With an audience of federal regulators, General Motors' chief product cybersecurity officer decided on Wednesday to share a lesson in British history.

It was in the late 19th century when the British Parliament passed the Locomotive Acts, a set of policies that became known as the red flag laws for requiring drivers of automobiles to have someone out in front waving a red flag to warn of the approaching vehicle. That measure, along with tight speed limits, was part of a well-intended effort to protect everyone from drivers and passengers to pedestrians and livestock.

But they “eventually proved to be too much,” said Jeff Massimilla, the GM official. Those rules drove the emerging auto industry to Germany and the United States.

More than a century later, Massimilla said that outcome for Britain provides a “gentle reminder to embrace the future” as automakers and the tech industry push to develop self-driving technology—and regulators try to keep up.

Massimilla delivered his remarks at a conference hosted by the Federal Trade Commission and the National Highway Traffic Safety Administration, the two agencies that hold the keys to setting cybersecurity and safety standards for autonomous cars. His comments fit within a theme Wednesday of cautioning against over-regulating at the cost of innovation that carries the potential of preventing thousands of traffic deaths each year.


Federal Trade Commission Chair Maureen Ohlhausen. (June 12, 2014.)

Photo by Diego M. Radzinschi/ ALM MEDIA

Maureen Ohlhausen, a Republican FTC commissioner who's now leading the agency, said regulators would need to exercise “humility,” understanding the benefits and the risks of connected cars. Citing the National Safety Council's estimate that as many as 40,000 people died last year in vehicle crashes, Ohlhausen said connected cars “promise to significantly reduce such fatalities.” Regulators, she added, need to be careful not to take steps that would hinder that outcome.

Referring to the NHTSA, she said, “It means we must continue to work with our sister agency to avoid unnecessary or duplicative regulations that could stop or slow innovation.”

While their life-saving potential is clear, connected cars raise significant cybersecurity concerns. In October, the NHTSA released best practices to protect connected vehicles from cyberattacks and unauthorized access that could compromise consumers' personal data. The NHTSA guidance pushed for vehicles to be able to quickly detect and respond “in the field” to a cybersecurity breach.

“It's not a question of if our industry will see a serious cyber incident but when,” Massimilla said.

“We recognize the importance of cybersecurity, not just as a company but as an industry,” he said. “It affects us all. We support and are fully committed to implementing the NHTSA best practices published last year.”