December 18, 2017

“FASTER, SMARTER, GREENER–THE FUTURE OF THE CAR AND URBAN MOBILITY”

October 11, 2017, I attended Next Energy for the book launch of “Faster, Smarter, Greener—THE FUTURE OF THE CAR AND URBAN MOBILITY” by Dr. Venkat Sumantran, Chairman of Celeris Technologies and formerly with General Motors.  Dr Sumantran stated that the mobility system of the future must be:

  • Connected;
  • Heterogeneous;
  • Intelligent; and
  • Personalized

Dr Sumantran discussed the above areas which he called CHIP mobility. It was a very interesting presentation.  After the presentation, there was a panel discussion and questions from the audience.  Members of the panel were:

  • Sue Zielinski, former Director of Ann Arbor SMART, and now an independent consultant
  • Mark Schulz, Founder and Special Venture Partner of Fontinalis Partners; and
  • Jean Redfield, President and CEO of Next Energy

I obtained a copy of the book and can’t wait to read it.

On January 12, 2017, NHTSA Published a Notice of Proposed Rulemaking on a Safety Standard for Vehicle to Vehicle Communications (49 CFR 571.150 or FMVSS 150)

DATES:  Comments must be received on or before April 12, 2017

The 166 Page rule can be found at https://www.gpo.gov/fdsys/pkg/FR-2017-01-12/pdf/2016-31059.pdf

Here is my outline of the Executive Summary:

 Executive Summary

  1. The proposal contains V2V communication performance requirements predicated on the use of on-board dedicated short-range radio communication (DSRC) devices to transmit Basic Safety Messages (BSM) about a vehicle’s speed, heading, brake status, and other vehicle information to surrounding vehicles, and receive the same information from them.
  2. The proposal also provides a path for vehicles to comply by deploying other technologies that meet performance and interoperability requirements, including interoperability with DSRC.
  3. V2V would employ omnidirectional radio signals that provide 360 degree coverage along with offering the ability to “see” around corners and “see” through other vehicles. V2V is not restricted by the same line-of-sight limitations as technologies that rely on vehicle-resident sensors.
  4. V2V technology will not be limited by weather, sunlight, shadows, or cleanliness
  5. V2V would enable surrounding vehicles to help each other by conveying safety information about themselves to other vehicles.
  6. V2V can provide information on the operational status (e.g., brake pedal status, transmission state, stability control status, vehicle at rest versus moving, etc.) of other V2V-equipped vehicles.
  7. Vehicle-resident systems can augment V2V systems by providing the information necessary to address crash scenarios not covered by V2V communications, such as lane and road departure.
  8. Overview of the Proposed Rule
    1. A V2V system as currently envisioned would be a combination of many elements. This includes a radio technology for the transmission and reception of messages, the structure and contents of “basic safety messages” (BSMs), the authentication of incoming messages by receivers, and, depending on a vehicle’s behavior, the triggering of one or more safety warnings to drivers.
    2. The agency is also proposing to require that vehicles be capable of receiving over-the-air (OTA) security and software updates (and to seek consumer consent for such updates where appropriate). In addition, NHTSA is also proposing that vehicles contain “firewalls” between V2V modules and other vehicle modules connected to the data bus to help isolate V2V modules being used as a potential conduit into other vehicle systems.
    3. The NPRM presents a comprehensive proposal for mandating DSRC-based V2V communications. That proposal includes a pathway for vehicles to comply using non-DSRC technologies that meet certain performance and interoperability standards. A key component of interoperability is a “common language” regardless of the communication technology used. Therefore, the agency’s proposal includes a common specification for basic safety message (BSM) content regardless of the potential communication technology. The proposal also provides potential performance-based approaches for two security functions in an effort to obtain reaction and comment from industry and the public. Following is a more comprehensive discussion of the proposal and potential alternatives for different aspects of V2V security:
  9. Communication Technology
    1. Proposal: NHTSA proposes to mandate DSRC technology – A DSRC unit in a vehicle sends out and receives “basic safety messages” (BSMs). DSRC communications within the 5.850 to 5.925 MHz band are governed by FCC 47 CFR Parts 0, 1, 2 and 95 for onboard equipment and Part 90 for road side units. In reference to the OSI model, the physical and data link layers (layers 1and 2) are addressed primarily by IEEE 802.11p as well as P1609.4; network, transport, and session layers (3,4 and 5) are addressed primarily by P1609.3; security communications are addressed by P1609.2; and additional session and prioritization related protocols are addressed by P1609.12. This mandate could also be satisfied using non-DSRC technologies that meet certain performance and interoperability standards.
  10. Message Format and Information
    1. NHTSA proposes to standardize the content, initialization time, and transmission characteristics of the Basic Safety Message (BSM) regardless of the V2V communication technology potentially used. The agency’s proposed content requirements for BSMs are largely consistent with voluntary consensus standards SAE 2735 and SAE 2945 which contains data elements such as speed, heading, trajectory, and other information, although NHTSA purposely does not require some elements to alleviate potential privacy concerns. Standardizing the message will facilitate V2V devices “speaking the same language,” to ensure interoperability.
  11. Message Authentication
    1. Public Key Infrastructure Proposal: NHTSA proposes V2V devices sign and verify their basic safety messages using a Public Key Infrastructure (PKI) digital signature algorithm in accordance with performance requirements and test procedures for BSM transmission and the signing of BSMs.
    2. Alternative Approach – Performance-based Only:  This performance only approach simply states that a receiver of a BSM message must be able to validate the contents of a message such that it can reasonably confirm that the message originated from a single valid V2V device, and the message was not altered during transmission. THE AGENCY SEEKS COMMENTS ON THIS POTENTIAL ALTERNATIVE.
    3. Alternative Approach — No Message Authentication: This second alternative stays silent on a specific message authentication requirement. BSM messages would still be validated with a checksum, or other integrity check, and be passed through a misbehavior detection system to attempt to filter malicious or misconfigured messages. Implementers would be free to include message authentication as an optional function. THE AGENCY SEEKS COMMENTS ON THIS POTENTIAL ALTERNATIVE.
  12. Misbehavior Detection and Reporting
    1. Primary Misbehavior Detection and Reporting Proposal: NHTSA proposes to mandate requirements that would establish procedures for communicating with a Security Credential Management System to report misbehavior; and learn of misbehavior by other participants. This includes detection methods for a device hardware and software to ensure that the device has not been altered or tampered with from intended behavior. This approach enhances the ability of V2V devices to identify and block messages from other misbehaving or malfunctioning V2V devices.
    2. Misbehavior Detection Alternative Approach: An alternative for misbehavior detection imposes no requirement to report misbehavior or implement device blocking based to an authority. However, implementers would need to identify methods that check a devices’ functionality, including hardware and software, e to ensure that the device has not been altered or tampered with from intended behavior. Implementers would be free to include misbehavior detection and reporting and as optional functions. THE AGENCY SEEKS COMMENTS ON THIS POTENTIAL ALTERNATIVE.
  13. Hardware Security
    1. NHTSA proposes that V2V equipment be “hardened” against intrusion (FIPS-140 Level 3) by entities attempting to steal its security credentials.
  14. Effective Date
    1. The agency is proposing that the effective date for manufacturers to begin implementing these new requirements would be two model years after the final rule is adopted, with a three year phase-in period to accommodate vehicle manufacturers’ product cycles. Assuming a final rule is issued in 2019, this would mean that the phase-in period would begin in 2021, and all vehicles subject to that final rule would be required to comply in 2023.
  15. Safety Applications
    1. The agency is not proposing to require specific V2V safety applications at this time. It believes the V2V communications it is proposing will create the standardized information environment that will, in turn, allow innovation and market competition to develop improved safety and other applications.
  16. Authority
  17. Privacy and Security
    1. V2V systems would be required to be designed from the outset to minimize risks to consumer privacy. The NPRM proposes to exclude from V2V transmitting information that directly identifies a specific vehicle or individual regularly associated with a vehicle, such as owner’s or driver’s name, address, or vehicle identification numbers, as well as data “reasonably linkable”3 to an individual. Additionally, the proposal contains specific privacy and security requirements with which manufacturers would be required to comply
    2. The Draft Privacy Impact Assessment that accompanies this proposal contains detailed information on the potential privacy risks posed by the V2V communications system, as well as the controls designed into that system to minimize risks to consumer privacy
  18. Estimated costs and benefits
    1. In this NPRM, the agency proposes that all light vehicles be equipped with technology that allows for V2V communications, but has decided not to propose to mandate any specific safety applications at this time, instead allowing them to be developed and adopted as determined by the market. The Agency believes that this market-based approach to application development and deployment makes estimating the potential costs and benefits of V2V quite difficult.
  19. Regulatory Alternatives
    1. First, the agency considered an “if-equipped” standard, which would entail simply setting a conditional standard stating that “if a new vehicle is equipped with devices capable of V2V communications, then it is required to meet the following requirements.” However, the agency did not adopt this alternative as the proposal because the agency believes that anything short of a mandate for universal V2V capability on all new vehicles would not lead a sufficient fraction of the vehicle fleet to be equipped with V2V to enable full realization of the technology’s potential safety benefits.
    2. Second, the agency considered a regulatory alternative of requiring that V2V-capable vehicles also be equipped with the two safety applications analyzed in this proposed rule – Intersection Movement Assist (IMA) and Left Turn Assist (LTA) – in addition to V2V capability. This alternative would speed the introduction and increase the certainty of safety benefits. However, because performance requirements and test procedures for these safety applications are still nascent, the Agency did not propose this alternative.

 

On November 29, 2016, NHTSA Announced a Public Meeting on the Federal Automated Vehicle Policy

DATES: Registration must be completed on or before December 9, 2016.  The meeting will be held December 12, 2016 in Arlington Virginia.

PURPOSE: The morning portion of the meeting will be to look at the Section II of the Federal Automated Vehicles Policy–Model State Policy.  The afternoon session will discuss Section IV of the Policy—Modern Regulatory Tools.  The meeting will be available by webcast  at http:// www.nhtsa.gov/nhtsa/av/index.html.

 

On April 1, 2016, NHTSA Published a Request for Public Comments on NHTSA Enforcement Guidance Bulletin 2016–02: Safety-Related Defects and Emerging Automotive Technologies

DATES: Comments must be received on or before May 2, 2016

HIGHLIGHTS: The proposed Enforcement Guidance Bulletin set forth in this notice contains NHTSA’s current views on emerging automotive technologies—including its view that when vulnerabilities of such technology or equipment pose an unreasonable risk to safety, those vulnerabilities constitute safety-related defect—and suggests guiding principles and best practices for motor vehicle and equipment manufacturers in this context.

Part III of the notice sets forth the “Guidance and Recommended Best Practices: Safety-Related Defects, Unreasonable Risk, and Emerging Technologies”. 

 To avoid violating Safety Act requirements and standards, manufacturers of emerging technology and the motor vehicles on which such technology is installed are strongly encouraged to take steps to proactively identify and resolve safety concerns before their products are available for use on public roadways.

In the case of cybersecurity vulnerabilities, NHTSA will weigh several factors in determining whether a vulnerability poses an unreasonable risk to safety (and thus constitutes a safety related defect), including: (i) the amount of time elapsed since the vulnerability was discovered (e.g., less than one day, three months, or more than six months); (ii) the level of expertise needed to exploit the vulnerability (e.g., whether a layman can exploit the vulnerability or whether it takes experts to do so); (iii) the accessibility of knowledge of the underlying system (e.g., whether how the system works is public knowledge or whether it is sensitive and restricted); (iv) the necessary window of opportunity to exploit the vulnerability (e.g., an unlimited window or a very narrow window); and, (v) the level of equipment needed to exploit the vulnerability (e.g., standard or highly specialized). NHTSA uses those factors, and others, to help assess the overall probability of a malicious cybersecurity attack.

Manufacturers should consider adopting a life-cycle approach to safety risks when developing automated vehicles, other innovative automotive technologies, and safety compliance programs and other business practices in connection with such technologies. A life-cycle approach would include elements of assessment, design, implementation, and operations as well as an effective testing and certification program.

Considering hardware, software, and network and cloud security, manufacturers should consider developing a simulator, using case scenarios and threat modeling on all systems, sub-systems, and devices, to test for safety risks, including cybersecurity vulnerabilities, at all steps in the manufacturing process for the entire supply chain, to implement an effective risk mitigation plan.

This Bulletin is not intended, nor can it be relied upon, to create any rights enforceable by any party against NHTSA, the U.S. Department of Transportation, or the United States. These recommended practices do not establish any defense to any violations of the Safety Act, or regulations thereunder, or violation of any statutes or regulations that NHTSA administers. This Bulletin may be revised in writing without notice to reflect changes in the Agency’s views and analysis, or to clarify and update text

On March 18, 2016, NHTSA Published a Notice of Public Meeting on Guidelines for Safe Deployment of Automated Vehicle Safety Technologies

DATES: The meeting will take place on April 8, 2016.  A transcript of the meeting may be obtained from the court Reporter.  Written comments may be filed on or before May 9, 2016.  A separate meeting will be held on the West Coast at a later date.

EXCERPTS: NHTSA is seeking public input on those aspects of automated vehicle (AV) systems that would benefit from operational guidelines. For example, of high importance to the Agency is information on the roadway scenarios and operational environments highly automated vehicles will need to address and the associated design and evaluation processes and methods needed to ensure that AV systems can detect and appropriately react to these scenarios such that a high level of safety is assured when these systems are deployed on US roadways. Also of interest would be input on aspects of automated vehicle technology that may not be suitable or ready for guidelines. For these areas, information would be useful on alternative approaches to assure safety.