SAE 2019 World Congress – 4/12/19

SAE 2019 World Congress – 4/12/19
Rick Matz

The 2019 SAE World Congress took place April 9-11 at Cobo Center in Detroit.

From the sessions I attended it seems to me that the hype over Autonomous and Electric Vehicles and hysteria over Cyber Security has largely subsided. These topics have reached enough maturity where the solid work being done in these areas supersedes the flashy marketing presentations to which we have become accustomed.

The hottest topics by number of presentations which joined the three already mentioned were Big Data, Privacy, Prognostics and V2X.

For the first time I can remember in recent years, a liability attorney who represents OEMS regarding advanced technologies (Autonomous, Cyber Security and so on) presented on the problems his clients face and what a real mess is the legal system with regards to these issues.

Finally, Blockchain applied to automotive, which once sounded like a technology that would hold a lot of promise, seems to be falling off the map. For our purposes Blockchain appears to be a solution in search of a problem. But then again, when the LASER first appeared on the scene, it was a similar situation.

Where we can expect to see the deployment of Autonomous Vehicles within the next few years are in restricted geo-fenced areas, where conditions can be fairly-well controlled. The idea of an AV that can go anywhere in any sort of weather under all conditions is going to take a lot more work.

The increasingly aggressive deployment of ADAS systems will instead approach SAE Level 4 and 5 AV from the bottom up. Indeed, presentations on V2X, Smart Infrastructure and ADAS described a study on CACC, Collaborative Advanced Cruise Control.

Advanced Cruise Control where your car will decelerate if the system deems that you are too close to the vehicle ahead of you has been rolling out for a few years now. Some of the OEMs have been rolling out a Smart Cruise Control where your car will not only maintain speed and a safe distance but will stay in the lane as the road twists and turns without driver intervention.

CACC goes even further and makes cruise control functional in an urban setting. Using radars and cameras, V2I and V2V, cars with CACC can sense when a traffic light is turning or has turned red. As the car closest to the light slows down, the other cars behind it down the lane coordinates their deceleration and stop automatically as well.

The context in which this was described was for the optimization of traffic flow. If there was a pure system where all the vehicles were enabled with CACC and the traffic light timing could be adjusted programmatically to optimize traffic flow, simulations show double digit savings in driving time elapsed, reduction of accidents and emissions.

In a mixed fleet with fixed traffic light timing, the cameras and radar serve in place of the V2X communications and significant savings could still be achieved.

The headwinds to widespread adoption of Electric Vehicles are straight forward: Cost, range anxiety, charging time and availability of charging stations. All these issues are being worked on aggressively. The big push for EVs in China will give the weight to these issues being solved.

It became clear that for the future as far as we can see won’t be EV OR Internal Combustion Engines. The future will be EV AND ICE. Internal combustion engines are continuously being improved and there will continue to be a market for them.

Cyber Security has gone through several phases. The first was that recognizing that hacking a car was a real potential problem. The OEMs were in denial and it wasn’t until the general public became aware that there was any movement to get anything done.

Once the famous Jeep hack occurred, there was suddenly a sense of urgency. For the next few years, the presentations at the World Congress and other conferences gave us countless cyber security schemes for automotive.

The subject has matured as each OEM has put significant resources into this topic. It is often said in the automotive industry now that the two priorities are Safety and Security.

The OEMS are all rolling out their security programs with a range of effectiveness and the next phases that are ripening includes the recognition that each of them having their own unique systems creates complications throughout of the rest of the supporting industry, including both suppliers and aftermarket; and that the poorer performers need to step up their efforts.

Cyber Security for automotive is still a relatively new field where there is plenty of room for new entrants and a seemingly inexhaustible well of problems to address.

The primary driver for deploying Telematics in new vehicles is to monetize the data each of them creates. Intel predicts that an autonomous vehicle will create 4,000 GB of data daily. Big Data is the new oil.

Big Data enables Prognostics which would help the OEMs avoid recalls by being able to predict upcoming problems based on large fleet data and issuing Technical Service Bulletins instead. Big Data enables cars to function as mobile sensors to keep maps, traffic conditions, and weather tracking, to name a few, up to date in real time.

Commercial fleets have been using Telematics, Big Data and Prognostics to dynamically create predictive and preventive maintenance services. They have been leading the way and the automotive OEMS are eager to go far beyond what has been implanted so far for light vehicle fleets.

Within the last year or so, Privacy has risen almost to the level of Safety and Security in automotive. One study showed that using a set of signals that are already available on a car, 15 out of 15 drivers could be uniquely identified over some number of vehicles. Another study correctly identified 20 of 24 drivers using data generated prior to putting the car into Drive.

The presentation by the liability lawyer was fascinating. He described the OEMS are having to play Whack a Mole with lawsuits coming at them from all directions based on laws that were not written with high technology in mind, written by legislators who don’t understand the subject matter and adjudicated by judges and juries who don’t understand it either.

He pointed out that some of the cases that have gone to trial or have been dismissed could have easily gone the other way simply if it had been brought before a different judge sometimes in an adjacent courtroom.

The liability incurred for ADAS systems is something that is being worked through now and large-scale deployment of Autonomous Vehicles will only create new and larger headaches for OEMs and their suppliers.

Privacy is looming as a source of lawsuits. The OEMS recognize the threat and that they don’t know just how it will come at them. Some clever plaintiff will figure it out.

At the last World Congress, there was a presentation on Blockchain and the possible applications for automotive. Some were obvious, such as supply chain management. But the question remained: could Blockchain be applied to the data in a car?

One of the presentations directly addressed this question. The brief answer is ‘no.’

Applying Blockchain to vehicle data would require more processing power and network bandwidth than exists for the foreseeable future.

It will be interesting to see how these topics develop over the next year.

ETI Names Brian Plott Executive Director

Brian Plott is the Executive Director of the Equipment and Tool Institute. He brings over 25 years of experience in Aftermarket tool and equipment sales, OEM diagnostics, executive level new business development, and strong relationships across the automotive industry. 

Brian has held equipment sales management roles with Bosch Automotive Service Solutions, ITW Food Equipment Group, Snap-on Inc./Snap-on Business Solutions, and Bear Automotive Equipment. Most recently Brian held the position of Vice President of Sales–Transportation for DCI Artform/Marmon Group, an automotive OEM marketing firm focused on brand image products, data management, in-dealership digital products, and retail science.

His experience imparts deep understanding of the channels of aftermarket distribution and delivering dozens of OEM and diagnostics programs.  Some notable initiatives have included the Ford VDR and VCM, Shopkey, Modis and Build-a-Bay.  He possesses deep relationships throughout the ETI ecosystem that are the result of decades of crafting winning solutions in a collaborative manner.   

Brian participates in a number of community service programs and is a member of the Detroit Grand Prix Association, an organization focused on the recovery and growth of the city of Detroit through motorsports.

Brian holds a BA degree in Business Administration from Carthage College in Kenosha, Wisconsin. He has lived in Michigan for 18 years and resides in Brighton, Michigan with his wife Heidi and daughter Brooke.  He is additionally the proud parent of Brianne, Emily, Brian and Des who have four grandchildren collectively.

ETI Names Greg Potter CTO

Press Release

ETI Names Greg Potter CTO

New role champions technical advisory content and IP protection for members
ETI seeks an Executive Director

FARMINGTON HILLS, Mich., – The Equipment and Tool Institute (ETI) is pleased to announce the naming of Greg Potter as Chief Technology Officer, and the commencement of a search for an Executive Director. In the newly created CTO position, Potter will drive ETI’s purpose of enabling the success of its members via advocacy of our collective interests in an environment of increasing vehicle complexity, rapid change and heightened concern over the safety and security of vehicle repair.

“Potter is a thought leader in advanced vehicle technologies including connected vehicles, vehicle data access and security, and cybersecurity” said Jim Fish, ETI President and Chairman of the Board. “Greg will be a champion for the protection of our member’s intellectual property and the evolution of a viable Aftermarket.”

The acceleration of vehicle complexity compounded by security implications continues to shift ETI’s attention into more technical areas. Extending the ETI leadership team with the addition of a CTO is a natural progression and necessitates the search for an Executive Director to lead the Institute. ETI has hired an executive recruiter to help with the search.

“Recent trends have sharpened the focus of ETI, and our continued mission re-quires the dedicated energy of a seasoned technical leader, and the recruitment of an Executive Director,” said Robert Vogt, ETI Board Vice President of Marketing. “ETI offers an unparalleled networking ecosystem characterized by a collaborative environment with OEMs. These moves continue to position ETI as a highly valued, member-focused organization.”

Potter has more than 30 years of experience in the automotive industry and currently participates in over 25 SAE and ISO Committees. He served on the Board of Directors for I-CAR International from 2006-2013 and been involved in NASTF since its inception. He holds a Master of Business Administration, BS – Electrical Engineering and an A. ApS – A.E. – Mechanical Engineering Technology.


Editorial Contact: Juli Sweet
Company: Equipment & Tool Institute (ETI)
Phone: +1 248-656-5085

About ETI
ETI’s mission is to enable the success of our members via championing of collective interests in an environment of increasing vehicle complexity, rapid change and heightened concern over the safety and security of vehicle repair. We promote the evolution of a viable Automotive Aftermarket by protecting the intellectual property of our members and maintaining a secure repository for OEM data. ETI offers an unparalleled networking between members and OEMs in a collaborative environment.

Over the past half century, ETI has become the forum to resolve common issues concerning equipment and tools for the automotive industry. Though our programs and services, the Institute has made possible the sharing of information and meeting the changing needs of the automotive service market.

Learn more at

Secure Vehicle Communication Tool Authentication Resolutions

The membership of the Equipment and Tool Institute (ETI) has completed its position paper on secure vehicle communication tool authentication. The document titled “Secure Vehicle Communication Tool Authentication Resolutions” addresses ETI’s stance on key issues surrounding the methods involved with diagnostic tools communicating with secured modern vehicle networks.

The paper addresses five categories of this eco-system:

  • Business
  • End User and Customer
  • End User Privacy
  • Marketplace
  • Product

Document summary “Institute membership acknowledges that vehicle security is of paramount concern to vehicle manufacturers, as design of electronic control unit and datalink communication networks now may include requirements from the cybersecurity community. The Institute also acknowledges that a majority of vehicles in operation are diagnosed and serviced in an aftermarket repair center. By preparing these resolutions, the Institute is transparently sharing its requirement for diagnostic products to be included in the discussion with vehicle manufacturer electronic system and cybersecurity designers to ensure they can continue to provide diagnostic products to the aftermarket service centers which in turn can then continue to service the complex vehicles of today and in the future.”

The full document is available for download from the ETI website under the “About ETI”- “Key Documents”

J1939 Q4 Quarterly Meeting Notes

By Rick Matz November 14, 2018

The J1939 Quarterly meeting was held in Indian Rocks, FL on Nov 5 – 7.

The Engine Manufacturers Association (EMA) has wrapped up their comments for the new heavy duty regulations. The hearing will be held Nov 15 or 16. The actual meeting invitation hadn’t gone out as of the date of the J1939 meeting update.

The EMA strongly objects to the NoX binning requirements as the technology for flash memory endurance for erase/write cycles won’t support the CARB requirements.

With the exception of the SAE ISO 21434 Cyber security design process document, Mark Zachos from DG Technologies is chairman for all of the SAE specifications related to cyber security for both light and heavy duty vehicles. He’s also the chair of the working group for the Technology Maintenance Council (TMC). Additionally, he is active in some of the ISO activities.

He presented a number of liaison activities that are taking place, how the various documents relate to one another, how they are being organized and some of the approaches various entities are taking.

The representatives of the HD industry that were in the room were very vocal that they wanted the J1939-91 document, which specifies cyber security for the HD industry, to have a model similar to what we’ve known as the Security Vehicle Interface(SVI). They want all vehicle communications to the outside world to pass through a single interface.

Something that will be required for cyber security throughout the industry is a standard for PKI management. The University of Michigan has had a research project called OASIS, which has been funded by several automotive OEMS, Tier 1s and the DOT.

A New Work Item Proposal (NWIP) based upon OASIS is being drafted and a specification proposal will be made soon.

OASIS is an open standard and open source code. More information may be found at:

A European standards organization, ASAM, has become active with heavy duty. There is a proposed SAE/ASAM workshop to take place at the next quarterly J1939 meeting in February.

A presentation was made by the U of Tulsa on J1939 messages being transmitted with authentication and watermarking.

John Deere made a presentation on the adversary model that they are using in their own cyber security work which is based on AUTOSAR Sec OC.

Some of the assumptions John Deere is working under are:

  • They are indifferent to tools. The end points are secure, in between don’t care
  • They are using a Sec OC extension which transmits plain PGN (Parameter Group Number), but with encrypted data
  • The goal is to limit damage to a specific module; failing that, a specific vehicle
  • They employ multiple layers of independent security
  • There is no single answer for a single adversary at a single point
  • The security risks depends on the point of view

Work has been done on imposter detection on existing systems. This will be included into J1939-91.

The work being done on cyber security has hardware security implications on J1939-31.

I volunteered to help work on the SAE diagnostics specifications being chaired by Mark Zachos.

In the J1939-13 Off Board Diagnostics Task Force, which was last published Oct 2016, the discussion came to whether or not to specify CAN FD on the diagnostics connector.

Right now, the assumption is that CAN FD will be used for internal networks and NOT brought out the outside world under any SAE specification.

Classic CAN for OBD emissions related data is mandatory and is not going away.

Several manufacturers are planning on leap frogging over CAN FD on the connector and going directly to Ethernet since systems in ~10 years will require this any way. Then the discussion moved to Ethernet on the diagnostics connector.

The conclusion was to do nothing at this time. If CARB mandates CAN FD or Ethernet, then the document will address this. Otherwise, the committee will await direction from industry.

The J1939 Next Generation Task Force would be interested in seeing the results of our upcoming ADAS survey after we’ve presented this to our members. That would be the May J1939 meeting.

With regards to J1939 Functional Safety, several large truck manufacturers are going to use AUTOSAR. AUTOSAR has Sec OC for cyber security and the E2E (End to End) Libraries for functional safety. Just as cyber security and functional safety overlap, but are different things; Sec OC and the E2E Libraries have much overlap but are different.

The Tier 1 supplier community in HD in particular sees the needs for the J1939 specifications for cyber security and functional safety to be in alignment with AUTOSAR.

The J1939 committee is going to reach out to AUTOSAR through member contacts at Vector, CiA (CAN in Automation) and Kvaser to get some sort of dialog started and perhaps a workshop.

The J1939 Physical Layer Task Force reported that as of right now, CAN FD is not going to come out of the diagnostic port.

Also, ISO 14765-5 DoIP (Diagnostics over IP) ballot is in progress. This will have implications on the physical requirements for point to point CAN FD, intended for a gateway an the diagnostic port with a maximum length of 10m.

There was quite a bit of discussion on reorganizing the Classical CAN and CAN FD specifications so that common content(PGN, CAN ID structure, etc) can be separated out from technology specific content (data size, speed).

It was a lengthy discussion and at the end, it was decided to leave everything alone for now.

The J1939 Diagnostic Task Force wants to wait to make any updates to the specification until after the new regulations have been issued.

The J1939-84 Task Force reported that the statement of work for the new round of software is almost ready to be issued for a RFP. Some changes are expected as a result of the new final HD regs. Target for RFP to be issued is Jan 2019.

The IUMPR maintenance contracts are in place and Solid Design has been working on bug fixes and additional features.

The CAN FD Task Force is focused on the Transport Layer. Everything on CAN FD will be in a multi PG format with the exception of the Address Claim message. Messages may be shorter than 64 bytes in length. In multi frame transfers, all messages except he final one will have to be 64 bytes long.

Message priorities may well get messed up with this scheme. There is continual discussion hashing it out.

The only CAN FD stack available from Vector is an AUTOSAR stack. Is the same true for light vehicles?

Classic and FD CAN can’t exist on the same bus under this transportation protocol. This will have an impact on network architectures: Classic CAN sub nets, gateways and FD backbones.

There was also some discussion on the transition to FD and sunsetting Classic CAN. Security and Functional Safety will be the drivers.

TMC wants to work closely with SAE as they establish a position paper for trailer busses. They are planning on presenting at paper at the March TMC meetings which will state that it is TMC’s position that trailers should have a J1939 250K Classic CAN backbone for non brake, non running gear, non command and control functions.

This marks the beginning of what will probably become a long and close relationship between the organizations.


Challenges of Repairing Cyber-Secured Vehicles

Is your shop prepared?

by Robert Vogt IV   October 9, 2018

The cyber-secure vehicle is here. Fiat Chrysler Automobiles (FCA) introduced the Secure Gateway Module into roughly half of their 2018 product line and nearly 90 percent of their 2019 vehicles.

The Secure Gateway Module, which FCA refers to as the SGW, is essentially a firewall providing moderated access to the in-vehicle network diagnostic services. The gateway will ensure that the tool and user are authenticated (known) and authorized to perform certain levels of communication with the vehicle.

Prior to 2018, access to FCA diagnostic services was unregulated and open to anyone who obtained the knowledge to do so.

With current concerns about vehicle cyber security highlighted by a very public 2015 hacking of a Jeep, and a subsequent expose on 60 Minutes by DARPA, NHTSA has emphasized that the industry must find ways to prevent unauthorized access to the in-vehicle network that could potentially provide the ability to remotely control certain vehicle functions (acceleration, braking, steering, etc.). FCA’s answer to this concern is to introduce this SGW firewall to control access to certain functions, either through the diagnostic connector or the infotainment system in the vehicle.

So what does this mean to you as a technician? As of today, if you are trying to perform any routine diagnostics on vehicles with the SGW, you will need to have the FCA dealer tool, wiTECH2 and a license with FCA, along with a live internet connection to the FCA server.

In the near future, FCA is planning to initiate a process that will allow certain aftermarket scan tools to be able to unlock the SGW as well. This process will introduce a bridge server that will manage the connections from aftermarket scan tools and their respective manufacturer’s server and the FCA server that will provide the unlock keys.

But what will this entail?

  1. The scan tool manufacturer must be a licensee of FCA’s scan tool data.
  2. The scan tool must be capable of connecting to the tool’s manufacturer server to be able to request and receive the unlock key from FCA.
  3. A live internet connection must be maintained to the tool as it is connected to the vehicle in order to complete the unlock process of the SGW for that particular diagnostic session.
  4. If the diagnostic session is terminated or dropped, the full process must be repeated.
  5. The user of the tool and shop owner/administrator must register and provide a credit card to the FCA facilitator and pay a yearly fee.
  6. Every tool that needs access to unlock keys will have to be registered with FCA.

There are many concerns about this process.

  • How can I diagnose a vehicle where I cannot get a solid internet connection?
  • Are the scan tools I have capable of this online procedure?
  • Who is in control of my information, including credit card info?
  • Can I be turned down by FCA and not allowed to work on their vehicles?

But, the larger underlying issue is that FCA will not be the only car company introducing security methods for in-vehicle networks. It is assumed that all vehicle manufacturers will soon introduce enhanced security measures and, unfortunately, that they are all unilaterally developing unique non-standardized solutions that will wreak havoc for aftermarket scan tool manufacturers and their customers in repair facilities.

With no coordination or standardization, it will become nearly impossible for aftermarket repair facilities to use traditional all-makes scan tool solutions.

The Auto Care Association, The Equipment and Tool Institute and other aftermarket stakeholders have been encouraging auto manufacturers to develop a standardized process for repairers to safely and securely access vehicles for repair and maintenance.

Information provided by: IOSiX





Cybersecurity: A threat to repair industry that can’t be ignored

Article by Aaron Lowe –  Friday, September 28, 2018

There is no doubt cybersecurity is a growing issue for carmakers. It seems like the issue exploded in 2015 when two computer guys remotely hacked into a Jeep Cherokee to show how anyone could take over a vehicle’s internal systems and create mischief. The event, which went viral, caused Chrysler to recall over 1.4 million vehicles to try to prevent future intrusions. The hacking also caused Congress to put pressure on the National Highway Traffic Safety Administration (NHTSA) to look into the possibility of hacking through the on-board diagnostic (OBD) port. NHTSA subsequently put pressure on vehicle manufacturers to take action to protect the OBD port from intrusions. The final result was a standard (J3138) developed by the Society for Automotive Engineers (SAE) that was really less of a standard and more of a “best practices” for OEMs in trying to protect the port from intrusions from diagnostic tools and dongles.

While there is nothing inherently wrong with the SAE OBD port protection standard, it fails to address a major issue: mainly that every manufacturer is now attempting to address cybersecurity in its own way. Such action threatens to create huge issues for those involved in vehicle repairs, including shops and tool suppliers.

The absence of a standardized approach to vehicle cybersecurity has become overly apparent with FCA (Chrysler). FCA has built into its model year 2018 cars a gateway that requires any scan tool attempting to connect to the OBD system to obtain authorization from FCA before being able to access many key areas of the on-board diagnostic system. While details are still coming out, it is not apparent yet how that authorization will be obtained and who will be responsible for getting it — technicians or scan tool companies.

I am not faulting FCA for attempting to develop a comprehensive gateway for their vehicle systems. The problem is every OEM is seeking its own solution for cybersecurity without accounting for the reality that those cars will be repaired in shops that fix multiple makes and models. While many car companies might prefer that their vehicles only be repaired by an “authorized dealer,” most off-warranty cars are  repaired by independent repair shops.

Having standardized systems, such as an OBD connector, has worked well for everyone – OEMs, repair shops, dealers, and most importantly, vehicle owners. Shops armed with better service information and tools are able to ensure that cars are repaired properly the first time, making for more satisfied customers. Therefore, instead of developing silos for their cyber systems, OEMs should be seeking standardization that protects vehicles while still providing access to diagnostic systems.

The aftermarket, meanwhile, needs to help identify solutions that ensure independent shops can have safe access to vehicles so that they can still be diagnosed and repaired. The Auto Care Association, working with other groups, has developed a solution known as the Secure Vehicle Interface. SVI is a collection of 20-plus industry standards that provides for a firewall protecting critical vehicle systems while permitting an interface between the internal vehicle network and an external device or network — enabling secure information exchanges. The same firewall can protect wired and wireless connections, and identity and access are managed using digital certificates. Further, it is retrofit-able, so it can be used on cyber-vulnerable vehicles already on the road.

A major difference between the FCA system and SVI is that the latter is standardized, which means every OEM would implement it the same way. This would enable scan tool companies and shops to access the data they need to repair a vehicle, and it would protect vehicle systems from unauthorized access.

SVI is not a dream nor some far away goal. If you are attending AAPEX in Las Vegas, you will have the opportunity to see SVI in action during demonstrations of its capabilities. Hope to see you there.

Fall Conference Summary – SAE OBD Symposium, TMC Fall Meeting and Auto ISAC Conference

Fall Conference Summary

by Rick Matz


2018 SAE OBD Symposium

The SAE held the 2018 OBD Symposium in Indianapolis this year.

By mistake, the SAE scheduled the OBD Symposium the same week as the Commercial Vehicle Conference (COMVEC), which took place in Chicago. Many people and exhibitors attend both events and had to make some choices this year.

Even with the error, the >350 people who attended the OBD Symposium set a new record for the Indianapolis event, which is held every other year. The alternate years are held in Southern California.

More and more countries are instituting their own OBD standards. Fortunately, none of them are creating regulations from scratch, but are leaning heavily on either the US OBD II or the Euro 6 regulations.

As these countries get involved with their own OBD regulations and certifications, without having the prior history or experience, more opportunities are opening worldwide for scan tools, test equipment and consulting.

There were several cyber security related presentations. Many different approaches to secure vehicle communications continue to be proposed.

It’s clear that all the automotive OEMs are working very hard, at a fast pace to implement some type of security on their vehicles. It also became very clear that these multiple approaches will be nothing short of a nightmare for not only the aftermarket, but for downstream suppliers as well.

With regards to cyber security, the high point was the agreement in the room that talking about cyber security to OBD people, as though these were the people who set policy, was misguided. The people who are responsible for meeting OBD II requirements are consumers of cyber security, not producers.

It was suggested loudly, vigorously and repeatedly that the SAE convene a forum inviting OEM cyber security and networking management and engineers, as well as other stake holders such as the aftermarket, to voice what are everyone’s interests and concerns and to begin working towards some consensus.

2018 TMC Fall Meeting

The 2018 TMC Fall Meeting was held in Orlando, FL.

Where the spring meeting featured a very large exhibition area, the analogous space at the fall meeting was taken up by the technician competitions.

A constant theme that ran throughout the meeting was a chronic shortage of drivers and technicians.

As SAE level 3 and 4 ADAS systems take root in the heavy duty space, and level 5 (fully autonomous) comes into view, the fleet operators have every incentive to aggressively adopt the technology to mitigate the ability to hire perhaps less skilled drivers to fill their needs.

Under the new tax laws, fleet operators can amortize a truck in only 3 years, which will allow them to upgrade their fleets rapidly.

With regards to the technicians, the large fleets are adopting big data and prognostics, the ability to predict failures before they happen, to streamline maintenance and help to reduce the stress.

The fleets are also asking for smarter, more powerful tools to help offset the shortage of technicians.

The plan for RP1210D is to have it up for ballot in the spring of 2019.

The cyber security session began with a review of the liaison activities that are underway between the light and heavy duty SAE committees and with CyWatch, the trucking industry equivalent to the Auto ISAC. Not much was said of ISO activities.

The ISO activities in cyber security should not be overlooked as the ITS committee is going to determine the future course of V2X, which will be the enabler to smart infrastructure, upon which the fleets will be heavily dependent.

There was a good presentation for CyWatch. Like light duty, heavy duty vehicles are not yet being attacked by anyone other than researchers, but like every company, fleet operators are enduring thousands of attack every day on their servers.

CyWatch is operated by the ATA (American Trucking Associations) and is the equivalent of the light duty Auto ISAC. The prime difference is that the main members of CyWatch are the major fleet operators rather than the automotive OEMs. CyWatch is partnered with the Auto ISAC and exchanges information with them.

2018 Auto ISAC Conference

The 2018 Auto ISAC Conference was held in Detroit. The conference was heavily supported by government agencies such as NHSTA and DHS. Every single panel has someone from government represented. I think this shows the commitment and concern by the government regarding cyber security in the automotive segment.

Except for researchers who have funding, time and access, a car hasn’t been hacked in the wild yet. The attacks automotive companies are seeing, like those in heavy duty are at the server level. Having said that, Bill Evanina, the Director of the National Counterintelligence and Security Center says that after human threats (employees stealing technology for foreign entities) a ransomware attack on vehicles is what he fears most.

The DHS hosed a recent wargaming exercise which included thousands of participants spread over dozens of companies, which mimicked a ransomware attack on cars. What caught the OEMs off guard was the (simulated) damage done by the resulting social media firestorm because of the attack.

The one activity in the SAE which was often referenced and had a presentation dedicated to it was the joint ISO/SAE 14234 document which lays out a “Security Framework.” ISO/SE 14234 grew out of the SAE J3061 activity.

This framework doesn’t specify what technology anyone should employ when designing a cyber security system, but rather suggests how to go about designing one.

ISO/SAE 14234 has created something names a Cybersecurity Assurance Level (CAL) which is analogous to the ASIL lever in Functional Safety. The CAL doesn’t guarantee how secure a system is; it indicates the rigor that went into the design of the system.

In the future, you can expect that a CAL level will be used by purchasing organizations in sourcing systems.

The Department of Defense is beginning an exercise this fall, where they will be developing a framework for purchasing elements which contains cybersecurity. The DOD has the biggest fleet in the world. It will be a (short) matter of time before this framework is used in all Federal fleet purchasing and will filter out to state and local jurisdictions as well as privately owned fleets.

There was a section on autonomous vehicles and cybersecurity. The risks of tampering are heightened in a driverless vehicle.

As with every other segment, the shortage of cybersecurity specialist was a constant theme. Universities are now beginning to issue degrees specifically for cybersecurity, but it will be years before the pipeline feels the impact. In the meantime, industry is going to have to convert existing engineers into cybersecurity specialists.

The field of cybersecurity is huge, and the task will be never ending. Even when defenders are successful in thwarting the attackers, the defensive systems are going to constantly need to be refreshed to prevent the attackers from having a static target which they can analyze.

This is a big enough task, but there is a new wave of regulations coming to consider: privacy laws.

The EU adopted the Genera Data Protection Regulation in 2016, which became enforceable in May of 2018. This regulation has very strong language regarding data ownership and protection. This year, California passed a sweeping privacy law which is to take effect in 2020. With the adoption by California, it is only a (short) matter of time before a Federal law is passed.

Are you taking a VIN number off a vehicle with your scan tool? What are you doing with it? How is it stored? Do any third parties have access to it?

GDPR will be our next hurdle before we even get cybersecurity fully sorted out.





John Deere Just Swindled Farmers Out of Their Right to Repair

The fight for our right to repair the stuff we own has suffered a huge setback.

As anyone who repairs electronics knows, keeping a device in working order often means fixing both its hardware and software. But a big California farmers’ lobbying group just blithely signed away farmers’ right to access or modify the source code of any farm equipment software. As an organization representing 2.5 million California agriculture jobs, the California Farm Bureau gave up the right to purchase repair parts without going through a dealer. Farmers can’t change engine settings, can’t retrofit old equipment with new features, and can’t modify their tractors to meet new environmental standards on their own. Worse, the lobbyists are calling it a victory.

The ability to maintain their own equipment is a big deal to farmers. When it’s harvest time and the combine goes kaput, they can’t wait several days for John Deere to send out a repair technician. Plus, farmers are a pretty handy bunch. They’ve been fixing their own equipment forever. Why spend thousands of dollars on an easy fix? But as agricultural equipment gets more and more sophisticated and electronic, the tools needed to repair equipment are increasingly out of reach of the people who rely on it most. That’s amplified by the fact that John Deere (and the other equipment companies represented by the Far West Equipment Dealers Association) have been exploiting copyright laws to lock farmers out of their own stuff.

Repair is a huge business. And repair monopolies are profitable. Just ask Apple, which has lobbied over and over against making repair parts and information available to third-party repair shops. That’s why Big Ag has been so reluctant to make any concessions to the growing right-to-repair movement.

At first blush, last week’s deal between the Farm Bureau and the equipment dealers might look like a win for farmers. The press release describes how equipment dealers have agreed to provide “access to service manuals, product guides, on-board diagnostics and other information that would help a farmer or rancher to identify or repair problems with the machinery.” Fair enough. These are all things fixers need.

But without access to parts and diagnostic software, it’s not enough to enable farmers to fix their own equipment. “I will gladly welcome more ways to fix the equipment on my farm. Let’s be clear, though, this is not right-to-repair,” explained San Luis Obispo rancher Jeff Buckingham. “At the end of the day, I bought this equipment, and I want everything I need to keep it running without relying on the manufacturer or dealer.”

There’s also nothing new in the agreement. John Deere and friends had already made every single “concession” earlier this year, and service manuals had already been available to purchase. They must have read the writing on the wall when California’s Electronics Right to Repair Act was introduced in March. Right-to-repair bills have proved overwhelmingly popular with voters—Massachusetts passed its automobile right-to-repair bill in 2012 with 86 percent voter support.

Just after the California bill was introduced, the farm equipment manufacturers started circulating a flyer titled “Manufacturers and Dealers Support Commonsense Repair Solutions.” In that document, they promised to provide manuals, guides, and other information by model year 2021. But the flyer insisted upon a distinction between a right to repair a vehicle and a right to modify software, a distinction that gets murky when software controls all of a tractor’s operations.

As Jason Koebler of Motherboard reported, that flyer is strikingly similar—in some cases, identical word-for-word—to the agreement the Farm Bureau just brokered. The flyer and the agreement list the same four restrictions:

  • No resetting immobilizer systems.
  • No reprogramming electronic control units or engine control modules.
  • No changing equipment or engine settings that might negatively affect emissions or safety.
  • No downloading or accessing the source code of any proprietary embedded software.

These restrictions are enormous. If car mechanics couldn’t reprogram car computers, a good portion of modern repairs just wouldn’t be possible. When you hire a mechanic to fix the air-conditioning in a Civic, they may have to reprogram the electronic control unit. When electronics control the basic functions of all major farm equipment, a single malfunctioning sensor can bring a machine to its knees. Modifying software is a routine part of modern repair.

Prohibiting modifications to systems that might affect emissions also means that farmers can’t upgrade tractors to meet new requirements. This could force farmers to buy new equipment when emissions standards change—an insidious move toward planned obsolescence.

That’s why a national group of farmers has been fighting for their right to modify software. Together, the American Farm Bureau Federation, the National Corn Growers Association, the National Farmers Union are working with the Electronic Frontier Foundation to petition the US Copyright Office to exempt farm equipment from the anti-modification provisions of the Digital Millennium Copyright Act, which has been bafflingly stretched to cover tractors and combines (equipment manufacturers claim they’re worried about piracy). The petition explains:

It is necessary to access the electronic control units to diagnose and repair a malfunctioning agricultural vehicle, as well as to lawfully modify the functions of a vehicle based on the owner’s specific needs in cultivating his or her land.

There are many farmers modifying their equipment to fit their land’s needs. Members of the farm equipment electronics community Farm Hack have designed custom 3-D-printed seed rollers, programmed Arduinos to consolidate greenhouse operations, and developed all kinds of sensors and warning lights. A group of university students at Cal Poly is working to reverse-engineer John Deere’s software protocol. And a third-party company called Farmobile makes a device that plugs into all different kinds of large farm equipment so farmers can access their data without going through John Deere.

Where California farmers go, the rest of America follows—and in this case, that’s dangerous. The state produces more food by far than any other in the nation, accounting for two-thirds of all US-grown fruit and nuts. By agreeing to the spurious distinction between “repair” and “modification,” the California Farm Bureau just made the EFF’s job a lot harder. Instead of presenting a unified right-to-repair front, this milquetoast agreement muddies the conversation. More worryingly, it could cement a cultural precedent for electronics manufacturers who want to block third-party repair technicians from accessing a device’s software.

As a nation of repair advocates, we need to reject toothless deals like this. We must define right to repair in a way that supports the needs of individuals and small growers, not the bottom line of enormous corporations.

This deal is no right-to-repair victory. Don’t let John Deere—or the California Farm Bureau—call it one. Real progress isn’t going to come until a state passes real Right to Repair legislation. And momentum is building. Twenty states, including Iowa, Kansas, and Nebraska, considered bills this year. Although none have passed yet, John Deere is clearly feeling the heat.

WIRED Opinion publishes pieces written by outside contributors and represents a wide range of viewpoints. Read more opinions here.


Telematics Update – Detroit

Telematics Update – Detroit 2018
By Rick Matz

Telematics Update Detroit 2018 took place in Novi Mi, on June 6-7, 2018.

TU suffered from the fact that the ITS America conference also took place at the same time, in downtown Detroit. The reduced participation of the OEMs and major Tier 1 suppliers was evident.

The themes of TU were as expected: Cyber Security, Connectivity and Autonomous Vehicles. The hype about electric and hybrid vehicles was absent. Are these technologies considered mature enough where the excitement over new developments no longer gains traction?

The Cyber Security situation in automotive has come to remind me a lot of the Y2K “Crisis” at the turn of the century. While it was a good idea to review the legacy software at the time, many consultants made a lot of money and you have to wonder just what it is that they contributed.

The OEMs are individually working at a breakneck pace trying to lock down their vehicles. Organizations all around their world are holding countless cyber security conferences. It seems that there is no end to the list of cyber security standards and recommended practices that are being published.

The AUTO-ISAC appears to be the most sensible place to begin making sense of automotive cyber security. They promote open communication among their expanding membership and between members and non-members. They too publish recommended practices based upon the experience of the members and from other ISACs. They facilitate spreading the news of a security breach and actions taken among the membership and to effected outside parties.

The AUTO-ISAC has reached out beyond the OEMS to include Tier 1 suppliers and even the Heavy-Duty manufacturers.

The rollout of 5G communications is going to be the big enabler for connected vehicles. 5G promises higher speeds, lower latency and power consumption. It is with 5G that at least the underlying communications technology will exist to have “everything connected to everything else.”

Infotainment systems that are enabled for 5G will be in production by 2021. That is just around the corner.
Expect this to be a long rollout. The communications companies have a lot already invested in 4G (LTE) technology, which doesn’t appear to be going away anytime soon. The big driver for the technology change will be the cellular communications industry. A second headwind will be the cost and time it will take to build out the 5G infrastructure; particularly when it comes to V2I.

As always, there was a lot of discussion about autonomous vehicles. It seems that the expanding fleet of 1000 or so fully autonomous vehicles that are driving around on our roads right now are leading the way toward developing and refining new features, which end up getting implemented in increasingly advanced ADAS systems that go into production.

For wide spread adoption, even representatives from UBER thinks that we’ll see a bottom up approach through the growth of ADAS systems. UBER will however, introduce limited numbers of fully autonomous vehicles in restricted areas of operation to gain experience and limit their risks as they introduce new technologies. For example, humans are very good at improvising pick up and drop off spots. AVs are not. UBER will have to gauge how well customers accept that. They are also planning on operating their own service garages, as they anticipate that these vehicles will require maintenance daily and they realize that there is a lot that they don’t know about what they would be getting into.

Lastly, it seems that at every conference recently there is a presentation on Blockchain. Blockchain technology maintains an immutable ledger that records every transaction a data item takes. A data item could be a whole car, a component, a byte of data; virtually anything.

Blockchain will have an impact on supply chain management, data collection and maintenance among a myriad of other areas in the automotive industry. Being able to audit every transaction that takes place in a car, a component or a piece of data will change how business is conducted and will affect every one of us.