Cybersecurity must be a priority as manufacturers begin rolling out more automated driving systems, transportation industry groups told the Federal Motor Carrier Safety Administration.
The agency closed a public comment period last month focused on regulations may need to be modified or eliminated to facilitate the safe introduction of automated driving systems in commercial vehicles.
The National Motor Freight Traffic Association (NMFTA) called on these new vehicle systems to “undergo annual cyber security evaluations before being placed on public roads.”
Tests should include design reviews, penetration tests, and other assessments, NMFTA wrote.
Likewise, the American Truck Dealers (ATD) said it supports requiring automated systems be “continuously and periodically inspected for proper software and hardware component operation and to verify that they utilize the most current software updates.”
They should also be designed to continuously monitor performance for issues.
“Identified faults must be effectively communicated to CMV owners or lessees so that they can be remedied in a timely manner,” ATD wrote.
MITRE Corp., which works with the government to tackle a variety of threats, saidthe system complexity with ADS technology has “greatly increased” in ways not previously seen.
“This increased complexity in ADS is a benefit to would-be attackers, given the potential of sending misleading data to (i.e. spoofing) sensors, anticipating and exploiting predictable automated responses of ADS software algorithms, and from discovering and maliciously exploiting new system flaws in the implementation, configuration, and algorithms of the software,” MITRE wrote.
“The only effective safeguard against these flaws is requiring the presence of human supervision by an operator in the cab and ensuring commercial motor vehicle equipment is designed to allow that operator to override all electronic systems and assume control of the vehicle in the event of malfunction or hacking event,” CVTA said.
American Trucking Associations (ATA) said fleets and service prodivers should train employees for “assuring cybersecurity in company systems and equipment, and what they should do in the event of a known or suspected cybersecurity breach.
It also said self-diagnostic systems should be sufficient to identify deficiencies or the presence of viruses.
The Owner-Operator Independent Drivers Association (OOIDA) noted “high-profile ransomware attacks such as the one conducted on AP Moller-Maersk …. indicate that the transportation industry is becoming a target.”
It called on FMCSA to require manufacturers to provide cybersecurity protections.
“As more technology is integrated into CMVs and their autonomy increases, the opportunity for cyber-attacks will escalate,” wrote Todd Spencer, OOIDA’s president and CEO.