyber security incidents affecting 
        the safety of a motor vehicle, focusing on the most advanced 
        vehicle security solutions such as AI-driven vehicle security 
        software;
            (6) identify existing cybersecurity resources to assist 
        individuals in maintaining awareness of cybersecurity risks 
        associated with motor vehicle safety and mechanisms for 
        alerting a human driver or operator regarding cybersecurity 
        vulnerabilities;
            (7) identify means to protect vehicle occupants from 
        cybersecurity incidents affecting safety that may arise while 
        the motor vehicle is operating; and
            (8) identify pervasive industry vehicle software security 
        solutions, such as, embedded in at least 150 million vehicles 
        and 50 percent of the electric vehicle marketplace at the time 
        of enactment.
    (b) Report Required.--Not later than 6 months after completion of 
the study required pursuant to subsection (a), the Secretary shall 
submit to the Committee on Energy and Commerce of the House of 
Representatives and the Committee on Commerce, Science, and 
Transportation of the Senate a report that contains--
            (1) the results of the study;
            (2) recommendations to enable the exchange of information 
        and lessons learned across the industry, and across relevant 
        Federal agencies, regarding cybersecurity incidents, threats, 
        and potential vulnerabilities in a timely manner; and
            (3) recommendations for other measures deemed reasonable, 
        appropriate, and practicable with respect to cybersecurity 
        related to motor vehicle safety.
    (c) Motor Vehicle Defined.--The term ``motor vehicle'' has the 
meaning given that term in section 30102 of title 49, United States 
Code.
                                 <all>