December 19, 2018

On January 12, 2017, NHTSA Published a Notice of Proposed Rulemaking on a Safety Standard for Vehicle to Vehicle Communications (49 CFR 571.150 or FMVSS 150)

DATES:  Comments must be received on or before April 12, 2017

The 166 Page rule can be found at https://www.gpo.gov/fdsys/pkg/FR-2017-01-12/pdf/2016-31059.pdf

Here is my outline of the Executive Summary:

 Executive Summary

  1. The proposal contains V2V communication performance requirements predicated on the use of on-board dedicated short-range radio communication (DSRC) devices to transmit Basic Safety Messages (BSM) about a vehicle’s speed, heading, brake status, and other vehicle information to surrounding vehicles, and receive the same information from them.
  2. The proposal also provides a path for vehicles to comply by deploying other technologies that meet performance and interoperability requirements, including interoperability with DSRC.
  3. V2V would employ omnidirectional radio signals that provide 360 degree coverage along with offering the ability to “see” around corners and “see” through other vehicles. V2V is not restricted by the same line-of-sight limitations as technologies that rely on vehicle-resident sensors.
  4. V2V technology will not be limited by weather, sunlight, shadows, or cleanliness
  5. V2V would enable surrounding vehicles to help each other by conveying safety information about themselves to other vehicles.
  6. V2V can provide information on the operational status (e.g., brake pedal status, transmission state, stability control status, vehicle at rest versus moving, etc.) of other V2V-equipped vehicles.
  7. Vehicle-resident systems can augment V2V systems by providing the information necessary to address crash scenarios not covered by V2V communications, such as lane and road departure.
  8. Overview of the Proposed Rule
    1. A V2V system as currently envisioned would be a combination of many elements. This includes a radio technology for the transmission and reception of messages, the structure and contents of “basic safety messages” (BSMs), the authentication of incoming messages by receivers, and, depending on a vehicle’s behavior, the triggering of one or more safety warnings to drivers.
    2. The agency is also proposing to require that vehicles be capable of receiving over-the-air (OTA) security and software updates (and to seek consumer consent for such updates where appropriate). In addition, NHTSA is also proposing that vehicles contain “firewalls” between V2V modules and other vehicle modules connected to the data bus to help isolate V2V modules being used as a potential conduit into other vehicle systems.
    3. The NPRM presents a comprehensive proposal for mandating DSRC-based V2V communications. That proposal includes a pathway for vehicles to comply using non-DSRC technologies that meet certain performance and interoperability standards. A key component of interoperability is a “common language” regardless of the communication technology used. Therefore, the agency’s proposal includes a common specification for basic safety message (BSM) content regardless of the potential communication technology. The proposal also provides potential performance-based approaches for two security functions in an effort to obtain reaction and comment from industry and the public. Following is a more comprehensive discussion of the proposal and potential alternatives for different aspects of V2V security:
  9. Communication Technology
    1. Proposal: NHTSA proposes to mandate DSRC technology – A DSRC unit in a vehicle sends out and receives “basic safety messages” (BSMs). DSRC communications within the 5.850 to 5.925 MHz band are governed by FCC 47 CFR Parts 0, 1, 2 and 95 for onboard equipment and Part 90 for road side units. In reference to the OSI model, the physical and data link layers (layers 1and 2) are addressed primarily by IEEE 802.11p as well as P1609.4; network, transport, and session layers (3,4 and 5) are addressed primarily by P1609.3; security communications are addressed by P1609.2; and additional session and prioritization related protocols are addressed by P1609.12. This mandate could also be satisfied using non-DSRC technologies that meet certain performance and interoperability standards.
  10. Message Format and Information
    1. NHTSA proposes to standardize the content, initialization time, and transmission characteristics of the Basic Safety Message (BSM) regardless of the V2V communication technology potentially used. The agency’s proposed content requirements for BSMs are largely consistent with voluntary consensus standards SAE 2735 and SAE 2945 which contains data elements such as speed, heading, trajectory, and other information, although NHTSA purposely does not require some elements to alleviate potential privacy concerns. Standardizing the message will facilitate V2V devices “speaking the same language,” to ensure interoperability.
  11. Message Authentication
    1. Public Key Infrastructure Proposal: NHTSA proposes V2V devices sign and verify their basic safety messages using a Public Key Infrastructure (PKI) digital signature algorithm in accordance with performance requirements and test procedures for BSM transmission and the signing of BSMs.
    2. Alternative Approach – Performance-based Only:  This performance only approach simply states that a receiver of a BSM message must be able to validate the contents of a message such that it can reasonably confirm that the message originated from a single valid V2V device, and the message was not altered during transmission. THE AGENCY SEEKS COMMENTS ON THIS POTENTIAL ALTERNATIVE.
    3. Alternative Approach — No Message Authentication: This second alternative stays silent on a specific message authentication requirement. BSM messages would still be validated with a checksum, or other integrity check, and be passed through a misbehavior detection system to attempt to filter malicious or misconfigured messages. Implementers would be free to include message authentication as an optional function. THE AGENCY SEEKS COMMENTS ON THIS POTENTIAL ALTERNATIVE.
  12. Misbehavior Detection and Reporting
    1. Primary Misbehavior Detection and Reporting Proposal: NHTSA proposes to mandate requirements that would establish procedures for communicating with a Security Credential Management System to report misbehavior; and learn of misbehavior by other participants. This includes detection methods for a device hardware and software to ensure that the device has not been altered or tampered with from intended behavior. This approach enhances the ability of V2V devices to identify and block messages from other misbehaving or malfunctioning V2V devices.
    2. Misbehavior Detection Alternative Approach: An alternative for misbehavior detection imposes no requirement to report misbehavior or implement device blocking based to an authority. However, implementers would need to identify methods that check a devices’ functionality, including hardware and software, e to ensure that the device has not been altered or tampered with from intended behavior. Implementers would be free to include misbehavior detection and reporting and as optional functions. THE AGENCY SEEKS COMMENTS ON THIS POTENTIAL ALTERNATIVE.
  13. Hardware Security
    1. NHTSA proposes that V2V equipment be “hardened” against intrusion (FIPS-140 Level 3) by entities attempting to steal its security credentials.
  14. Effective Date
    1. The agency is proposing that the effective date for manufacturers to begin implementing these new requirements would be two model years after the final rule is adopted, with a three year phase-in period to accommodate vehicle manufacturers’ product cycles. Assuming a final rule is issued in 2019, this would mean that the phase-in period would begin in 2021, and all vehicles subject to that final rule would be required to comply in 2023.
  15. Safety Applications
    1. The agency is not proposing to require specific V2V safety applications at this time. It believes the V2V communications it is proposing will create the standardized information environment that will, in turn, allow innovation and market competition to develop improved safety and other applications.
  16. Authority
  17. Privacy and Security
    1. V2V systems would be required to be designed from the outset to minimize risks to consumer privacy. The NPRM proposes to exclude from V2V transmitting information that directly identifies a specific vehicle or individual regularly associated with a vehicle, such as owner’s or driver’s name, address, or vehicle identification numbers, as well as data “reasonably linkable”3 to an individual. Additionally, the proposal contains specific privacy and security requirements with which manufacturers would be required to comply
    2. The Draft Privacy Impact Assessment that accompanies this proposal contains detailed information on the potential privacy risks posed by the V2V communications system, as well as the controls designed into that system to minimize risks to consumer privacy
  18. Estimated costs and benefits
    1. In this NPRM, the agency proposes that all light vehicles be equipped with technology that allows for V2V communications, but has decided not to propose to mandate any specific safety applications at this time, instead allowing them to be developed and adopted as determined by the market. The Agency believes that this market-based approach to application development and deployment makes estimating the potential costs and benefits of V2V quite difficult.
  19. Regulatory Alternatives
    1. First, the agency considered an “if-equipped” standard, which would entail simply setting a conditional standard stating that “if a new vehicle is equipped with devices capable of V2V communications, then it is required to meet the following requirements.” However, the agency did not adopt this alternative as the proposal because the agency believes that anything short of a mandate for universal V2V capability on all new vehicles would not lead a sufficient fraction of the vehicle fleet to be equipped with V2V to enable full realization of the technology’s potential safety benefits.
    2. Second, the agency considered a regulatory alternative of requiring that V2V-capable vehicles also be equipped with the two safety applications analyzed in this proposed rule – Intersection Movement Assist (IMA) and Left Turn Assist (LTA) – in addition to V2V capability. This alternative would speed the introduction and increase the certainty of safety benefits. However, because performance requirements and test procedures for these safety applications are still nascent, the Agency did not propose this alternative.