Vehicle Cybersecurity a key part of USDOT’s Federal Autonomous Vehicle Policy
Identification, protection, detection, response and recovery functions should be in place, DOT says
September 20th saw the USDOT announcing voluntary federal guidelines for Highly Automated Vehicles (HAVs) to promote safe and secure AV testing and deployment across the country. The voluntary guidance signals DOT’s intention not to mandate AV rules but to work with OEMs and other companies developing autonomous driving technology.
Status of AV regulation in the U.S: testing and deployment
The United States offer a favourable environment for AV testing and deployment- North America was the first region to introduce legislation to permit testing of automated vehicles. No federal regulatory framework is present as states were responsible for deciding whether or not to approve AV testing.
What is more, a self-certification process applies in the US, i.e. OEMs need to make sure that their vehicles and standard vehicle equipment comply with all relevant FMVSSs NHTSA issues.
Key findings from FAVP
Amid the absence of federal AV regulation and inconsistencies between state-level testing and deployment Autonomous Vehicle regulations NHTSA’s Vehicle Performance Guidance provides an outline for best practices for anyone seeking to manufacture, design, test, use or sell automated vehicles or vehicle automation equipment in the United States. The guidance focuses on highly automated vehicles (HAVs=SAE L3/L4/L5) and applies to light, medium and heavy vehicles, whether developed for testing or production.
- Voluntary guidelines for HAVs instead of regulation to avoid lengthy regulatory process (4-8 years) and enable updatability (annually) and relevance
- Guidance is not mandatory but the consensus is that NHTSA will make the VGP elements mandatory, similar to a FAA type approval. USDOT’s chief announced yesterday that the next U.S. president will formalise the AV rules
- USDOT wants L2 and HAV manufacturers to voluntarily submit the 15-point Safety Assessment for testing and deployment: (meet / not meet guidance / Not applicable). This ‘’Pre-market approval for testing and deployment’’ of HAVs marks a significant change to NHTSA’s current regulatory regime of “self-certification” with all FMVSSs, post-fitment
- The change from self-certification process to pre-testing and pre-deployment approval, as well as the large amount of data recording and sharing required, have been met with criticism from the auto industry as it could drastically slow down the rollout of driverless cars
- The policy has immediate effect apart from data and information collection. Comments are expected until November 22
”Manufacturers and other entities should follow a robust product development process based on a systems-engineering approach to minimize risks to safety, including those due to cybersecurity threats and vulnerabilities. This process should include systematic and ongoing safety risk assessment for the HAV system, the overall vehicle design into which it is being integrated, and when applicable, the broader transportation ecosystem. The identification, protection, detection, response, and recovery functions should be used to enable risk management decisions, address risks and threats, and enable quick response to and learning from cybersecurity events.
Identification, protection, detection, response, and recovery functions
While this is an evolving area and more research is necessary before proposing a regulatory standard, entities are encouraged to design their HAV systems following established best practices for cyber physical vehicle systems. In particular, entities should consider and incorporate guidance, best practices, and design principles published by National Institute for Standards and Technology (NIST), NHTSA, SAE International, the Alliance of Automobile Manufacturers, the Association of Global Automakers, the Automotive Information Sharing and Analysis Center (ISAC) and other relevant organizations.
The entire process of incorporating cybersecurity considerations should be fully documented and all actions, changes, design choices, analyses, associated testing and data should be traceable within a robust document version control environment.
As with safety data, industry sharing on cybersecurity is important. Each industry member should not have to experience the same cyber vulnerabilities in order to learn from them. That is the purpose of the Auto-ISAC, to promote group learning. To that end entities should report any and all discovered vulnerabilities from field incidents, internal testing, or external security research to the Auto-ISAC as soon as possible, regardless of membership. Entities involved with HAVs should consider adopting a vulnerability disclosure policy.”
What happens next
Although most of the guidance is effective immediately, NHTSA has invited public comment for 60 days at www.transportation.gov/AV. Today, DOT’s chief said that the next president would formalize self-drive rules into a mandate.
These developments reaffirm our position that Automotive Cyber Security is now a top priority for carmakers, as well as regulators, because of its implications on physical safety, the carmakers’ whole business and the transition towards more automated vehicles.
Collaborative, proactive Automotive Cyber Security is paramount, but is it realistic?
Although we view any collaborative, industry-wide agreement as a step forward, we approach this development with scepticism because of the degree of effectiveness when relying in voluntary agreements in an industry characterised by the lack of collaboration among OEMs.
Carmakers disagree on the effectiveness of a mandate, with some arguing that industry-wide cybersecurity guidelines and practices would be more appropriate to mitigate real-life malicious cyber-attacks than a government regulation in terms of speed of action and relevance.
But in our view, mandatory fitment of robust software and/or hardware solutions together with industry-wide standards and certification of peripheral devices can reduce organised crime’s incentives to attack cars as their probability of success and their gain from infiltrating car security will decrease significantly.
To get a better understanding of how global Car Cybersecurity regulation evolves and its implications for leading players read in our report Automotive Cyber Security Market Forecast: the secure Connected Car.