NHTSA Publishes Two Automated Driving System Petitions

Today the DOT’s National Highway Transportations Safety Administration (NHTSA) published two notices in the Federal Register (84 FR 10172-10182 and 84 FR 10182-10191) requesting public comments on petitions for exemptions from Federal Motor Vehicle Safety Standards (FMVSS) for two fully-automated-driving vehicles. The first is for an autonomous delivery vehicle from Nuro, Inc. The second is for a driverless passenger vehicle from General Motors.

Nuro Petition

The Nuro petition is for a low-speed delivery vehicle without human occupants. It requests exemption from the following FMVSS standards:

• FMVSS #500 – exemption from rear view mirror requirements;

• FMVSS #250 – exemption from windshield requirements;

• FMVSS #111 – exemption from back-up camera requirements.

The petition is limited in scope because the intended Nuro vehicle is already exempt from most FMVSS standards for a normal passenger vehicle because it is a low-speed vehicle as defined under 49 CFR 571.3.

GM Petition

The GM petition is for a passenger vehicle in limited service. It would have no provisions for an occupant to take control of the vehicle during operation. It requests exemption from the following FMVSS standards:

• FMVSS #101 – exemption from motor vehicle controls, telltales and indicators requirements;

• FMVSS #102 – exemption from transmission shift position sequence, starter interlock, and transmission braking effect requirements;

• FMVSS #108 – exemption from headlamp switch requirements;

• FMVSS #111 – exemption from rearview mirror requirements;

• FMVSS #114 – exemption from parking brake, service brake or transmission gear selection test requirements;

• FMVSS #124 – exemption from return of the throttle to the idle position requirements;

• FMVSS #126 – exemption from driver loss of directional control requirements;

• FMVSS #135 – exemption from human breaking control requirements;

• FMVSS #138 – exemption from tire pressure warning requirements;

• FMVSS #141 – exemption from gear shift selector test requirements;

• FMVSS #203, #204, and #207 – exemption from steering wheel impact test requirements;

• FMVSS #208 and #214 – exemption from drivers position crash-test requirements; and

• FMVSS #226 – exemption from airbag indicator requirements;

Public Comments

NHTSA is soliciting public comments on the petitions. Comments are required to be submitted by May 20^th, 2019. Comments may be submitted via the Federal eRulemaking Portal (www.Regulations.gov; Docket # NHTSA-2019-0017, Nuro petition; and NHTSA-2019-0016, GM petition).

Commentary

An interesting component of both of these petitions is that they are for electric vehicles. That does not seem to matter much except that both petitions include reference to regulatory exemptions for ‘low emission vehicles’. Congress gave DOT authority (49 USC 30113) to ease the introduction of ‘low-emission vehicles’ by providing temporary exemptions to vehicle safety standards. Both petitions are using the argument from §30113(b)(3)(B)(iii) that “the exemption would make easier the development or field evaluation of a new motor vehicle safety feature providing a safety level at least equal to the safety level of the standard”; the new ‘motor vehicle safety feature’ being the autonomous operation system.

While avoiding the well known and documented safety problems associated with human drivers, autonomous vehicle operating systems are going to present their own problems. Both petitioners are making the point that to be able to identify (the necessary precursor to fixing) problems of their systems in real-world operations is the only way to move these systems into full-scale production. In many ways, this seems to be a valid argument, except….

The big problem missing from the discussion in either petition is the cybersecurity of their operating systems. A major reason for this is that NHTSA (and at base, Congress) have failed to explicate how they expect developers to protect these systems. With no federal regulatory requirements in existence, neither applicant is under any obligation to provide information on how (or even if) they are addressing the cybersecurity issue. This does not provide me with a warm fuzzy feeling.

The current crop of autonomous vehicles undergoing real-world testing still have the capability of human intervention to overcome software issues of malware or bad code. Granted that oversight has not been perfect by any stretch of the imagination, but it is there. These two proposals specifically and graphically have removed that intervention; a necessary next-step in the development of truly autonomous vehicles. The question, however, is are we ready to take that next step when we do not yet have a definition of the cybersecurity requirements for these systems, or a way to evaluate the efficacy of the cybersecurity systems put into play (whatever they are). Before we take the next step, we need to have a handle on, or at least a definition of the cybersecurity of these systems.

House NHTSA Oversight Hearing

Today the Digital Commerce and Consumer Protection Subcommittee of the House Energy and Commerce Committee held an oversight hearing looking at the DOT’s National Highway Transportation Safety Administration (NHTSA). The sole witness at the hearing was Heidi King, the Deputy Administrator (the de facto Administrator since no one has yet been nominated to that position) for NHTSA.

There was no mention of cybersecurity in any of the statements published on the Committee’s web site (Committee Chair Latta, Subcommittee Chair Walden, and Ms King), but the Committee Staff background memo does include (pg 6) a brief, 3-paragraph, summary of cybersecurity issues related to automated driving systems.

Watching the video of the hearing it is clear that this was intended to be a wide ranging oversight hearing that touched on a number of issues. Unfortunately, few of the congress critters asking questions had much interest in cybersecurity issues. There were only three cybersecurity related question (at 1 hour 10 minutes, at 1 hour 20 minutes and at 2 hours 30 minutes into the video). King’s responses to the questions were very generic with the one strong point being made that she appreciated the formation of the Automotive ISAC.

King did make a very interesting point in her response to the last question, from Rep. Costello (R,PA). She noted that vehicle owners had a very important role to play in regard to vehicle cybersecurity. After once again praising the formation of the Auto ISAC, she said:

“Cybersecurity is not the domain of highly technical experts alone, but in fact cybersecurity is a concern to all of us. We see from our own experience, whether it be in our home computers or in our phones, there may be vulnerabilities that are driven by users, and so part of the cybersecurity journey will be to educate all of us to be thoughtful about how we use our devices or our cars, and make sure that we are all partners in our cybersecurity journey.”

It will be interesting to see if the auto industry actually attempts to try to make autonomous vehicle cybersecurity inherently secure, or whether they will follow the model of the computer and smart phone manufacturers and make security a feature that must be selected by the owner, often without specifically notifying the owner of the security options available.

S 1655 Introduced – FY 2018 THUD Spending

Last month, Sen. Collins (R,ME) introduced S 1655, the Transportation, Housing and Urban Development, and Related Agencies (THUD) Appropriations Act, 2018. The bill does not include cybersecurity or chemical transportation safety language, but the Senate Appropriations Committee Report on the bill does include some language of potential interest to readers of this blog concerning UAS, autonomous vehicles and oil spill response plans.

UAS

The Committee briefly mentioned the electronic registration system that the FAA had established for registration of unmanned aircraft systems (UAS) in December of 2015. The comment explicitly ignores the recent court case which invalidated the portion of that registration that applied to recreational users of UAS. The report states (pgs 32-3):

“The Committee believes that online, interactive education program links on the electronic registration process would provide the education necessary to reduce the risk of unknowing or negligent mistakes by recreational operators of small unmanned aircraft thus promoting aviation safety. Therefore, the Committee directs the FAA to include in its electronic registration system for recreational operators a link for registrants to undergo a suitable and interactive online education and training program.”

The report comment goes on to provide additional direction to the FAA on executing that directive and requirements for reporting back to the Committee on the results. This is definitely in keeping with other legislative efforts (See S 1405 for example) that mandate the use of the current registration system for model aircraft operators. I expect that the FAA will be holding off on the de-registration of recreational UAS operators until it sees if/how Congress legislates on the matter during this session.

Autonomous Vehicles

The Committee reiterates its support for the Automated Vehicle program at the National Highway Traffic Safety Administration (NHTSA) to the tune of $10.1 million. It does express some concern about cybersecurity issues; stating (pg 63):

“The Committee remains concerned with cybersecurity in autonomous vehicles and urges the Department to continue to address this risk in the next update of the Federal Automated Vehicles Policy.”

Oil Spill Response Plans

The Committee takes the DOT’s Pipeline and Hazardous Material Safety Adminstration (PHMSA) to task for failing to issue a final rule on modifying the current Oil Spill Response Plan (OSRP) so that the threshold for the requirement of an OSRP would take into account the amount of oil in every car in a train consist instead of just the amount in any given car. This is an on-going issue between the Committee and PHMSA. This year the report gets real specific, stating (pg 88):

“The Committee directs PHMSA to issue a final rule to expand the applicability of comprehensive oil spill response plans to rail carriers no later than 5 days after enactment of this act.”

The recently published Trump Administration update to the Unified Agenda reports that DOT expects to issue the final rule in December (and those UA expectations are almost always missed). It will be interesting to see how the anti-regulation Trump administration responds.

Moving Forward

It is increasingly looking like there will have to be a continuing resolution before October 1^st as Congress is unlikely (VERY UNLIKELY) to pass the spending bills in regular order by that date. That means that we will almost certainly not see a standalone THUD spending bill make it to the President’s desk and certainly not this bill. Spending bills have to ‘originate’ in the House so the best this bill could have done is be passed in the Senate and then substituted for the language of the House bill when it reached the Senate. In a good year (and we have not seen one of those in a good while) the differences in the two bills would have been worked out in a conference committee before being approved by both houses and then sent to the President.

Commentary

Interestingly, the Appropriations Committee directives found in the Committee Report (which do not have the force of law, just the force of the purse) will essentially continue ‘in force’ when a spending bill covering THUD (and likely everything else) is signed by the President. DOT may ignore those directives and no court will say anything about it. However, at some point the Committee could get so upset at the Department that they specifically withhold funds in a spending bill until such time as the Department complies with the directives. We may be approaching that point with the OSRP directive, that is what the unrealistic ‘5 day’ response time was all about.

Committee Hearings – Week of 7-16-17

With both the House and Senate in session there is a wide slate of congressional hearings this week. Spending bills are finishing up in the House and the Senate continues to plug away on nomination hearings. There are two cybersecurity hearings of potential interest, one a markup and one addressing energy security.

Spending Bills

The House Appropriations Committee is still working on ginning out their spending bills with two more hearings being conducted during the remainder of the week:

• 7-18-17 (full committee) FY2018 Homeland Security Appropriations Bill and FY2018 Interior Appropriations Bill;

• 7-19-17 (full committee) FY 2018 State and Foreign Operations Appropriations Bill, and FY2018 Labor, Health and Human Services, and Education Appropriations Bill;

Cybersecurity Mark-up

On Wednesday the Digital Commerce and Consumer Protection Subcommittee of the House Energy and Commerce Committee will mark-up a staff draft of a bill on highly automated vehicle testing and deployment. The Committee Draft of the bill contains a section on “Cybersecurity of automated driving systems” which I will try review later today.

Energy Security

Later this morning the Senate Energy and Natural Resources Committee will hold a hearing to examine the status and outlook for U.S. and North American energy and resource security. Cybersecurity is certainly going to be part of this discussion. The witness list includes:

• Fatih Birol, International Energy Agency;

• Stephen Cheney, American Security Project;

• Robert Coward, American Nuclear Society;

• Dan McGroarty, Carmot Strategic Group;

• Mark Mills, Manhattan Institute; and

• Jamie Webster, Center for Energy Impact

On the Floor of the House

Today the House will consider HR 3050, Enhancing State Energy Security Planning and Emergency Preparedness Act of 2017, under their suspension of the rules procedure. This means that there will be limited debate and no amendments will be considered. This usually means that the House leadership considers this to be a non-controversial bill with a high-probability of passage (which requires a super-majority). NOTE: The committee report on the bill has not yet been published, it will probably be submitted today, but will not actually be available on the Congress.gov site until later this week.

NOTE: The House Rules Committee called for amendments to HR 2997, 21st Century Aviation Innovation, Reform, and Reauthorization Act. This is the House version of the FY 2018 FAA reauthorization. I have not published a review of this bill yet because there is currently nothing of real interest included in the introduced version. It looks like that will be changing. No hearing is scheduled yet, but it may happen later this week.

S 2844 Introduced – THUD Spending

This week Sen. Collins (R,ME) introduced S 2844, the Transportation, Housing and Urban Development, and Related Agencies (THUD) Appropriations Act, 2017. Since the Senate Appropriations Committee has already completed it markup of this bill the Committee Report is also available.

As is usual the bill contains no specific mention of chemical transportation safety or cybersecurity issues (beyond internal cybersecurity requirements) other than funding. The Committee report, however, does provide guidance to DOT and its constituent agencies on such topics. Topics of potential interest to readers of this blog include:

• Unmanned Aircraft Systems (UAS);

• Autonomous Vehicles;

• Safe Transport of Energy Products (STEP);

• Comprehensive Oil Spill Response Plans

Unmanned Aircraft Systems

While there are a number of mentions of UAS programs in the report, one specific topic that has been covered in this blog was included; UAS registration (pg 30). The Committee commends the FAA for the development of the on-line registration process for UAS. It then goes on to direct the FAA to “to include in its electronic registration system a link for registrants to undergo a suitable and interactive online education and training program.” A report to Congress is included in the requirement.

Autonomous Vehicles

The Committee mentions autonomous vehicle programs in two different areas of the report; FHWA (pg 45) and NHTSA (pgs 55-6). In the FHWA section of the report the Committee requests a report on the economic effects of autonomous vehicles; specifically focusing on “on motor carriers, ports, transit, and related industries”.

The NHTSA portion of the report notes that the Committee is recommending “$6,600,000 for vehicle electronics and emerging technologies”. A brief note adds that the “Committee directs the agency to also reduce cybersecurity risks associated the vehicle’s electronic and communications systems” with those funds.

Safe Transport of Energy Products

The report notes (pg 60) that FRA funding includes monies intended to “support FRA’s efforts to improve the safe transport of energy products”. Those funds would support “FRA’s efforts to improve the safe transport of energy products. The STEP initiative supports crude oil safety inspectors, crude oil route safety managers, and tank car quality assurance specialists, tank car research, as well as supports increased mileage of a dedicated Automated Track Inspection Program vehicle on routes with energy products traffic”.

Comprehensive Oil Spill Response Plans

While the Committee recognizes that PHMSA did publish an advance notice of proposed rulemaking (ANPRM) on comprehensive oil spill response plans for railroads, the Committee is extremely disappointed in the lack of action since then. In this report the Committee “directs PHMSA to initiate a rulemaking to expand the applicability of comprehensive oil spill response plans to rail carriers no later than June 30, 2016, and to issue a final rule no later than December 18, 2016”.

Moving Forward

With the Senate taking up HR 2028 last week (the vehicle for the FY 2017 military construction spending bill), it is obvious that the Senate is not going to wait for the House to start the spending bill process. Where this particular bill fits in the schedule is open to some question, but it is obviously relatively high on the priority of the Senate Appropriations Committee.

The House will most likely take up their own bill and then the two bills would go to Conference before a final version is passed and sent to the President. It is still too early to dismiss final action on this bill before the election. If the Senate takes action on the bill in the next couple of weeks we might actually see this bill pass before the summer recess. I’m not holding my breath, but it is possible.

Commentary

The UAS training program suggestion seems like a no brainer on its face; ensuring that small UAS operators have at least a minimum of safety and regulatory training before they operate their UAS is a motherhood and apple pie proposal. Unfortunately, this is one of those appearance suggestions that is likely to have adverse consequences. While registration is legally required, the way that it has been implemented is actually a voluntary registration program, particularly for non-commercial UAS.

Since there is no effective way of policing the registration requirement, the FAA is relying on voluntary compliance with the registration requirement. And that voluntary compliance is apparently failing miserably. The FAA estimated that there were 1.6 million UAS sold in the United States in 2015, yet the registrations reported by the FAA total less than 10% of that number.

Anything that makes the registration process more difficult or expensive will reduce the number of registrations. The current ‘training’ requirement in the registration process is nothing more than an ‘I have read and understand’ check box that is probably as effective as the similar check boxes found during the ‘registration’ process for many web sites and software programs. To add requirements for anything more complicated than that will ultimately reduce the number of UAS owners that will undergo the registration process.

The autonomous vehicle cybersecurity provisions are just another case of satisfying appearances. While encouraging NHTSA to address cybersecurity issues the Committee only authorizes $6.6 million for all spending on autonomous vehicle technology. The fact that the Committee also cautioned NHTSA not to kill the innovative program with regulation helps to ensure that NHTSA will be doing little in vehicle cybersecurity regulation.

It is nice to see that the Committee supports the STEP program, but without a line-item in either the bill or the report for the program, it is evident that this is more of a pro forma support rather than taking any real action to support safe transportation of flammable fuel liquids.