NHTSA does not view cybersecurity as a barrier to third-party repairs

Federal regulators have attempted to address the need to protect cars and trucks from cybersecurity threats while ensuring their owners can access less expensive third-party repairs and maintenance.

The National Highway Traffic Safety Administration acknowledges this challenge in a “pre-final” version of its “Cybersecurity Best Practices for Modern Vehicle Security“, published Wednesday. The new guidelines update a 2016 version, after seeking comments on a draft version published in 2021.

Both the 2016 and 2022 versions state that the automotive industry should “consider the serviceability of vehicle components and systems by individuals and third parties”, and that the industry should “provide safeguards robust cybersecurity policies for vehicles that do not unduly restrict access by authorized alternative third parties”. party repair services.

But NHTSA added to the updated guidelines a clarifying statement: “NHTSA recognizes that the balance between third-party serviceability and cybersecurity is not necessarily easy to achieve. However, cybersecurity should not become a reason for limiting serviceability. Similarly, ease of maintenance should not limit strong cybersecurity controls.

Commenting on the updated guidelines last year, the National Motor Freight Traffic Association (NMFTA) interpreted the serviceability section to focus primarily on passenger vehicles.

In an opinion to be published Friday in the Federal Register regarding the new cybersecurity guidelines, however, NHTSA says that while many commentators felt the agency “needed to address heavy-duty vehicles more explicitly and directly… NHTSA believes that would be unnecessary since the scope of the project is the best practices already include heavy trucks.

The American Alliance for Vehicle Owners’ Rights (AAVOR), whose members include the Owner-Operator Independent Drivers Association, views the updated guidelines as a positive step for truck owners.

“Old drafts of best practices written before telematics became a major feature of trucks could be interpreted as a question of whether telematics could be cyber-secured,” AAVOR Director Greg Scott said at Freight Waves. “But the new guidelines seem to make it clear that cybersecurity and serviceability can co-exist.”

The American Trucking Associations also supports the non-restriction of aftermarket serviceability and serviceability of vehicle systems and component technologies, it noted in comments to the guidelines last year. last.

“ATA supports the freedom of motor carriers to maintain and service equipment through OEM and aftermarket solution providers. ATA did not respond in time to a request for comment on the final draft on Wednesday.

Besides her organization’s interpretation that the guidelines are focused on “specific passengers,” NMFTA executive director Debbie Sparks told FreightWaves she was happy with other aspects of the guidelines, including cyber -risks associated with spoofing signals.

“However, we believe that the absence of any change to [guidelines related to drivers’ smart devices] is disappointing,” Sparks said, “because it raises the question of how smart devices access vehicle networks as an OEM-only interaction, ignoring the important need for fleet authorization.

Click for more FreightWaves articles by John Gallagher.

About Dwight E. McCray

Check Also

First point of contact for industrial electronic equipment repairs

Building on a unique service offering base in the automotive market, Injetronics is beginning to …