SAE J3061 Guidebook Helping to Frame Cybersecurity Policy

Panelists in the "Smart Cities: And How Do We Get There" plenary session discuss an audience question at the 2017 SAE Government-Industry Meeting in Washington, D.C. Left to right: Reuben Sarkar, U.S. Dept. of Energy; Christopher Hart, NTSB; Carla Bailo, The Ohio State University; Ian Yarnold, Department for Transportation and John Augustine, U.S. Dept. of Transportation.

The U.S. EPA’s March 14 decision to reopen the Midterm Review of greenhouse-gas emissions standards is the latest policy issue with major technology implications facing the industry. Others were extensively discussed at the annual SAE Government-Industry Meeting, held in Washington, D.C., last month in conjunction with the Washington Auto Show.

One of the WAS "Mobility Talks" expert panel discussions of auto industry policies and regulations on Capitol Hill.

Technical experts and policy influencers from government, industry and academia met to consider the impending impact of new trends in automated and autonomous driving, connectivity and mobility, and how they might affect the next wave of regulations, legislation, testing methods and technology implementation.

Cybersecurity, legal liability, spectrum-sharing and international standards cooperation, as well as trends toward mobility on demand, shared mobility and multimodal transport in the "smart cities" of the future, were also a focus, according to attendees whom Automotive Engineering queried.

Doing it by the book

Representatives of up-and-coming companies such as Mobileye and Lyft discussed future directions at the Washington Auto Show.
Dinesh Paliwal, leader of Harman International, delivered the industry keynote address at the Washington Auto Show’s Public Policy Day.

High interest in the cybersecurity subject throughout the event was no surprise, reported Tim Weisenberger, SAE's Ground Vehicle Project Specialist for technical programs. “There’s a big difference between crashing your workstation and losing your data, and crashing your connected car and losing your life,” he asserted.

The SAE J3061 Cybersecurity Guidebook for Cyber-Physical Vehicle Systems is another reason for the focus on cybersecurity issues in the panel discussions and dialogues, Weisenberger and others stated. The auto industry and other stakeholders have begun digesting the guidebook’s recommended practices, pointed out GM Senior Technical Fellow, Thomas Forest, who had chaired the SAE Vehicle Electrical Systems Security Committee.

The J3061 document defines a structured framework that “sets out how you can best implement a cybersecurity process framework for these security-critical computer systems,” he explained.

The SAE’s Cyber Standards committee that wrote the guidebook had gauged the severity of cybersecurity risks, Weisenberger explained, using threat-assessment methods (“Where am I vulnerable?”), then prioritized them and described how to address them in detail. J3061 "galvanizes the process needed to make automotive and other connected digital systems safe and secure,” he said. “It frames a way in which security measures can be added all through the successive stages of development, which bakes the security into the system from the start, making it work better and more cost efficient.”

This approach contrasts markedly “with general practice in the IT world where security is typically only added as an afterthought,” he noted.

Global harmonization

There is increasing interest in the J3061 standard on the part of international standards-setting bodies, according to Forest and Weisenberger. The establishment of a new global task force on cybersecurity is bringing together the SAE and the International Organization for Standardization (ISO)—“the first time they’ve worked together,” Forest observed.

Another attendee, an official of the U.K. Department for Transport who preferred anonymity, said, "There is consensus that we need a global approach to security in the automotive sector.” The new task force, including ISO, SAE and other standards bodies, he continued, aims to develop globally harmonized objectives and directions for cybersecurity and data protection, and the management of software updates.

This work will contribute to a forum of the United Nations Economic Commission for Europe on harmonizing vehicle regulations globally. By the end of 2017, the forum will decide how to take the cybersecurity work forward, either as a resolution (guidance) or a regulation.

Mobility on demand

Other technical talks at SAE Government-Industry 2017 considered “new and often competing visions of mobility," noted William Chernicoff, manager for energy and environmental research at Toyota and a G-I Meeting session co-organizer. This recognizes the rise of Uber, Lyft and other non-traditional players that are "blurring the lines” in the transport market, sowing uncertainty among policy makers and regulatory entities with differing legal mandates or technical expertise.

What does it mean for regulators when companies can profit from selling miles, trips and experiences rather than cars? Chernicoff cited a range of issues that require consideration such as encouraging the maintenance of safe and trusted self-organized ride networks, and ensuring that low-income residents will continue to have access to taxi services.

The rapid technological changes are also pushing regulators, legislators, industry and other stakeholders to consider new approaches to addressing policy issues and enforcement. One regulatory trend, for example, seems to be wider adoption of voluntary and market-based industry-wide agreements rather than the traditional reliance on government mandates.

On the energy and green-tech front, the common worry among many is the continuing slow sales of electric cars despite government inducements.

“What does it say about the electric vehicle market when buyers are regularly choosing hybrid models over equivalent plug-in hybrids?” asked Chernicoff. “Are subsidies and tax credits for EVs driving the market or not?”