HR 3411 Introduced – Automated Vehicle Advisory Council

Last month, as part of a series of bills on highly automated vehicles that were introduced on the same day as HR 3388 was revised by the House Energy and Commerce Committee, Rep. Costello (R,PA) introduced HR 3411. This bill would require DOT to establish the Automated Driving System Cybersecurity Advisory Council. An identical provision was included as §9 in HR 3388.

The Council

The Council would be established under the provisions of the Federal Advisory Committee Act (5 USC Appendix). It would consist of 15 to 30 members representing “business, academia and independent researchers, State and local authorities, safety and consumer advocates, engineers, labor organizations, environmental experts, a representative of the Na1tional Highway Traffic Safety Administration, and other members determined to be appropriate by the Secretary” {§1(b)}.

The Council would advise the DOT Secretary on “cybersecurity for the testing, deployment, and updating of automated driving systems with respect to supply chain risk management, interactions with Information Sharing and Analysis Centers and Information Sharing and Analysis Organizations, and a framework for identifying and implementing recalls of motor vehicles or motor vehicle equipment” {§1(e)}.

Moving Forward

As with the other two bills that I have discussed in this series (HR 3401 and HR 3407), it looks like this bill was introduced so that key components of HR 3388 could still be passed by the House if the Republican leadership determined that some of the more controversial (and non-cybersecurity related) provisions of the bill would prohibit consideration of HR 3388. If the leadership decides not to move forward with HR 3388 I expect most of this series of bills would be considered in a single day under the suspension of the rules provision. That would allow for limited debate and no floor amendments. I suspect that the three cybersecurity related bills would pass with a substantial bipartisan majority.

Commentary

The DOT has a long history of using these advisory committees to produce consensus rulemakings on deeply technical topics. The involvement of industry representatives and various activist organizations helps to ensure that a multitude of voices are heard in the development process.

Having said that, I am disappointed that two groups were not specifically identified in the list of entities to be included. I would have liked to see Automotive ISAC specifically listed as a central industry group that should be represented. On the government side, I would have liked to have seen the DHS ICS-CERT specifically mentioned as an agency (along with the current mention of NHTSA) that would have a representative on the Council. I think that these two would be important additions to provide specific cybersecurity expertise for these the complex control systems associated with highly automated vehicles.

The Secretary still has a great deal of leeway to add representatives of these two organizations to the Council, but a Congressional mandate for at least the ICS-CERT would have made the inter-departmental appointment much easier.