DOT, Automakers Agree on Proactive Safety Principles
This is a very exciting time for the auto industry. And I don't just mean the 2016 North American International Auto Show taking place in Detroit.
Yesterday, I announced DOT’s efforts in 2016 to support the safe deployment of autonomous vehicles that carmakers have been developing. And that includes President Obama's proposal to invest $4 billion in pilot programs [external link] to make sure we get it right. And next week, the President will visit Detroit to celebrate a history-making year of record auto sales.
Secretary Foxx walks the Detroit Auto Show with NHTSA Administrator Mark Rosekind.
But there's another side to what is happening in the industry. While we should celebrate the good news, there has been talk of another kind of record: Record numbers of vehicles recalled, and record civil penalties issued by our National Highway Traffic Safety Administration (NHTSA).
Fast Lane readers know the stories. And you might know that Congress recently passed legislation that strengthens NHTSA's enforcement tools. But, you probably also know that real safety means finding and fixing defects before someone gets hurt, rather than just punishing manufacturers after the damage is done.
So that's why I'm excited to announce that, today, DOT and 18 automakers are taking a strong stand --together-- for a new proactive, collaborative approach to safety.
Secretary Foxx, NHTSA Administrator Rosekind with automakers.
We have finalized a historic agreement on a set of broad-ranging actions to help make our roads safer and help avoid the sort of safety crisis that generates the wrong kind of record-setting and headlines. The commitments we make today will help catch safety defects before they explode into massive recalls. They will help improve the quality of data that automakers and NHTSA analyze to identify defects today, and they will find ways to generate better data in the future.
DOT has experience with this kind of approach. In aviation, for example, we already have a model of industry-wide collaboration to support safety. The FAA’s safety management system (SMS) requires a willingness among the airlines to share safety data that can lead to discovering a defect before it hurts anyone. And this has dramatically reduced aviation accidents in our skies.
And, when a recall does become necessary, the commitments we're making today will help us reach consumers and get their vehicles repaired.
Additionally, today’s actions strengthen the industry's efforts to protect vehicle owners from cybersecurity risks. We all know that the performance today's vehicles achieve is due in large part to an increasing amount of computer hardware and software under the hood and behind the dashboard. And the era of automated vehicle technologies we're ushering in will add to that. So we have pledged to work collaboratively to mitigate cyber threats that could pose unreasonable safety risks. We will engage our best cybersecurity minds, share known vulnerabilities and countermeasures, and adopt best practices from within as well as outside of the auto industry.
This coming together of the global automotive industry with DOT and NHTSA to determine how we can make vehicles that are safer than ever before and even safer in the future --this is unprecedented. It was born of us gathering everyone in the same room last fall, and it was the product of an immense amount of work by the companies who have signed onto these principles and by our team at DOT.
It’s a new way of doing business for everybody, and new ways don’t come easily. But that's what you have to do to when the mission you share --making sure Americans can get safely to and from their destination every time they get in their car-- is so important.
You can read this historic agreement at www.transportation.gov/briefing-room/proactive-safety-principles-2016
4/26/2016, GAO -- The U.S. Government Accountability Office (GAO) conducted a recent study on vehcile cybersecurity and the efforts underway to protect drivers from future threats. There following is an excerpt of that study:
What GAO Found
Modern vehicles contain multiple interfaces—connections between the vehicle and external networks—that leave vehicle systems, including safety-critical systems, such as braking and steering, vulnerable to cyberattacks. Researchers have shown that these interfaces—if not properly secured—can be exploited through direct, physical access to a vehicle, as well as remotely through short-range and long-range wireless channels. For example, researchers have shown that attackers could compromise vulnerabilities in the short-range wireless connections to vehicles' Bluetooth units—which enable hands-free cell phone use—to gain access to in-vehicle networks, to take control over safety-critical functions such as the brakes. Among the interfaces that can be exploited through direct access, most stakeholders we spoke with expressed concerns about the statutorily mandated on-board diagnostics port, which provides access to a broad range of vehicle systems for emissions and diagnostic testing purposes. However, the majority of selected industry stakeholders we spoke with (23 out of 32) agreed that wireless attacks, such as those exploiting vulnerabilities in vehicles' built-in cellular-calling capabilities, would pose the largest risk to passenger safety. Such attacks could potentially impact a large number of vehicles and allow an attacker to access targeted vehicles from anywhere in the world. Despite these concerns, some stakeholders pointed out that such attacks remain difficult because of the time and expertise needed to carry them out and thus far have not been reported outside of the research environment.
Key Vehicle Interfaces That Could Be Exploited in a Vehicle Cyberattack
In this context, long-range refers to access at distances over 1 kilometer.
This port is mandated in vehicles by statute for emission-testing purposes and to facilitate diagnostic assessments of vehicles, such as by repair shops.
Selected industry stakeholders, both in the United States and Europe, informed GAO that a range of key practices is available to identify and mitigate potential vehicle-cybersecurity vulnerabilities. For instance, the majority of selected industry stakeholders we spoke with (22 out of 32) indicated that—to the extent possible—automakers should locate safety-critical systems and non-safety-critical systems on separate in-vehicle networks and limit communication between the two types of systems, a concept referred to as “domain separation.” However, some of these stakeholders also pointed out that complete separation is often not possible or practical because some limited communication will likely need to occur between safety-critical and other vehicle systems. In addition, selected industry stakeholders we spoke to identified technological solutions that can be incorporated into the vehicle to make it more secure. However, according to stakeholders, many of these technologies—such as message encryption and authentication, which can be used to secure and verify the legitimacy of communications occurring along in-vehicle networks—cannot be incorporated into existing vehicles. Rather, such technologies must be incorporated during the vehicle design and production process, which according to stakeholders, takes approximately 5 years to complete.
Read the rest of the study here: http://www.gao.gov/products/GAO-16-350?utm_medium=email&utm_source=transportationcommunicationsnewsletter