Today the DOT’s National Highway Transportation Safety Administration (NHTSA) published an advance notice of proposed rulemaking (ANPRM) in the Federal Register (79 FR 49270-49278) concerning potential creation of a Federal Motor Vehicle Safety Standard (FMVSS) for vehicle-to-vehicle (V2V) communications. NHTSA believes that requiring V2V communication capability in new light vehicles would facilitate the development and introduction of a number of advanced vehicle safety applications.
Along with the publication of this ANPRM NHTSA is publishing “Vehicle-to-Vehicle Communications: Readiness of V2V Technology for Application” (.PDF download link). According to the report abstract (pg i), the “report explores technical, legal, and policy issues relevant to V2V, analyzing the research conducted thus far, the technological solutions available for addressing the safety problems identified by the agency, the policy implications of those technological solutions, legal authority and legal issues such as liability and privacy”.
This ANPRM is not an actual proposal for any specific regulatory language; rather it asks a series of questions that NHTSA needs to have answered before it can proceed with the rulemaking process. The extensive list of questions covers ten general topics:
Of particular interest to readers of this blog will be the cybersecurity questions asked in the communications security section of the ANPRM. These questions include:
• Do commenters believe that using machine-to-machine PKI for V2V is feasible, and that a security system based on PKI provides the level of security needed to support wide-scale V2V deployment?
• Do commenters believe that the current security system design (as shown in Figure IX-3 of the research report) is a reasonable and sufficient approach for implementing a secure and trusted operating environment?
• Do commenters believe the Certificate Revocation List is necessary?
• Do commenters believe a V2V system would create new potential “threat vectors” (i.e., “ways into” a vehicle's electronic control unit) that could somehow control a vehicle or manipulate its responses beyond those existing in today's vehicles?
• Do commenters believe that V2V could introduce the threat of remote code execution, i.e., that, among possible threat vectors, malicious code could be introduced remotely into a vehicle through the DSRC [dedicated short-range communications] device and could create a threat to affected vehicles?
• Do commenters have suggestions on how NHTSA could mitigate these potential threats with standardized security practices and how NHTSA could implement a self-certification or third-party audit or testing program to guard against such threats?
• Does the absence of encryption of the Basic Safety Message itself create any security threat, e.g., reverse engineering of a V2V system?
• If OEM DSRC devices were kept up-to-date through the current methods of upgrading that existing consumer electronics use today, would the use of this updating process introduce a new attack vector?
• Is there a possibility of cyber-attacks across the entire vehicle fleet and, if so, how should they be analyzed and addressed?
• Are there any other specific security issues that have not been mentioned here, but that should be addressed in the V2V security review?
NHTSA is soliciting public responses to the questions listed in the ANPRM. Comments may be submitted via the Federal eRulemaking Portal (www.Regulations.gov; Docket # NHTSA-2014-0022). Comments should be submitted by October 20th, 2014.