ETI Technical Update

By Rick Matz
ETI Technical Manager

I attended the 2017 Telematics Update Detroit this year and from what I saw, I believe that this segment is finally getting beyond hype and achieving maturity.

The TU who managed the event said that they had record attendance this year. I have no doubt about that; the venue was pretty packed. What struck me was the exhibitors who showed up with their displays.

In the past, every year seemed to have an unofficial theme which was indicated by the exhibitors. In the early days, it was the semiconductor suppliers who were showing off their graphics display controllers. More recently, it seemed that every other booth was manned by a cyber security company. Other years were dominated by companies providing cellular connecitivty (MVNOs: Mobile Virtural Network Operators), insurance telematics service providers (TSPs), dongle manufacturers and so on.

They were all there this year, but for the first time that I can remember, it was a more balanced exhibition. That indicates to me that companies weren’t rushing to display the latest hype, but were thoughtfully choosing to participate based upon market demands.

Another indication of the growth of maturity in the telematics segment was the presentations.

We again had the Cyber Security presentations, which are certainly relevant as cyber security is the enabling technology for nearly everything telematics promises to deliver in the future.

The Auto ISAC (Information Sharing and Analysis Center) was again front and center presenting itself as the focal point of everything related to security in the automotive sector.

The Auto ISAC membership began with the OEMS, then started adding key Tier 1 suppliers. It is now reaching out to the Heavy Duty vehicle manufacturers and suppliers.

The Auto ISAC is not writing any standards, but has written some recommended practices based upon the work done by the other more established ISACS that were put in place by the Department of Homeland Security.

The purpose of the Auto ISAC is to provide a means of rapidly spreading information should any of the members find their security breached as well as rapidly disseminating the fix. So far, incidents have all had to do with attempts to get into back end servers at the OEMS and suppliers and nothing having to do with vehicles. Yet.

A new presentation at TU was a panel on the aftermarket. This was the first time that TU as addressed the aftermarket.

The panel was run by Donny Seyfer of the ASA. Our own Jim Fish was on the panel. It was well attended and I think that for many in the audience, considering how the aftermarket is affected by the advanced technologies was a new experience.

For years, the proposed business cases for autonomous vehicles painted a picture where basically everyone gives up their cars and we Uber all over the place. For the first time, the discussion of likely business cases began to sound realistic.

Vehicles with varying degrees of autonomy, first Level 4 (driver with a steering wheel in a vehicle that is “mostly” autonomous) will arrive sooner and Level 5 (full autonomy; no steering wheel) much later; coexisting with cars that have greater and greater driver assistance capabilities is the most likely business case.

Autonomous cars are going to be very expensive to build and to repair. There will be fewer cars sold, so it’s likely that some of the smaller automakers either get absorbed or go out of business.

Building and repairing will also take a lot longer than today’s cars due to the number of devices that need to be calibrated and aimed. The aiming and calibrating may one day become calibrated, but that will take some time to achieve. The most likely first applications would be for shared riding; like large vans or minibuses, rather than private cars, except for the wealthy.

It is more likely that shared riding will replace the family’s “second car.” In my case, I usually drive to work in the morning with my car parked all day, then drive home. I might take some sort of shared ride if the price point were low enough and accept the restriction on my ability to get up and go whenever I want.

For my wife though, it wouldn’t make sense. She makes many stops during the day, while accumulating goods that she’s been buying. She wouldn’t want to take a shared ride, unload all of her stuff, get a new ride and load her stuff, then go to the next stop. That doesn’t make sense.

The discussions followed this train of thought into how many stakeholders would be affected: sales dealerships, infrastructure, manufacturing and so on.

At the 2017 Telematics Update Detroit, I think that we saw a page turn from a segment of the automotive industry being fueled primarily by hype to one settling down into more realistic expectations.


Message from ETI Executive Manager Greg Potter

As we find ourselves in the summer vacation season ETI is coming off a very successful Summer Tech Week. This year we had highly informative meetings with Ford, GM, FCA and VW/Audi during the week and wrapped it up with a special OEM Appreciation Dinner at beautiful Meadowbrook Hall. The theme this year seemed to be ADAS (Advanced Driver Aid Systems) and vehicle security.

There is no doubt that the repair industry is in for some challenging times with the highly complex vehicles being produced today. Add to that the new focus on cyber security and we are in for a wild ride. Our OEM partners are doing their best to keep us as up to speed as they can but even they are in for the rough ride. Whether you are an independent or a dealership the repair strategies are getting quite difficult and the training will be a big task.

All of this put focus on the importance of good open communications between manufacturers and tool and equipment suppliers to be able to have the information, tools and training necessary to repair and maintain the current and future fleet of vehicles.

ETI continues to work diligently with vehicle manufacturers to find secure and safe ways to be able to diagnose and communicate with their purchaser’s cars and trucks to enable us to provide complete and safe repairs for our mutual customers. We applaud the manufacturers that work with us as they see the importance of a strong and educated aftermarket to complement their own support for the vehicles they have produced.

With Summer Tech Week in our wake we are now focusing on Winter Tech Week to be held this year in Newport Beach California. I am working on plans to meet with many of the OEM’s that participate in that event in the next months to be able to plan a successful follow up to the summer event. Mark your calendar for December 5-7! Looking forward to seeing you there!


Cornerstones of Technology

Cybersecurity is a team sport. Are you on board yet?
Contributed by Bob Chabot

Technology impacts everyone, from businesses through individuals. This includes members of the Equipment and Tool Institute (ETI). Not only are we getting more useful technologies, we’re adopting them at an increasing rate. But the burden and the challenge of safeguarding adopted technology are also growing at an exponential rate, as are the vulnerabilities to attack.

Recently, Hewlett-Packard released a study that conveyed the scope of the challenge security technologists face today. Of all the devices — including automobiles — with mobile applications connected to networks, the Cloud or the Internet of Things (IoT), the study noted:

  • 60% used interfaces were easily vulnerable to a wide range of cyberattacks.
  • 70% lacked security to prevent attackers accessing user accounts.
  • 80% relied on network, cloud or IoT services that were unencrypted.
  • 90% of devices collected personal information vulnerable to cyberattacks.

It’s clear that in our connected world, innovative and aggressive cyberattacks pose a serious threat. It has automakers and everyone downstream pushing toward developing security solutions, even though a complete set of common standards have yet to be established. Similar to that old English idiom, this can seem like “closing the barn door after the horses have bolted.”

But cyberthreats cannot be dismissed or ignored. We should all be thankful that ETI, the SAE, other industry associations and security technologists have teamed-up to develop effective standards and solutions.



Connected cars and the advanced technologies are like an iceberg. While users tend to be focused on what’s above the waterline, security technologists must also consider on what’s immersed, a mass that is much larger, as is its impacts. (Image — Praveen Narayanan/Frost and Sullivan)



Building a Cybersecurity Ecosystem

Over the course of the last decade, there have been multiple successful cyberattacks on vehicles. Automakers and their suppliers were initially slow to respond to, even denying such attacks were even possible, but are now learning how to better, and more quickly, address security holes.

“One of the most important actions automakers have undertaken recently is creating ‘virtualized layers’ by which they secure and stonewall mission critical vehicle systems, software and more,” noted Praveen Narayanan, Research Manager for Connected Cars Automotive and Transportation at Frost and Sullivan.  “Examples include the Extended Vehicle concept that the International Organization for Standardization (ISO) is considering or the Service Vehicle Interface being discussed by the Society of Automotive Engineers (SAE). Both are vast improvements compared to the current porous automobile interfaces that are a quarter century behind the today’s hacking technologies and competencies.”

Did you know that owners of aftermarket service and repair facilities, led by the Automotive Service Association, are actively moving toward learning how to “lock down” their shops from potential cyberattacks? Whether originating from digital resources the shop connects to (e.g. online services provided by firms like yours), employee smartphones, customer vehicles via connected shop diagnostic tools, customers using Wi-Fi networks in waiting rooms, or others, the aim is clear: Shops cannot afford to be the weakest link in the automotive cybersecurity value chain.

 According to Frost and Sullivan, more than 50 vulnerable attack points exist in connected cars. These include back-end security, in-car hacking and remote attacks. The market researcher notes that cybersecurity can range between 3 to 5 percent of total manufacturing costs. These would be difficult to pass on to customers, explaining the slowness of manufacturers to respond with complete solutions. (Image — Praveen Narayanan/Frost and Sullivan)

Preparing for the Cyberthreats of Tomorrow
For ETI, which serves both automakers and service/repair facilities, cybersecurity has also been an area of focus for several years. At ToolTech 2017, for example, Executive manager Greg Potter moderated a panel titled Cybersecurity and the Connected Car, which provided attendees an in-depth technical look at cybersecurity tools and procedures.

To compliment that “down in the weeds” discussion, this article provides an overview of insights gathered from a broad spectrum of cybersecurity experts. The intent: To pass on to you their experience-based insights for your consideration. The technologists included:

  • Bruce Schneier, Chief Technology Officer at IBM Resilient and Special Advisor to IBM Security.
  • Eric Chan, Global Technical Expert for Ricardo Ltd.
  • Andy Rhodes, Vice President of IoT Commercial Solutions, Dell Inc.
  • Craig Smith, Rapid7’s Research Director of Transportation Security
  • Christopher Young, who leads the Intel’s Security Group.
  • Dan Cornell, Chief Technology Officer at the Denim Group.

Schneier: Larger Successful Cyberattacks are Going to Happen
“Security is both a feeling and a reality,” explained Schneier. “You can feel secure even if you’re not, and you can be secure even if you don’t feel it. Unfortunately, as consumers, we respond more readily to the feeling of security created by marketing, quite possible an illusion, rather than the reality of security ensured by pre-launch testing and immediate adequate defenses should successful attack occurs. Until we’re burned.”

“As vehicles and other connected devices come under increasingly software control, they’re becoming more vulnerable to all the attacks we’ve seen before against computers, along with new ones emerging today with the advent of Cloud computing and the IoT. In addition, vulnerabilities on one system can cascade into other systems. Software that might seem benign to software developers of a particular system can become harmful in unforeseen ways when combined with some other system. This can result in a new vulnerability that no one saw coming and no one wants to bear responsibility for fixing.”

“As the IoT grows, exploitable vulnerabilities will increase and associated cyberattacks become more common. If 100 systems are all interacting with each other [think automobile], then 5,000 potential vulnerabilities need to be secured. If 300 systems involved [think connected cars], then 45,000 potential vulnerabilities need to be secured. Scaled up to 1,000 systems [think intelligent transportation system], 12.5 million interactions would need to be secured. Most of them will be benign or uninteresting, but some of them could be very damaging. Now factor in that up to 80 percent of connected devices, including automobiles, on the IoT today do not have the security measures they need to protect us. That’s a lot of security prevention, defending and patching to do to catch up. And, it’s a never-ending quest.”

Smith: With the Cyber Landscape Wide Open, There’s a Lot to Defend
“Attackers only have to be right once, whereas defenders have to be right all the time,” noted Smith. “That doesn’t mean hacking is easy, but it does show how enormous the task of defending is for the automotive industry. For instance, electronic diagnostic tools trust that a car is a car, but are a soft target.

“Expect complex encryption protocols to become a primary defense mechanism, as vehicles become more software-defined with the advent of telematics, advanced safety systems, connected transportation and ultimately, autonomous driving. Connected cars today typically have around 100 million lines of software code embedded. Connected, self-driving cars in the next decade will have more than 500 million lines of code. There a lot of exposure to defend, much of it with a legacy of little or no security in the past.”

“One of the biggest worries facing cybersecurity companies is the security and privacy issue associated with IoT connected devices. Every wave of connected devices — whether you’re talking about cars, tools or smartphones — blurs the line between hardware and software. This bridge lets you exit the Matrix and directly affect real, physical things. Rapid7 helps provide security professionals with the resources they need to test and ensure the safety of their products, no matter what side of the virtual divide they are on. For example, Rapid7’s Metasploit Security Kit enables cybersecurity professionals and researchers to conduct penetration testing of both hardware and software for IoT devices — hardware as well as software. Until now, multiple tools needed to be built to do this, but Metasploit condensed a slew of independent software exploits and tools into one framework that allows professionals to find vulnerabilities using just a single tool in far less time.”

 Rhodes: Cloud Security and IoT Security Differ
“Security for cloud computing has been around for a long time and there are lots of good security tools, permission protocols and other strong practices to manage both users and cloud applications,” advised Rhodes. “Typically human users are involved with Cloud security measures, being asked to click ‘OK’ for an update. One might think that as long as a Cloud system utilized by the IoT device is secure, then all is well, but that just isn’t the case.”

“The IoT is more complex than Cloud computing; hence cybersecurity is also more complex. The IoT connects many more diverse devices, operating systems and protocols, which makes it harder to consolidate and standardize as companies grow and products change. Another difference is human interaction is more limited. In fact, users may not be involved at all when updates are made. That leads to the need for increasing device-to-device cybersecurity.”

“Just because the IT crew has the ecosystem covered on the cloud doesn’t mean the devices and sensors connected on the IoT are secure. To make the IoT ecosystem more secure, engineers and IT professionals need to demolish their silos, learn from and collaborate with one another. Security must be in place across the whole spectrum — on the device, on the cloud and on the IoT network — because data can flow many ways. For instance, unsecured vehicle sensors connected to the IoT are an exploitable attack vector.”

 Chan: Cybersecurity Doesn’t End at Prevention
“The need to provide cybersecurity for the vehicles we own and operate is a crucial and growing imperative,” asserted Chan. “Connecting everything together risks a compromised system being used as a gateway to others, placing confidential personal information and potentially valuable data at risk of being accessed by any other device connected to the same network, whether full-time or occasionally.”

“Cybersecurity is an ongoing war of attrition against constantly innovating criminals who will have access to new data and tools over the life of any vehicle. Examples include, but aren’t limited to, radio amplification attacks to spoof keyless entry systems, taking control of key encryption (including remotely), using pirated software and exploiting vulnerabilities in security software systems (like a human-written software code that has a typo). Besides vehicle theft, other criminal motivations for hacking include lifting personal information from payment systems, accessing data from onboard sensors, taking control over vehicle functions, and using the vehicle as a compromised gateway into other connected systems for ransomware attacks.”

“That’s why cybersecurity in my view must be resilient, ongoing and dynamic — we can’t stand still when lives and property are at risk. Besides initial preventive mechanisms during the design phase, cybersecurity must include immediate detection and defensive measures, followed by development of longer term technical responses learned from penetration testing and real world experiences, which can then be integrated into prevention. This represents a major challenge for automotive OEMs to transition from their legacy, often proprietary, vehicle architectures and development processes toward taking into account these new requirements and realities.”

Young: Cybersecurity is a High-Stakes “Cat and Mouse” Game
“Despite technology taking ever-progressive steps into the future, cybercrime has rapidly evolved,” stated Young. “With the rise in connected devices, a new landscape of attack vectors has opened up for hackers. For example, ransomware has transitioned from being just a variant of malware to being an entire category of profitable attacks in itself. The Cloud has opened the door for ransomware attacks to many more lucrative targets, but the IoT has grown those opportunities exponentially.”

“In May and June alone, the WannaCry ransomware attack — a software exploit ironically developed by the National Security Agency that can be used against many versions of Microsoft Windows operating system — stuck many businesses, including automakers. For example, Honda, Renault and Nissan had to temporarily shut down vehicle production lines at plants in Japan, Britain, France, Romania and India. But ransomware and other attacks can be aimed at individuals too. Just imagine you, or your customer, driving your connected computer-on-wheels and getting a pop-up that says ‘If you pay me $300, I’ll let you drive to work today.” And it could be worse. Much worse.”

“With the average cyberattack costing larger enterprises over $600,000 each, developing an adequate ‘hack response’ in the U.S. and nations across the world is essential. But we have a notable skills shortage in cybersecurity. Government, educators and the industry need to get involved in helping to attract and train cybersecurity talent so that we can attract the men and women needed to deal with the growing issues over the long term.”

Cornell: Cyberattacks Have Exposed Deficits in Computer Science Education
“When it comes to confidentiality, integrity and availability, end users have reasonable expectations about how data is going to be treated. Software developers (aka coders) and other security technologists need to address these expectations, which include: Do I have access to my data? Who else has access to my data? Who can modify my data? If you think about applications that manage, manipulate and move data, it’s software. If you want to provide or access automobile service information, if you want to order or supply parts online, if you want to utilize or offer remote diagnostic services — it’s all software.”

“But real world cybersecurity issues have exposed hidden gaps in computer science education: (1) University programs and coding academies treat security as a separate or special concern, rather than a fundamental responsibility all coders building new technologies should have; and (2) Neither professors nor their students adequately understand the context and needs of any specific industry needs them to have. Combined, they make developing automotive industry-ready cybersecurity solutions problematic.”

“We need to change the way we build coders. Traditionally, coders have been taught to ask themselves, ‘What should my software do?’ We need to flip the education landscape by installing an adversarial mindset and injecting responsibility into those who teach, as well as those who write software, by requiring them to ask instead, ‘What shouldn’t my code be doing?’

The industry and its consumers have a right to expect a reasonable answer to ‘What have you done to ensure the coding for this technology only does what it’s supposed to do?” That has to be baked in from the start; it’s not as effective when bolted on afterwards. In addition, we must teach coders how to design resilient systems that prevent end user mistakes seamlessly. If we can do all that, we can start building a more secure future.”

I see cybersecurity evolving “cyber resiliency,” a continual dynamic process or loop intended to keep pace with hackers find new ways and new technologies to attack over time. Beyond prevention built in at initial design, breaches must be capable of in-the-moment detection and reaction (such as an over-the air software patch that immediately places vehicles in a “safe operating mode.” Once the immediate danger has been handled, the attacked entity can develop a longer-term in-depth response (enhanced prevention measures), which after thorough testing can be integrated into the prevention suite. (Image — ManicMedia LLC)

Takeaways That Impact Matter
At the dawn of my interest in cybersecurity, one of the first security experts I listened to was Amy Zegart, at that time the Co-director of Stanford University’s Center for International Security and Cooperation. One statement she made back then lingered: “The cyber threats of tomorrow won’t just make our information and data unsafe, they could make our physical world unsafe by disabling the cars we drive, knocking out power to our networks, shutting down traffic infrastructure, disrupting production and much more.”

That statement sparked my interest in cybersecurity and spurred me attend both mainstream gatherings, such as TEDx Talks, the International Consumer Electronics Show, as well as more unconventional events, such as various Defcon Hacking Conferences. My hope is that what the experts shared above does the same for you. Moreso, I hope it stokes you with takeaways and the motivation to take action now.

In closing, let me share two takeaways I garnered and am carrying forward:

  • It’s no longer just about cybersecurity to me anymore. It’s broader and more holistic than that. It’s about building “Cyber Resiliency,” a dynamic, continual loop, as illustrated in the circular image above.
  • Cyber Resiliency is a team sport. We must rely on and trust experts like those above to build cyber resilient solutions. Those experts may well include some ETI members.

But at the end of the day, the real challenge boils down to the experts and the industry making cyber resiliency work seamlessly for end users, who shouldn’t have to be experts to make security technology work. Can you help make that happen?

Paradoxes and Paradigms

Contributed by Bob Chabot

What are your takeaways from ToolTech 2017?
“Business as usual for aftermarket scan tool manufacturers is changing rapidly,” stated Greg Potter, ETI Executive Manager, at the opening session of ToolTech 2017. In the last session, Potter noted, ““The automobile is the ultimate electronic today. Keeping pace with the game changers will be an ongoing focus for ETI.”

In between these two bookend remarks, attendees were presented with a number of inbound technologies and collaborations — some paradoxes about to disrupt our business world; others paradigm shifts already in the process of doing just that. On my way home from New Orleans, I found myself trying to percolate, from all I’d heard, the key takeaways I need to act on. No doubt, you have your own, but these are my top four.

The 30+ year old OBD-II port has moved beyond its originally designed intent as a port to check emissions and is now a potential gateway for vehicle security breaches. Standards organizations are considering ways to harden or replace it. (Image — SAE International)

Global Standards: It’s All About the Pace … About the Pace … About the Pace
“Diagnosing the electrical computer systems on today’s vehicles is essential for nearly every service and repair,” Potter noted. “Providing aftermarket companies the ability to create their own diagnostic software is important part of our industry, because the aftermarket has created some of best diagnostic software available in the industry. But due to security concerns, the ability to reverse engineer will become more and more difficult, if not impossible, using current methods.”

The is SAE and the ISO were working closely together toward harmonizing standards. Given the rapid and accelerating changes in today’s interconnected world, I was most pleased to learn more about that. After all, globalization of the automobile industry is meaningless if you don’t have international standards.

We’ve lived in an era of business models in which “Made in China” or “Made in the U.S.A.” mattered. But today, an automobile sold in America could have been designed in France, from parts and components manufactured in Mexico and Austria, and assembled in Japan. “Made in the World” is the new mantra, powered by global standards.

As we have become interdependent, global value chains have emerged. Production has become more fragmented and dispersed. Bits and pieces of products are produced in several countries, across several firms, before they come together as a final product for the consumers. The ability to show compliance with global standards, regu­lations and other requirements may well become the most significant hurdle for companies, including ETI members, wanting to participate in those value chains.

Keep in mind that whatever standardized and unified process for secure authorized access to vehicle data by legitimate stakeholders prevails, it’s going to change the way we do business. Examples include work on a new Data Link Connector to replace the 30-year old underdash OBD port, as well as new vehicle interfaces, such as the Extended Vehicle concept or Secure Vehicle Interface

Until now, education institutions have not made cybersecurity an integral part of computing education for software developers. That is a gap that needs to be addressed.  (Image — Ericsson)

Cybersecurity Adapts to Shifting Tectonics
Speaking of keeping pace, we heard much about cybersecurity. No doubt, we will hear much more downstream from here. It’s like all of us are beginning to accept the need to get in step with prevention, detection, timely reaction, longer-term responses, and the integration of effective counter measures garnered from experiences.

As an aside, we automotive folks aren’t the only ones becoming more security-conscious. During ToolTech 2017, my business associate was at the Department of Homeland Security’s National Emergency Management Institute, run by FEMA, in Emmitsburg MD. The first case study was a massive cyberattack on a city — a new focus in FEMA’s training. The discussion included potential impacts on emergency vehicles, traffic, communications and cybersecurity. Of note, FEMA detailed the role that improved security will play in connected cars, automated driving and intelligent transportation systems will play. Sound familiar?

It is no surprise that our automotive industry is becoming increasingly software dependent, and ever more vulnerable each passing day as the Cloud and Internet of Things expose us to more benefits and threats. Just as our physical landscape changes as the tectonic plates beneath us move, the cybersecurity landscape is constantly shifting. It was refreshing to learn how aftermarket companies Bosch and Argus Security resolved simultaneous cyberattacks of Bosch’s underdash dongle and associated phone app — both products that have already been purchased by consumers. The aftermarket companies’ immediate, real time and effective response was a stark contrast to how slowly automakers have reacted to past security breaches of their vehicles.

But several concerns about the foundation underlying cybersecurity bother me — two pertaining to education, another regarding our own behavior:

  • I wasn’t aware that the general university education of software developers rarely, if ever, involves cybersecurity. Were you?
  • Learning that professors and instructors, not just their charges, have little understanding about our specific industry needs bothered me.
  • Finally, blind trust alarms me. In talking with many attendees, I sensed some of us have: (1) The impression cybersecuirty measures will eliminate future cyberthreats; and (2) A naivety that we can trust our software vendors to “get security right” for us.

If software is our lifeblood, as many of speakers at ToolTech 2017 alluded to, then “active” cybersecurity education and implementation are essential to its operation and safety. Coders need a solid grounding in cybersecurity integrated into their education. Security cannot continue to be an afterthought.

Nor can educators be allowed to continue taking the easy way out. Just as the service/repair segment needs industry-ready technicians, our industry needs industry-ready coders — skilled in being both software developers and cyber warriors. Instructors and their institutions need to deliver graduates familiar with our concerns. Case studies specific to the auto industry would be one way to facilitate this. But if we don’t push for the changes we need, who will?

Finally, trust needs to be earned. Cybersecurity — whatever the measures — is not infallible. And the successful attacks that seem to be reported in the media day after day show the security our software providers implement isn’t either. Hacking is a fast evolving art, and those in that community have a relentless passion to succeed that, frankly, has outpaced most of us.

So I admire the work of aftermarket companies, such as Rapid7 and others we heard from during ToolTech 2017. They have the competitive passion and track records of success on par with hackers. Consider this example.  Until now, multiple tools needed to be built to hack different devices and software. Rapid7’s Metasploit Security Kit condensed a slew of these independent software exploits and tools into one framework that allows security professionals in firms like our’s to find vulnerabilities in different IoT devices and software using just a single hacking tool in far less time. It’s akin to empowering us to hack the hackers.

We’re fortunate that ETI not only takes cybersecurity seriously, but that it also puts the firms and the expertise of security technologists in front us. That allows us to be more proactive, by being actively addressing security within our own companies, before a cyberattack smacks us.

Data, software and connectivity have driven the evolution of vehicle diagnostics — from being solely an in-shop activity, to utilizing mobile diagnostic experts for troublesome vehicles, to relying of remote diagnostic services that provide an “instant’ all-makes, all-models service model. What’s next?  (Image — Blockchain Technologies)

Culture Shock: Remote Diagnostic Services
Do you remember the “Six Degrees of Separation” paradigm? It’s the idea that everything in the world is a six or fewer step away from each other. May I suggest that for all of us, hackers are closer than that? So is it any wonder automakers are circling their (security) wagons, and trying to limit access to vehicle data by anybody to only those certified to be more trustable?

Consider “remote diagnostics,” a recent emerging trend for enhanced diagnostics and reprogramming. The growing volume of vehicle data can be overwhelming for many aftermarket service/repair facilities — a prime customer group for many ETI members. In the early days of the data explosion, shop owners who found themselves overwhelmed, but still wanting to service most, if not all makes, began relying on third party information providers and mobile expert diagnosticians, who brought OE scan tools and expertise to the shop.

But as data and technology becomes more complex and pervasive, there comes a point that even a single expert mobile tech struggle to keep pace. That has opened the door for remote diagnostic services — which include Farsight, and other ETI members. What sets remote diagnostics providers apart from mobile diagnosticians is this: They’ve built more trusted relationships with automakers by licensing the use of data, hiring expert technicians, and providing continuing education and training — all of which is OE-specific, not generic, in nature.

Aftermarket training today can be an expensive, albeit haphazard exercise, but it needs a reasonable return on investment. It’s a challenge to determine what training to take at a venue that is based typically on just a one paragraph description. In addition, attending an aftermarket training event and walking away with only a few ah-has is not cost-effective.

In the face of accelerating technology, that’s not closing the service gap. Fortunately, remote diagnostic services now provide aftermarket shops with a viable alternative. A shop can efficiently focus its training investment on the brands it regularly services, while relying on remote diagnostic services for the brands it doesn’t.

‘Remote diagnostic services are a culture shock to the industry, and especially the aftermarket,” explained Kevin Fitzpatrick, Farsight’s CEO. “Our business proposition is quite simple: Our goal is to bring a higher level of support for every make and model sold in the U.S. We believe every shop should be able to fix every vehicle. To do that, we help bring shops up to speed and keep them service–ready to manage emerging technologies and confidently service all vehicle brands.”

“Essentially, we take their apprehension away and help technicians improve their productivity. Compared to mobile diagnostic technicians who, once they leave a shop, may take a day or more to return if their suggested fix didn’t work, our unlimited support is just a phone button push away. In addition, we can work directly with a technician diagnosing one vehicle, while remotely reprogramming another vehicle for him.”

General Motors is an example of an OEM that does make “as-built” data available in written form (left). The automaker offers more than 3,300 distinct Regular Production Options, each requiring its own decoding protocol. RPOs can typically be found on a sticker in a vehicle’s trunk. Unlike some automakers, GM ‘as built’ data is available and accessible via a scan tool, making diagnosis and service vehicle-specific. (Images — General Motors)

Force for Good: Technology Can Empower Better Vehicle Service
“In the midst of accelerating technology explosion, technicians are not only under extreme pressure, they also face intense customer expectations,” advised Mohan Sethi, Business Development Manager for MAHLE Service Solutions. “New emerging technologies are coming, which automakers, as well as the equipment and tool segment, are going to have to work with. In particular, through organizations such as ETI, MAHLE is focused on ‘How do we help get technicians service-ready with the competencies necessary to work on them?’ ”

“We’ve adopted an approach that automates some of the basic tests technicians perform on vehicles repeatedly,” Sethi continued. “Examples include our scan tool that can read all modules for nearly all vehicles in under 30 seconds, and our R-1234yf machines that can perform 45-minute leak tests remotely. Both free up a technician’s time up to do other things, making them more productive, which is a win for the tech and the shop.”

MAHLE has also created the technology that literally creates wiring diagrams ‘on the fly,’ and is actively developing it. Rather than provide technicians with a generic model wiring diagram that may be close, but not exact, why not provide them with a more accurate VIN-specific ‘as built’ wiring map? Both of these innovations eliminate needless errors, which shows that technology can be our friend if we leverage it properly.”

“Details matter when it comes to diagnosing and service a customer’s vehicle. With technology today, service information can now be vehicle- rather than model-specific. For instance, today almost every vehicle’s VIN represents a unique build — a set of data distinct from other variants in that model line or built on crossbrand multivehicle platforms. It’s close, but it’s the vehicle-specific ‘broadcast’ file (also known as ‘as built’ data) that provides the exact and complete information for each vehicle a technician needs.”

‘As built’ data details trim levels, engine specs, infotainment packages, brake system type, and other parameters via a scan tool facilitates, which can be key to resolving driveability and other difficult issues. In addition, an automaker may change the model year for the VIN, but not actually change the vehicle until midyear. Consequently, the VIN will not necessarily reflect the exact vehicle content, but the ‘as built’ file will.

Traditionally, automakers typically encode ‘as built’ data, so it’s not easily readable. In addition, each automaker also employs its own decode strategy to read and interpret the compact build information. These proprietary practices have challenged aftermarket tool and equipment manufacturers, and limited vehicle serviceability for everyone downstream from the assembly line — facilities, technicians and vehicle owners.

“Fortunately, automakers have been trending toward making ‘as built’ data more usable,” Sethi noted. “It’s now possible for scan tools to access ‘as built’ data, so that technicians get information specific to the actual vehicle being serviced, not some close approximation. That makes diagnosing and servicing customers’ vehicles more efficient.”

“The times, they are a changin’.” Bob Dylan’s words were correct back then. They’re just as true today, when Potter suggested likewise. So let me ask you: What takeaways did you harvest from ToolTech 2017?

Cybersecurity Starts With You

It’s your choice: Take cybersecurity seriously or be the weakest link
Contributed by Bob Chabot

The automotive landscape is constantly changing. So when I first heard the word “cybersecurity,” I got this sense of “dejà vu.” It felt like yet another inbound wave of technological change. Possible a tsunami.

It harkened me back to an earlier time this automotive industry. Think of it as Automotive Industry Version 1.0, where technology was more nuts and bolts than bits and bytes. Greasier, yes, but much simpler, although that doesn’t mean better.  (Image — Intel)

There were no computers to deal with in Version 1.0 back then. No Web. No mobile. No telematics. No connectivity. No Cloud. No remote diagnostics. No augmented reality. No ADAS. No over-the-air (OTA) vehicle software updates. No Internet of Things (IoT). No such concept as Intelligent Transportation Systems. No cybersecurity, nor hacking, its evil brother.  My oh my, how times — and technology — have changed.

Connected vehicles alone have multiple entry points prone to a cyberattack. (Image — Frost and Sullivan)

When Paradigms Shift, We Must Transcend Ignorance and Fears
Sometimes, it’s the realization of what we don’t know that spurs us to grow. For example, I am reminded of my very first meeting with the Equipment and Tool Institute, which longtime friend Charlie Gorman invited me to years ago. Let me share how my ignorance was confronted by y’all — members of the Equipment and Tool Institute.

Coming from the aftermarket service and repair segment of the industry, I was quite certain I was conversant with scan tools. And I was — until Day 1 of that first Summer Tech Week gathering — when I sat in on the Scan Tool Group meeting. In just minutes, I was gob-smacked by: (1) How much I didn’t understood; (2) How little I actually knew about scan tools technology; and (2) How false the beliefs and biases that comprised my gospel really were.

Granted, all I really need to know as a scan tool user was how to operate them, because ETI members took care of the rest. But I resolved then and there to learn and grow with the emerging technologies, especially through the opportunities ETI meetings provided attendees.

There are many ways to better buttress a vehicle against cyberattacks,” shared Frost and Sullivan Research manager Praveen Narayanan. “One of the most important action item for OEMs currently is to create “virtualized layers” by which they can secure and stonewall mission critical vehicle systems. (Image — Frost and Sullivan)

Cybersecurity has a Dejà Vu Aura
Neither you nor I know what we don’t know. Yet cybersecurity is just the latest iteration of technology — like scan tools, J2534, connectivity, the Cloud, Internet of Thins (IoT) and others before it — that ETI members have to understand, assimilate and deal with. After all, it is our responsibility is to adapt, manage and harness technological change on behalf of the automakers and aftermarket customers we serve.

In our increasingly connected world, cybersecurity has become a huge concern … dwarfed only by the lack of cybersecurity. Consider this:

  • Frost and Sullivan (F&S) recently projected a ramping up of automotive cyberattacks. “We can expect the number of hackers to grow to more than 150,000 globally by 2018, and geometrically thereafter,” stated Praveen Narayanan, a F&S Research Manager. “In addition, the number of connected vehicles in operation will increase to more than 220 million over the same timeframe. This creates an increased threat of significant automotive cyberattacks.”
  • The recent Automotive Cybersecurity Study,conducted by the Ponemon Institute concluded: “Only 54 percent of automakers and suppliers surveyed agreed that security is a priority for their company. Not only is the automotive industry struggling for security solutions, nearly half of it is blissfully stagnant.”

Juxtapose the two and it looks like the industry is between a rock and a hard place. It is not the time to “go ostrich.”

The Cybersecurity and the Connected Car Panel at ToolTech 2017 in New Orleans, hosted by Executive Manager Greg Potter, introduced attendees to many of the technical considerations cybersecurity entails. The complete presentations by the guest experts can be viewed on the ETI website. (Image — ETI)

ETI Puts Cybersecurity Front and Center at ToolTech 2017 and Beyond
As ETI members, we’re more attuned to the innards of technology than most folks. In general, we readily recognize the need for, and benefits of, technological evolution. But I have to ask: Are there any amongst us (or our customers) who doesn’t know what a pain-in-the-ass cybersecurity can be? It can be confusing. Daunting. Even overwhelming. Been there and done that?

That’s why ETI events are so valuable — they open our eyes and show us the way forward. At ToolTech 2017, ETI Executive Manager Greg Potter moderated a panel titled Cybersecurity and the Connected Car, which provided attendees with in-depth technical knowledge pertaining to cybersecurity safeguards and protocols.

“The automobile is the ultimate electronic today,” he noted. “Business as usual is going to go away. We need to be more than just aware of cybersecurity, we must prepare on behalf of our customers who build and fix vehicles. And we must also keep pace, so cybersecurity will be an ongoing focus for ETI.”

The security technologists serving on the panel included:

  • Panelist Bill Leisenring, Founder of Control-Tec, a Delphi Automotive company.
  • Panelist Dr. William Whyte, Chief Scientist, Onboard Security Inc.
  • Panelist Tim Weisenberger, Project Manager, Technical Programs, Ground Vehicle Standards, The Society of Automotive Engineers (SAE).
  • Panelist Bob Stewart, GM – Customer Care and Aftersales, GM’s connected car overview

A brief summary of what each expert shared follows below. Together, they provided the beginning of a toolbox that attendees can leverage to move toward improved cybersecurity.

In addition to other benefits, Control-Tec’s edge computing solution integrates with Delphi’s Connected Vehicle Platform and other business units (Movimento and otonomo_ to help OEMs monetize and maximize the value of information from connected vehicles for the 3rd party data market. (Image — Delphi Automotive)

 How do we Decongest Huge Volumes of Data?
“Today’s complex transportation systems require high speed, real-time data analysis to deliver meaningful and timely insights,” advised Leisenring. “But the Cloud, IoT, connected vehicles, ADAS, automated driving and other technologies all create enormous volumes of data, which can create congestion, or worse, data paralysis.”

“As a global provider of telematics and analytics solutions to the transportation industry, together with other Delphi partners, our solutions combines comprehensive data acquisition methods with a powerful edge and cloud computing architecture for fleet management, product development, connected vehicle and data exchange applications. Specifically, it allows us to reduce what could otherwise be overwhelming and slowing data payloads, by parsing out superfluous data and only sending what’s relevant when it’s needed.

“By delivering needles, instead of the entire data haystack, we avoid data paralysis. This enables us to provide automakers with the speed, flexibility, reliability, cost savings and collaboration needed to successfully develop today’s software centric systems and machines. For example, the robust data solutions we’ve developed for powertrain, vehicle, and electrical system domains afford our clients the ability to avoid warranty cost, improve product quality, enhance customer experience and optimize an increasingly connected portfolio.”

Public Key Infrastructure (PKI) digital certificates facilitate the verified and authorized secure transfer of data between networked devices and/or individuals. Think of them as an electronic license with properties similar to your driver’s license. (Image —Security Innovation)

Trusted Computing Creates a “Harder-to-Hack” Automobile  “The Cloud and the IoT are transforming transportation,” noted Whyte. “As the volume of data and the number of connected vehicle and other devices grows, so does the number of opportunities to hack those devices, and subsequently alter the data. With a growing number of both targets and attacks, we must put multifaceted protective cyber-security solutions in place. To prepare for this, the security industry recently moved to a set of technologies and services for managing the encryption and authentication of connected systems, known as Public Key Infrastructure (PKI).”

“Security Innovation is a leading provider to the Vehicle-to-Vehicle (V2V) security, trusted computing and advanced cryptography markets,” Whyte shared.  During his presentation, he provided a technical description PKI and its protocols, mechanisms and other measures used to build trusted computing architectures. Like people use personal ID cards, such as a driver’s license or passport, to prove their legitimate identity, PKIs use digital certificates [think virtual ID card] to authorize trust and legitimacy in the electronic connected world. “These digital certificates provide a well-understood and harder-to-hack solution for distributed identity management in a connected world.”

“Digital certificates can be issued to people as well as computers, software packages, devices or anything else needing proof of identity. Certificates are issued by a trusted authority and contain appropriate permissions. They allow holders to prove they have rights to access data or particular resource, request a particular activity, or send particular information. They can also be issued in advance, be used off-line, and can also include expiration timeframes and protocols that enable the removal of bad actors or denial of access by entities whose authorizations have expired.”

Certificates represent the state-of-the-art and of the most secure means to electronically transfer data. Issued by a certificate authority (CA), a common trusted entity, they contain permissions (electronic keys), attributes and identifiers. The holder of the certificate uses the public key to request access, which after verification, can be granted only by the entity holding the associated private key. (Image — ETI)

SAE is Doing Far More Than Just Developing Cybersecurity Standards
“The SAE Vehicle Cybersecurity Systems Engineering Committee was tasked to build the J3061 standard that would serve as the foundation for automotive cybersecurity,” explained Weisenberger. “Recently, SAE published the world’s first automotive security standard. The J3061 Cybersecurity Guidebook for Cyber-Physical Automotive Systems, which describes a risk-based, process-driven approach to address the cybersecurity threats the automotive environment, is experiencing.”

“J3061 has quickly become a ‘go-to’ resource for many other SAE Committees in different discipline areas. Examples include the On-Road Automated Driving Committee (which is conducting a security gap analysis; the Vehicle Electrical and Electronics Diagnostics Committee (which is looking at OBD security and dongle security); the Dedicated Short Range Communications Committee (which is tackling security issues in DSRC communications); the Truck and Bus Controls and Communications Network Committee (tasked with developing and maintaining the J1939 family of standards that ensure CAN device interoperability for this vehicle segment); and New Data Link Connector Vehicle Security Committee (which is tasked with securing communications with any off-board device for vehicles).”

“J3061 provides guidance on how to integrate best practices for building security into the product development lifecycle, establishes desired relationships between cyber security and safety, and establishes a foundation for further security standards development. The standard features three subdocuments that are ongoing works-in-progress: J3061-1 Automotive Cyber security Integrity Levels addresses the development of an objective cyber security classification scheme; J3061-2 Security Testing Methods document provides a detailed breakdown of currently available software and hardware security testing methods; and J3061-3 Security Testing Tools serves as an agnostic list of manufacturers of security related tools and their capabilities. Working in conjunction with J3061 is another SAE Standard, J3101 Requirements for Hardware-Protected Security for Ground Vehicle Applications. It defines a common set of requirements for security to be implemented in hardware for ground vehicles to facilitate security enhanced applications and hardware protection for ground vehicle applications.”

“SAE is also involved in a number of active collaborations with other organization that are already showing good results. For instance:

  • SAE is working with industry participants through its New Data Link Connector Vehicle Security Committee to develop J3138 Guidance for Securing the Data Link Connector (DLC). Aimed at securing the vehicle interface (both hardware and software), the Committee is preparing an overview of activities and initiatives elsewhere that could be incorporated into future SAE Standards, and potentially joint standards with ISO, which secure vehicle interfaces from current and future cyber security risks. Examples include the ISO Extended Vehicle methodology (Eve), ISO Vehicle Station Gateway (VSG) and ISO Secure Vehicle Interface (SVI).
  • SAE has convened and hosted industry workshops — attended by automakers, suppliers, other OEMs, industry associations, and government regulators and agencies — to identify issues, industry needs, and develop a modern approach to OBD-II security, which may be a whole new standard.
  • SAE and the International Organization for Standardization (ISO) recently approved Partner Standards Development Organization (PSDO) agreement that created a Joint Working Group to house experts from both organizations to work together and drive cooperation toward developing harmonized, international, joint SAE-ISO standards. The group has already developed processes, procedures and rules to as the template for all future joint work items, and is now poised to begin the technical work of developing joint standards.
  • SAE is also engaged with the National Institute of Standards and Technology (NIST) on a limited pilot project. Its aim is to test the effectiveness of security methods and tools applied (at an automotive supplier or OEM) using NIST’s Cyber-Physical System Framework and Federated Test Bed Software testing suite.”

The SAE and ISO have formed a joint working group intended to house experts from both organizations to work together to develop an international, joint SAE-ISO standards. Already, the collaboration has identified four candidates for harmonized standards. These include Wireless Power Transfer, Vehicle-to-Grid Interoperability, Vehicle Automation Levels and Cyber security. (Image — SAE)

GM Puts Cybersecurity to Work in a Real World Application

“From a connected car perspective, General Motors is transitioning from OnStar, its past focus for the past 20 years, to a broader and more secure concept called the Global Connected Customer Experience (GCCX). There are four pillars to GCCX: (1) The traditional OnStar legacy of easily connected customers to GM; (2) Bringing your digital life to your vehicle; (3) Expanding urban mobility, in particular the vehicle maintenance process; and (4) Enhancing the customer experience, from transactions to relationships.”

“GCCX will provide its 12 million customers worldwide with an expanded range of amenities and benefits, thru its familiar 3-button interface, through which more and 1,5 billion transactions have been logged. These include driving tips and assistance, potential insurance discounts, and ‘At You Service,’ an IBM-enabled cognitive service. For instance, if you’re running low on fuel and there’s heavy traffic ahead, this service will help reroute you more efficiently to reach a gas station; it will even allow you to pay for fuel via your dashboard.”

“In addition, GCCX will continue the vehicle maintenance notifications and diagnostic emails provided by OnStar in the past, but also begin providing proactive vehicle notices (e.g. diagnostic trouble codes and what they mean) and prognostic health checks (initially, remaining oil service life, as well as battery and starter health). These will help customers stay one step ahead of maintenance issues. In addition, it will allow them to schedule required maintenance more conveniently and with less intrusion into their time.”

Follow ETI’s Lead: Be Proactive
ETI members are the common link between automakers and the service/repair facilities that vehicle owners use. Inadequate — sometimes no — cybersecurity has exposed vulnerabilities in many automotive businesses that have, or can be exploited via cyberattacks — whether the business realizes it or not, or when they occur.

So engage in ETI’s ongoing efforts to educate and provide cybersecurity resources that matter. Don’t wait for a devastating electronic tsunami to be your reason for action.

R2R Finds Common Ground

Right-to-repair perspectives are closer than ever before
Contributed by Bob Chabot, ManicMedia LLC

In the earliest days of right-to-repair, cooperation was nearly nonexistent with several vehicle manufacturers when it came ensuring there was parity between dealership and independent facilities pertaining to the serviceability of vehicles. Well before the recent National Memorandum of Understanding (MOU) …  Heck, way, way back, even before the advent of the National Automotive Service Task Force, the involvement of standards entities, regulators and lawmakers, awareness by consumer advocates, let alone vehicle owners even knowing the potential serviceability of their vehicles might be compromised from the get-go by their choice or repairer …  There was a voice of reason calling for meaningful collaboration — the Equipment and Tool Institute (ETI).

From then until now, ETI has used its close relationship with both automakers and the aftermarket to encourage and foster the respectful exchange of service information, diagnostic data and other resources between OEMs and the independent aftermarket. ETI began hosting Tech Weeks 4 decades ago with a dialogue focused on bridging gaps to ensure that consumers —the automobile industry’s customers — could be assured of equal, competent and complete service/repair, whether they chose an aftermarket shop or dealership for it to be done.

In the years since, that dialogue has endured. ETI has continued its quest of working cooperatively with automakers, the aftermarket and others. As vehicle technology evolved and became more sophisticated, R2R issues transitioned to more complex considerations — namely “Who Owns the Data?” to “Who Owns the Software?” to “Who Owns Access to Vehicles?”

ETI has fostered collaborative solutions throughout. At ToolTech 2017, the success of those efforts were on display, as a succession of panels, comprised of automakers, aftermarket, heavy-duty and national account representatives, each shared their perspectives on R2R. Of note, differences like those of the past were dwarfed by the common ground the industry has collectively built.

Let’s take a look at the ToolTech 2017 R2R panels.

The National Memorandum of Understanding (MOU), according to ETI President Brian Herron, requires manufacturers of model year 2018 vehicles to meet the following requirements:

  • OEM diagnostic systems be made available to anyone for a reasonable price, at the same ‘content level’ dealerships have, using a “Pass-Thru” interface such as J2534, RP1210, or ISO22900.
  • Scan tool data be made available via a license.
  • Pass-through reprogramming must also be made available through a standardized interface,
  • Vehicle immobilizer programming must also be made available. Herron noted this security-sensitive information might be made available through a third party, such as the National Automotive Service Task Force (NASTF).

Aftermarket Association Recognizes Progress and Shares Concerns
First up was an Aftermarket speaker session hosted by ETI Past President Ben Johnson and featuring Aaron Lowe, Senior Vice President of Regulatory and Government Affairs, Auto Care Association.

“ETI has worked very closely with the Auto Care Association and other automotive associations (ASA, AASA) on telematics and other key issues in the past,” explained Lowe. “We are at a critical stage in the implementation for R2R this year. Beginning with MY2018, vehicle manufacturers will need to meet a number of requirements in order to comply with the National Memorandum of Understanding (MoU).”

“In February, the Auto Care Association sent a letter to all of the OEMs that had signed the MOU asking what their present level of compliance was and would they be fully compliant with legislation.  Many of the light-duty OEMs that responded have fully complied with the MOU, but we are concerned about the status of the others who have not. It also appears that heavy-duty OEMs are beginning to understand they have to as well, although most are still behind in complying.”

“Currently, there are several issues of concern to the aftermarket on the light-duty side,” he continued. “One is the lack of VIN-specific ‘as built’ data and adequate service and programming information for advanced driver-assistance systems (ADAS) in vehicles already being sold. Both are critical to providing a complete and efficient service/repair.”

“Cybersecurity is the other issue. It’s now everybody’s business, so automakers and the aftermarket must work together if customers are going to be as fully protected as possible. Automakers will begin keeping their software for MY2018 vehicles on cloud-based servers, which will be available for the aftermarket to download on a subscription basis to standardized and securitized vehicle communication interfaces, a contentious issue in itself that global standards organizations have yet to harmonize.”

“We are also concerned that the new way of performing diagnostics via the cloud may or may not be backwards compatible with earlier model years, so we are trying find out from manufacturers where they stand on that issue. To date, not all OEMs have replied. Some of those that did said they will include access to several earlier model years via the cloud, but by no means is that the rule for all manufacturers.”

During the National Accounts Panel discussion, several of the participants suggested vocational education and aftermarket training needed to be addressed to provide the industry with industry-ready personnel across a variety of roles. (Image — NASTF)

National Account Reps Focus on Propelling Education and Training Forward
Following the aftermarket association perspective, Kevin FitzPatrick, Farsight CEO, hosted the National Accounts Panel, during which other aftermarket representatives provided a number of comments and insights regarding R2R, training, resources and foci needed to keep pace with the service and repair new emerging technologies. The participants included:

  • Bob Augustine, Technical Training Manager, Christian Brothers Automotive.
  • Chris Chesney, Senior Director Customer Training, CARQUEST.
  • George Hoffman, Manager, Automotive Assets, Sears Automotive.
  • Rob Morrell, Director, Training, WORLDPAC.
  • Bill Nuckols, Service Operations, CarMax Auto Superstores.

“Exploding technology is creating service gaps that training at all levels — be it for aspiring technicians learning at vocational schools or aftermarket training for working technicians — isn’t keeping pace with,” explained Morrell. “Simply put, the complexity, diversity, service procedures and other information flooding the industry aren’t being adequately conveyed. Training isn’t just for technicians, either. They are so many industry roles, each of which needs a pathway of initial and continued education. This is an initiative the National Automotive Service Task Force (NASTF) is currently pursuing.”

“Education and training begins with OEMs, but aftermarket trainers also have a responsibility to step up.” he added. “Many OEMs help by keeping training current in school programs and aftermarket events. They’re the same ones whose cars are being fixed in the aftermarket. But the OEMs that don’t are not helping technicians, shops or, for that matter, maximizing the consumers’ brand experience.”

“R2R originally was about hardware,” shared Augustine. “Now it’s more about software, data and access. In these days automobiles having 80+ modules, there’s so much functionality out there, you need factory or fully functional scan tools to diagnose and perform complete repairs. Just imagine if the MoU hadn’t been reached.”

“There’s a training disconnect in the aftermarket,” he continued. “Too often at industry events, the brief description of a seminar doesn’t match what’s delivered or what the attendee was expecting. I also know that as an aftermarket trainer myself, that even with an accurate description, what I intended to deliver sometimes isn’t what the learners were looking for. That’s problematic.”

“We have a training maze we have to solve. We’re long past the days where getting two or three ‘ah-has’ in a training session justifies the expense and the time, let alone the needs, in attending. We must stay current in what we deliver and deliver more value. The trend from short seminars toward longer sessions that are brand- or system-specific training sessions is an indicator that service/repair facilities are beginning to focus their training investment on the major brands or systems they service, while outsourcing expertise for the rest.”

“Right-to-repair, in and of itself, doesn’t empower a technician to fix a car,” Chesney suggested. “Technology, information and required skills are propagating so quickly technicians simply can’t keep up they way we’ve been doing things. Even mobile diagnostic specialists are struggling to be fully capable for all cases. It’s led to the emergence of remote cloud-connected diagnostic firms, with brand-specific experts who are available to help shop technicians when they are dealing with a make and model outside their normal wheelhouse.”

“We need to stop dog-piling on technicians; it just isn’t working. We have to better assimilate incoming new technology and know-how, which can be overwhelmingly in volume and complex to absorb. We need to shift from what we’ve being doing to focusing on how do we get and keep technicians ready and capable to work on any vehicle anywhere, now and into the future.”

“Rather than chasing new technology, we must leverage it in education and aftermarket training,” he added. “One way to do that is for both vocational education and aftermarket training to begin moving toward being system-specific, rather than vehicle-specific. If we teach a technician how a system works in training, then they have the basis to apply the knowledge to specific vehicle applications, with the help of other now readily available resources. This is a strategy we are currently implementing at CARQUEST.”

The heavy duty vehicle industry has a separate MOU than the light duty vehicle industry. Of note, the heavy duty MOU applies to both vehicle manufacturers and component manufacturers, as shown in the image above. (Image — Auto Care Association)

Heavy Duty Right-to-Repair Compliance is Slow, but Coming
In 2015, on behalf of the heavy duty (HD) industry, the Engine Manufacturers Association signed a MOU separate from the light duty industry’s. Unlike the light duty agreement, the heavy duty MOU included both manufacturers of HD vehicles over 14,000 GVW, as well those who made HD components for them. The HD MOU requirements included:

  • Access to diagnostic and repair information for 2010 and newer commercial vehicles.
  • Related information, such as the locations of sensors and computer modules must be available to owners and independent repair facilities on a monthly and yearly subscription basis.
  • Tools available that incorporate same diagnostic, repair and wireless capabilities that manufacturer makes available to dealer must also be available to the aftermarket.
  • Data stream information to be provided to aftermarket scan tool companies, subject to appropriate licensing, contractual or confidentiality agreements.
  • As-built parts information, such that correct replacement parts can be used for repair.
  • There were also some exclusions noted, such as information not related to diagnostics or repair, trade secrets, and certain immobilizer systems and reprogramming only available from manufacturers through a separate secure system

At ToolTech 2017, Kenneth DeGrant, Heavy Duty Products Manager at Drew Technologies, provided attendees with and update on the HD vehicle and component manufacturers efforts to meet compliance stipulations. “Currently, NASTF maintains the formalized HD weblinks. Those seeking this information can click on HD Diagnostic and Reprogramming Information or HD Service Information respectively to source that data.”

“Prior to ToolTech 2017, I contacted all 13 of the major OEMs and component suppliers (engines, transmissions, and ABS) and asked them to respond to a survey. The survey questions fell into two categories:

  • Licensing for Diagnostics/Reprogramming — What is the status of RP1210 or J2534 compliance for diagnostics software and protocols? When and how will it be made available to the aftermarket? What is the licensing period for diagnostic/reprogramming information?
  • Licensing for their Service Information System — What is the status of their service information system? When and how will it be made available to the aftermarket? What is the licensing period for service information?”

“So far, seven HD OEMs have responded. These include Caterpillar and Cummins, both engine manufacturers; Allison and Eaton, both transmission manufacturers; as well as Bendix, Haldex, and Meritor-WABCO, manufacturers of brake systems.” For the balance of his HD Right-to-Repair Update, DeGrant reviewed the responses, highlighting the anomalies for attendees.

“To date, while not everyone has responded yet, of those who did, most are making great headway,” DeGrant noted. “Following ToolTech, I will continue to reach out to those who have yet to respond, as well as try to work with the HD OEMs to address any compliance shortfalls. which I will keep ETI apprised of.”

To prepare for the OEM Panel at ToolTech 2017, automakers were asked to fill out a standardized table showing their compliance status for each of the R2R requirements stipulated in Section 2 of the Light Duty Vehicle MOU. A weblink to view each automaker’s compliance status is provided below. (Image — ETI)


Light Duty OEM Vehicles Complying with the MOU
Brian Herron, the new ETI President and Vice-President of Drew Technologies moderated the Light Duty OEM panel, which was comprised of representatives from seven automakers. The participants included:

  • Kurt Immekus, Service Compliance Specialist, Volkswagen Group of America.
  • Craig Jeffries, Service Operations Manager, Subaru of America.
  • Bob Stewart, Customer Care and Aftersales, General Motors.
  • David Stovall, Manager, Service Technology Diagnostics & Telematics, Toyota.
  • Tu Tran, Regulatory Affairs Specialist, Porsche Cars North America.
  • Danny Uhls, Manager, Technical Information and Serviceability Aftersales, Nissan North America Inc.
  • Terence Vance, Asst. Manager, Electronic Service Systems, American Honda Motor Co. Inc.

Herron began by recapping the MY2018 compliance requirements of the National Memorandum of Understanding (MoU). “As of MY2018, all vehicles and resources — with the exception of ‘recall’ tools — must be compliant with the MOU. For service and repair professionals this means OEM diagnostic systems must be made available to anyone for a reasonable price, at the same ‘content level’ dealerships have, using a “Pass-Thru” interface such as J2534, RP1210, or ISO22900. In simple terms, if you can program at dealer, you must also be able to do likewise at any aftermarket shop.”

The MY2018 compliance requirements are listed in Section 2 of the MOU, which Herron made available in a summary of the OEM Panel here. During the panel, each automaker representative displayed their table showing MY2018 compliance with the MOU, then provided descriptions and details of supporting resources available, after which questions from attendees were taken. The answers even included a few unexpected surprises that demonstrated how voluntary collaboration can often yield more than the bare minimum that litigation could:

  • When the OEMs were asked what inbound challenges they see coming, several mentioned that the CAN network protocol is going to be replaced by a faster network protocols, such as CAN FD Ethernet and others.
  • Honda’s Vance addressed a question about the completeness of instructions for using tools. “Tools are made to be used, but are technicians actually reading the tool manual or ‘winging it’? We know that missing a clearly written step is common on the dealer side, so why not the aftermarket side?”
  • Toyota’s Stovall addressed a question about ADAS tools by agreeing that to calibrate ADAS components, technicians need the right factory tool available. “And yes,” he added, “There’s always been a disconnect between technicians and engineers: One can’t build vehicle, the other can’t fix them. So it sometimes takes time to get the resources to fix new technologies to market. But everything available to our dealers is also available to the aftermarket. So if the aftermarket is struggling, so are our dealers.”
  • Nissan’s Uhls announced that its J2534 reprogramming tool was now operating on Version 05.05, the first automaker to switch fully to the newest and much improved standard, introduced to the industry by ETI approximately 18 months ago.
  • Finally, VW/Audi’s Immekus, Honda’s Vance, and Toyota’s Stovall each announced that VIN-specific ‘As Built’ information for their vehicles is now available on their websites, unexpectedly addressing one of the aftermarket concerns raised earlier by Lowe.

Is it coincidence that a respectful and cooperative dialogue between automakers and the aftermarket can achieve this? Does it augur well for inbound technologies, such as ADAS, vehicle communication interfaces, cybersecurity and others? Think about that for a moment.

Now let me ask you:  Hasn’t history shown us repeatedly that this is the ETI way?

ADAS: Truths and Consequences

ETI panel shares Advanced Driver Assistance Systems insights, issues and trends
Contributed by Bob Chabot

The continued evolution of electronic integration into what was once purely mechanical components and/or systems is relevant to equipment and tool manufacturers, service/repair facilities, owners and technicians. In particular, Advanced Driver Assistance Systems (ADAS) are important gateways to improved safety, connected driving and autonomous vehicle development that is propelling the industry forward.

Awareness of how inspection, communication, service, diagnostics and repair procedures are executed is critical, and it’s getting more so with each new model year. In addition, proper ADAS tooling and OEM service information is crucial to performing complete ADAS-related service and repair. ToolTech 2017 featured an ADAS Panel, which keyed on these issues, moderated by ETI Member Robert Vogt, CEO of IOSiX. The esteemed group of panelists included:

  • Ted Ginnity, North East Sales Manager, Hella Gutmann Solutions
  • Kaleb Silver, Senior Product Manager, Product Management, Hunter Engineering Company
  • Craig Smith, Research Director of Transportation Security, Rapid7. Smith is also the founder of Open Garages, a distributed collective of performance tuners, mechanics, security researchers and artists.
  • Joshua Stone, Manager, Special Tools, American Honda Motor Company

The spiraling proliferation of ADAS functionality is increasing software on vehicles at an exponential rate, which is sparking significant changes in how data has been managed, processed, communicated and secured. (Image — Hella Gutmann)

ADAS Presents Technical, Operational and Business Challenges
The session began with each of the panelists making a brief presentation describing how ADAS was impacting their company and its customers. To help guide and focus discussion, Vogt asked a series of questions designed to garner comment and insight from the speakers. The session ended with a brief Q&A period for attendees. Here’ a brief synopsis of the topics covered.

Stone, Silver and Ginnity all agreed that nearly all 2017 and newer models will feature ADAS technologies. “Overall, nearly 95 percent of new vehicles today in the U.S. feature ADAS technologies,” Silver noted. “How much ADAS is onboard does vary though,” Ginnity noted. “The presence of ADAS content in European vehicles is about double that of U.S. made automobiles, but that gap is closing quickly.” One of the forces driving this is a change in safety rating criteria. For instance, the Insurance Institute for Highway Safety (IIHS) now requires certain ADAS features to be onboard for a vehicle to receive its highest safety rating.”

“While having the latest software patches is important for computers and cell phones, it is absolutely critical when it comes to safety within a vehicle,” Smith advised.  The typical high-end car has roughly 200 million lines of code, he noted. Industry-wide, software has an average of 15 to 50 errors per 1,000 lines, which means your average car has between 3 million and 10 million bugs buried somewhere within its code. “Hence, patching software to (1) debug and (2) keep it fully functional is a major ongoing challenge ADAS developers face.”

“The total time that a car is supported by the manufacturer from design through end-of-life is a related challenge,” he added. “The average car takes five years to go from initial development to production, after which they have an average lifespan of 11.5 years, which results in an average total of 16.5 years. That’s a very long time for software to go, with or without being patched, let alone changes in technology over that timeframe. In addition, history has shown us that many rental car companies and consumers won’t do patches, even when advised. But that doesn’t relieve OEMs and service professionals of their responsibility to advise vehicle owners.”

How software patches and updates are delivered is shifting in response to the proliferation of software in ADAS and other systems. As vehicle increasingly become part of the Internet of Things (IoT), connecting and interfacing with an ever-expanding spectrum of vehicle manufacturer, commercial and other services will follow. Consequently, the software in modern vehicles will continue to grow to millions of lines of ever-evolving code. Keeping this highly complex system of software, mechatronics and electronics up-to-date, let alone installing new software functions post sale, in a word, has become problematic.

Continental, in conjunction with satellite broadcast provider Inmarsat are now able to offer automakers the ability to provide over-the-air updates around the globe for the entire vehicle electronics suite with the simple push of a button. (Image — Inmarsat)

The traditional norm of having vehicle software updated done during a trip to the auto repair shop is being disrupted, with the effects about to impact service facilities, equipment and tool manufacturer, information providers and consumers. Many Tier 1 suppliers — such as Bosch, Continental, Delphi and ZF — are now developing technologies that enable over-the-air (OTA) software updates of electronic control units across the entire vehicle from powertrain to infotainment systems, without the necessity of a shop visit.

“Until recently the number of electronic control units in the vehicle connected directly or indirectly to the cloud has been extremely limited and the demand for OTA updates was low,” explained Helmut Matschi, head of Continental’s Interior Division. “But as vehicles have become more connected, uploading new functions, greater system complexity as well as the high need for security and safety has created a strong need for over-the-air updates. We can now offer automakers the most efficient and secure means to deliver common content OTA to millions of vehicles — from vehicle software and cybersecurity updates to precise positioning data — enabling vehicle owners to bypass the complexity of dealing with multiple mobile network operators and inconvenient service facility visits.”

While not all automakers have adopted the practice of diagnostic pre- and post-scans, the industry trend is headed that way. Several have position statements on the subject, such as Honda (above), General Motors, Toyota, Fiat Chrysler and others. (Image — American Honda)

Diagnostic Pre- and Post-Scans Address Risk and Liability Concerns
Jason Bartanen, the Director of Industry Technical Relations, noted that automakers are trending toward including diagnostic pre- and post-scans of vehicles as bookends to a collision repair. “While not all automakers have adopted the practice of diagnostic pre- and post-scans, the industry trend is headed that way. Many OEMs now either recommend or require the scans in their service information and/or written position statements. Several industry associations, including ETI, also have position statements supporting pre- and post-scans. For instance, click here to view the ETI statement.

“Technicians who follow proper pre- and post-repair diagnostic scanning procedures have the edge when it comes to customer satisfaction, because dashboard lights can’t tell you everything that’s going on with a vehicle’s electronics,” John Eck, Collision Manager for GM Customer Care and Aftersales. “With pre- and post-scans, technicians will start with the right diagnosis and right parts out of the gate, they’ll reduce repair cycle times and they should see fewer follow-up visits. More importantly, the scans will help ensure that the vehicle and its safety systems are returned to their pre-crash conditions.”

“In addition to Honda having a position statement on diagnostic pre- and post-scanning, service professionals need to be aware there are very OEM-specific tools and procedures to service ADAS technologies,” acknowledged Stone. “It causes us — and likely every automaker — great concern when ADAS repairs aren’t properly effected. At Honda, for example, we’ve noticed that some technicians — at both dealerships and aftermarket collision shops — take shortcuts.” To demonstrate this, he played a Honda “what not to do” video that showed many examples of how easily shortcuts can compromise ADAS service. “When all the necessary steps in critical safety systems are not properly made, it put lives are at stake. We as an industry must make sure service/repair technician not only knows what to do, but actually follows the proper procedures and steps to effect a complete repair.”

Fair enough, when the service information and other resources are readily available. But that isn’t always the case, for all makes and models, pointed out Aaron Lowe, Senior Vice President of Regulatory and Government Affairs, Auto Care Association. “VIN-specific ‘as built’ data and adequate service and programming information for advanced driver-assistance systems for some vehicles already being sold in the marketplace is not always available to service professionals. Yet both are critical to providing a complete, efficient and liability-free ADAS service/repair. Make no mistake: When the procedures are in service information, and a shop/technician takes on the responsibility for service/repair, they also take on the liability if substandard service is performed.”

“In the eyes of the courts, automakers and service professionals may take on liability to provide proper and complete repairs even without adequate information and procedures being available,’ Silver cautioned. “There have already been a number of incidents in litigation and reported in the press,” He cited a recent case involving Toyota lane change detection, an ADAS technology located in vehicle side mirrors. During the collision repair, the driver side mirror was not calibrated properly (sensor alignment was off of true by five degrees). The vehicle left the shop this way, and was involved in a subsequent accident, not because the lane departure system didn’t function, but rather because it wasn’t calibrated to do so accurately. As ETI President Brian Herron pointed out, “Pre and post-scanning is just the tip of iceberg.  You just can’t put the parts in and let the car roll away without knowing ADAS and other systems are working properly.”

For purposes of fully informing all vehicle owners in all cases (not just collision repairs), let alone the liability risks involved, this author wonders if the industry has gone far enough. Would it not be a prudent practice for all automakers to require diagnostic pre- and post-scans for all service/repair visits — whether collision or mechanical in nature? In particular, for any facility servicing ADAS-equipped vehicles, as the last shop visited, not checking and advising consumers could potentially be problematic for the shop, automaker, insurers and others in the line of fire.

The tool and calibration equipment investment required to fully service/repair ADAS, especially for European models such as the Audi Q7 above, can be expensive. In addition, calibrating ADAS systems often requires more clear shop floor space — wider and longer — than usual for a service bay to calibrate, align and program camera, radar and other ADAS sensors (Image — Hunter Engineering Co.)

Calibration is the Elephant in the Room
“ADAS is a game changer,” Silver explained. “It takes additional time, tools and equipment, as well as shop floor space to effect ADAS service and repairs. For example, it takes a significant investment by a shop to buy all the tools and calibration necessary to provide ADAS services, especially in the case of European brands. In addition, that investment can be significant for each brand, as tools and equipment are brand- and sometimes model-specific.”

“Hunter customers are seeing ADAS impact wheel alignment and other services they provide,” he continued. “For example, once a wheel alignment has been completed, many automakers now require checks and calibrations for lane departure, adaptive cruise control and other ADAS technologies. These include steering angle sensor resets, verifying that camera, radar and Lidar equipment is properly positioned and aligned (with respect to the vehicle’s direction of travel), and even replacing windshields equipped with sensors.” He then shared Audi, Fiat Chrysler, Ford, and Nissan videos to demonstrate this.

“Anytime we launch a new vehicle model, we ship the necessary tools and calibration equipment to our dealers,” Stone added. “They don’t get a choice, and they are charged for it. Aftermarket shops are able to purchase it at the same cost as dealers.”

“In my experience, that’s a fairly standard practice across automakers,” continued Ginnity, who leads Hella’s Diagnostic Project, which is trying to facilitate the service/repair of ADAS technologies by aftermarket shops that work on multiple makes and models. “But there’s no question in my mind that the industry needs to take a systems approach. For example, standardization of the tools, equipment, procedures and other requirements to service and repair ADAS would greatly ease the burden faced by service and repair facilities. It’s clear that while we all recognize this, but getting there is still a long way off.”

Calibrating sensitive ADAS technologies in vehicles requires expensive and often bulky equipment. Automakers typically specify the equipment required for its makes and models, making the investment by a multi-brand aftermarket shop expensive. But similar to the evolution of scan tools, some aftermarket companies have developed more generic and affordable calibration equipment, such as Hella Gutmann’s CSC tool pictured. (Image — Hella Gutmann)

“The advent of ADAS, telematics and other software-intensive technologies has, and will continue to change the industry,” Smith shared. “In the past, our focus was more on making repairs that were more mechanical than digital in nature. Connected and integrated systems like ADAS have forced a paradigm shift. ADAS systems provide customers with information, largely software-derived, to help them make better decisions. We must align our services and performance to meet customer expectations.”

“Our role in ADAS service and repair technologies is to bring vehicles back to their original design intent,” he continued. “With ADAS, we aren’t making traditional modifications. Right now, for the millions or cars on road or coming down the pipeline, our checks and calibration procedures are more rudimentary and physical in nature. In time, however, we can expect to have tools, equipment and other resources with built-in intelligent learning and to help perform these service more thoroughly, automatically and efficiently.”

Summing Up
Following the ADAS session at ToolTech 2017, I asked Moderator Vogt to summarize the takeaways he saw for ETI members. “In general, I think it’s very interesting to see how fragmented the calibrations space is for these very similar systems.”

“This will create both waste and opportunities for ETI, its members and the aftermarket in general. All of the purchasing of thousands of expensive specialty calibration targets, tools and other resources for each make-model-year makes for an unnecessary waste. Ways that improve the fragmented calibration space or monetize the rental or sharing of the calibration targets are two examples of opportunities.”

“It’s also important for OEMs to understand the impact of inconsistent testing procedures as well as the measures users may take to get around them, which could easily compromise safety. And as ‘smart’ vehicle and transportation systems evolve, security will be a huge part of ADAS going forward.”


ETI Inaugural Automaker Recognition Award Winners Announced

Automakers recognized for supporting ETI members and the aftermarket
Contributed by Bob Chabot, ManicMedia LLC

The Equipment and Tool Institute (ETI) presented its first-ever Automaker (OE) Awards. The awards were created to achieve four goals, namely to:

  • Inform automakers what the perception of them is by the industry relative to “OE’s as partners.”
  • Educate the ETI’s membership and industry on perceptions of the OE’s by the industry.
  • Recognize those OE’s that clearly have better engagement with the tool, information and equipment providers that comprise the ETI membership.
  • Provide all OE’s with a “balance sheet” each can use to better measure their industry perception and participation.

“ETI considers itself as the liaison between the companies that build service equipment, tools and service information and the vehicle manufacturers,” noted Ben Johnson, the director of Product Management for Mitchell Repair Information Company LLC, and host of the OE Awards session. “It allows us to facilitate a dialogue that provides us with insights into what those new vehicles are going to be and can ensure we are delivering the right products to help the aftermarket service/repair industry support those new vehicles.”

The methodology used to determine the awards began with an 11 Point OEM Support Survey, which was sent to all ETI delegates, Each of the questions referenced unique criteria, and were pre-assigned to one of four awards. The ETI delegates were asked to rank the OE’s, based on the criteria in each query. The delegates’ scored responses were then tabulated to determine rankings by criteria, and when grouped, overall award winners.

“The 11 survey questions containing the criteria (listed in the table) were chosen with the three specific awards and one overall award in mind,” Johnson shared. “The complete rankings for each criteria were shared earlier with automakers, and the ETI wanted to share the full results.”

”For your convenience, the yellow-, orange- and blue-shaded criteria in the table reflect how they were used to determine three specific category awards and one overall award,” Johnson explained. “The green-shaded criteria in the table was relevant to all three specific awards, so it was used in all three categories. To determine the overall aggregate award, all of the color-shaded criteria were used. Of note, the nonshaded criteria at the bottom of the table addressed the emerging field of telematics. It was not used to determine any of this year’s awards. Rather, it was used to probe awareness and gather data, with a view toward having an inaugural telematics award category next year.”

Johnson then announced the inaugural winners of four awards:

  • Toyota Motor Sales was chosen as “The OE Most Supportive of Scan Tool Companies.” Delegates appreciated Toyota for providing scan tool companies with good data at reasonable prices.
  • Fiat Chrysler Automobiles was recognized as “The OE Most Supportive of Service Information Companies.” The voting delegates viewed Fiat Chrysler as best at providing service information companies with easy-to-consume content at reasonable prices.
  • Toyota Motor Sales was ranked by delegates as “The OE Most Supportive of ETI Events.” This award recognized the value of information shared with attendees at ETI events, participation in scheduled private one-on-one meetings, being responsive to ETI member questions and more.
  • Toyota Motor Sales also received ETI’s first ever “Annual Industry Recognition Award.” This award recognizes the automaker ranked highest overall by ETI member companies, as aggregated from all criteria rankings.

Toyota Motor Sales delegates congratulated by Greg Potter (far left) and Ben Johnson (far right) as the automaker that provides the best level of support to ETI’s tool, information and equipment providers. (Image — Equipment and Tool Institute)

“All of us at Toyota really appreciate the recognition from ETI members and the awards we received,” stated David Stovall, manager of Diagnostics and Telematics at Toyota Motor Sales. “Ultimately, the support we provide as an automaker, wherever customers choose to get their vehicles serviced, matters. It’s what keeps them coming back.”

Fiat Chrysler Automobiles representatives recognized as the automaker that provides the best level of service information to ETI’s tool, information and equipment providers. (Image — Equipment and Tool Institute)




“ETI members have been long aware that automakers do support the automotive aftermarket,” Johnson emphasized. “These awards allow us to recognize, publicize and help educate others about OEM efforts to support customers when cars roll off the assembly line, wherever they choose to have them serviced.”

“The Equipment and Tool Institute values our relationship with the automakers and understands the importance of working together to better the industry,” noted Jessie Korosec, ETI Marketing and Events Manager. “We feel it is important to recognize the automakers that make significant efforts to supply our member companies and the aftermarket with access to complete information to ensure mutually beneficial outcomes are achieved. It’s also vital to make sure that our members’ voices are being heard so that we can better serve them and act as a conduit to industry partners to ensure that vehicles are being repaired safely and correctly which, in turn, influences customer satisfaction and brand loyalty.”


Message from ETI Executive Manager Greg Potter

Hello ETI members and partners. It has been another very active and successful year for ETI.

We continue to add to members equity and keep our membership at our highest levels.

Our challenges also seem to grow with our success as vehicles get more complex and more difficult to service. But this is nothing new, we have been talking about this every year since I have been in the industry, and that has been a few years….

Our industry is robust and we have been very resilient and have continually overcome many of these issues in the past and I assume we will again in the future with your support.

The aftermarket, as a whole, is very strong and market studies from both AASA and ACA indicate more strong years to come.

The average age of the vehicle park continues to grow, and as we know these vehicles as they pass out of warranty find themselves quickly in the aftermarket for service.

Our collision industry is facing even greater pressure as these vehicles in for service can be very new, and the service procedures are increasingly complex.

The partnership between OEM’s and the independent service and tool/equipment providers is more important now than ever. We treasure our relationships with our long-term OEM partners in this industry. It is unique compared to other markets and the reason is that we need each other. We are both working for the same goal. To give our customers a great service experience and keep them loyal to our brand.

At our Tool Tech conference, we addressed many of the challenges we face heading into a rapidly changing future. I hope you all had a chance to attend this event, it was a great success.

I know our planning committees have worked very hard to give you a great program and the surveys reveal we did just that!

We are entering a new era. The days of “business as usual” for Scan tool makers is changing fast. Due to security concerns the ability to reverse engineer will become much more difficult if not impossible using current methods.

Diagnosing electrical/computer systems on today’s vehicles is essential for nearly any repair.

Allowing aftermarket companies the ability to create their own diagnostic software is an important part of the current repair industry. The aftermarket creates some of the best diagnostic software in the industry. They have collected vast amounts of data from previous repairs and use this information to help guide technicians to root causes with highly intelligent algorithms. In many instances, they do a better job than the manufacturers software for vehicles a few years old.

Therefore, the importance of receiving complete and accurate data and diagnostic routines from the OEM’s in order to create this software is a benefit to both the OEM and the aftermarket.

At the last two Tool Tech conferences, I discussed the future of vehicle diagnostics and the associated establishment of Authentication, Authorization and Secure Session procedures/standards.

These efforts are continuing as we work closely with OEM’s, their tier one suppliers and our aftermarket partners to forge a viable, secure and fair solution to both wired and wireless vehicle data access.

In September, The Committee on Energy and Commerce, chaired  by Representative Fred Upton, sent this letter to Mark Rosekind, Administrator of the National Highway Traffic Safety Administration to work with the associated stakeholders and develop a plan to address a concern about cyber security and in specific security at the OBD-II port.

The letter was cc’d to US EPA, The Auto Alliance, Global Automakers, SAE, AutoCare Association and California Air Resources Board. Quote – “As such, we are writing today to request the NHTSA convene an industry-wide effort to develop a plan of action for addressing the risk posed by the existence of the OBD-II port in the modern vehicle ecosystem. This will require an open and collaborative process to ensure that all interested stakeholders have an opportunity to contribute to this discussion…”

The Aftermarket and OEM associations responded with our combined support for the effort, and our desire to work together for a fair and equitable solution.

SAE then responded to NHTSA that the effort falls in their domain should be led by them and that they would reach out to the affected parties to develop a plan to address this issue.

SAE has now formed the Data Link Connector Vehicle Security Committee, SAE J3138 to develop some standards, recommended practices and informational reports to help guide the industry and ETI is fully engaged in this process

So, once again, albeit 3-4 years late in our opinion, we are promoting a standardize and unified process for secure authorized access for all legitimate stakeholders. One that will provide multiple access in a fair, equitable, safe and secure way.

I also encourage our membership to participate on this committee and several have stepped up to help make sure the aftermarket is well represented in this solution.

Keep in mind that whatever solution prevails for not only remote access to in-vehicle networks, but even direct wired connections for enhanced diagnostics and reprogramming, the new methods will include some sort of Authentication, Authorization, Secure Session Establishment and Rights Management.

As mentioned last year as well, we are also seeing a further merger between what was once quite separated repair segments. Electronics for driver assist to near full autonomous vehicles have pressured the collision repair industry into new repair process and tools. One issue of note is the plethora of tools and procedures for calibrating the driver aid devices.

Every manufacturer has unique tools and procedures for calibrating and testing these systems.

The tools alone are causing major issues and barriers for multi-brand repair facilities at which are most collision repair shops. We encourage work on a multi-brand solution to this issue.

2016 was the year of the Pre-Post Scan debate in the collision segment. ETI plays a very important role in this debate. To ensure that shops have the ability to property and fully repair todays’ vehicles, it is even more essential that the aftermarket scan tool companies have access to complete and up-to-date data from the manufacturers so their tools can perform the needed functions to fully scan and diagnose issues with newer models than is normal in the mechanical repair segment.

Early in 2017, the ETI Board worked through a facilitated strategic planning process to keep us focused on the needs of our members.

This is just a first step in a continuing evolution process that helped us to re-confirm most of our current beliefs and realize some new opportunities.

A strategy map was developed as a result that we can refer to as we progress with our goals and opportunities.

Three key initiatives that we will focus on are 1) Member Engagement,  2) Data Information and Access, and 3) OEM Engagement.

ETI’s Summer Tech week is here. We will have direct meetings with GM, Ford, FCA and VW/Audi the week of June 12. Please attend and support this important event and enjoy our OEM appreciation dinner at Meadowbrook Hall June 15th.

Winter Tech Week will be held in the US this December 4-7 based at the Hyatt Newport Beach California and Tool Tech 2018 will be May 1-3 at the Lowes Ventana Canyon in Tucson please save these dates.

All the best!

Greg Potter
ETI Executive Manager


ETI Market Research: A Compass with a Heart

ETI is critical to both the manufacture and serviceability of automobiles
Contributed by Bob Chabot, ManicMedia LLC

Increasing complexity of vehicles continues to impact the automotive aftermarket. In particular, those who service and repair automobiles are directly affected — many of who are customers of the tool, equipment and information suppliers that comprise the membership of the Equipment and Tool Institute (ETI). That makes awareness of, and preparation for, emerging technologies essential must-haves.

“Developing a thought-leader position on this topic is central to ETI’s role as a facilitator and bridge between automakers and aftermarket service/repair,” explained ETI Executive Manager Greg Potter. “ETI is positioned to work on things other people and organizations in the industry cannot. That’s part of the unique value our members provide.”

“Every year the ETI Marketing Committee develops a Market Research Project in an effort to promote a better understanding of the landscape of the industry and to assist our members in bringing new and improved equipment and tools to the marketplace. ETI uses this research to help all segments of the automotive industry provide aftermarket shops with better equipment and solutions.  This year ETI commissioned the Automotive Components White Paper, conducted by The Martec Group. The white paper provided valuable insights, impressed upon ETI members their value to the automotive aftermarket industry and encouraged further involvement by tool, equipment and information suppliers,” said Jessie Korosec, ETI Marketing and Events Manager.

“ETI market research studies and white papers deliver valuable industry information to aftermarket tool and equipment companies and are amongst the many benefits we offer our members,” shared Jessie Korosec, ETI Marketing and Events Manager. “New technologies create challenges for ETI and its members to be prepared to provide products and services which enable the aftermarket to maintain and surpass the level of service the public expects for these new vehicles. In turn, properly repaired and serviced vehicles lead to increased customer satisfaction, which translates to brand loyalty toward the vehicle manufacturer.” (All images — ETI / The Martec Group)

Meaningful Direction That Can Drive Your Business Forward
“Technology is running faster than the industry,” noted Ben Johnson, who presented the findings of the white paper to ToolTech 2017 attendees.  Johnson is a Past President of ETI, serves on the Marketing Committee, and is Mitchell 1’s current director of Product Management.

“What if in the coming automotive era of Advanced Driver Assistance Systems (ADAS) and other complex technologies, something catastrophic happens?” he posed. “Without OEMs being diligent and thorough in helping to enable the service and repair of vehicles in the aftermarket, what would that say to consumers? Specifically, if owners can’t get the vehicles serviced where they choose, how would they feel about the brand they purchased, let alone when their next purchase occurred?”

Johnson informed attendees the market research project began on January 23, 2017 and concluded with a final report on April 6, 2017. He then shared details of the white paper’s methodology and focus, as well as several of the insights garnered by the marketing workgroup.

Martec’s primary research for the white paper consisted of direct interviews (telephone and face-to-face) were with equipment, tool and information providers; service and repair shops; market research partners; key customers; and third party industry sources. In addition, Martec also gathered and considered extensive secondary research comprised of technical reports, patents, research data; company reports, government studies and other relevant information.

Martec then focused on identifying current and emerging technologies that had traction in the marketplace by:

  • Evaluating various vehicle systems/components — To better understand the long-term impact on service and repair, and specifically the tools and equipment required, it is critical to consider technological trends and take their pulse. For example, which are on the rise? Conversely, what components/technologies are in decline, are being phased out, and/or are becoming obsolete?
  • Analyzing the factors impacting the way vehicles will be engineered in the future — Here the white paper’s considered primary systems (such as valvetrain, engine, exhaust, brakes, fuel supply, transmissions, steering and suspension, etc.), with a focus on specific impacts on scan tools, mechanical systems, shop management, equipment and other interests vital to ETI members.


Based on research, ETI team input and industry expert insights, The Martec Group, in conjunction with the ETI workgroup, prioritized future automotive technologies by expected introduction.



Like Cause Leads to Effect, Implementation Spurs Preparation
The ETI white paper explored the future of components across automotive systems. A list of nearly 45 components was identified during research. Following discussions with ETI’s workgroup, this list was pared down to 13 components deemed to be “on the rise” and most likely to impact the industry. In addition, the workgroup sorted the components by their expected implementation timeframe — current (1-3 years), short term (3-6 years) and long term (6+ years).

Of note, the 13 shortlisted components showcased several key technological themes members and the aftermarket should be cognizant of. These included safety innovations, (e.g. ADAS); fuel economy/CAFE mandates (e.g. engine downsizing, turbochargers, hybrids,10-speed transmissions, fuel tank and exhaust EVAP controls); electronic solutions (e.g. software/telematics, drivability, sound, telematics, and connected driving), and a transition toward 48-Volt electrical/electronic architectures.

“The outlook for the automotive components reported in the white paper is very promising, particularly in regards to the opportunities pertaining to safety, fuel efficiency, electronics and new technological solutions,” advised Dan Bielak, Martec’s senior market analyst who managed the white paper project. “It will be interesting to see how and when these new complex components and technologies impact the aftermarket.”

“For example, some technologies such as ADAS have already appeared in aftermarket shops; more advanced ADAS technologies are inbound. Other innovations won’t affect shops until they have been implemented on new vehicles for three or more years. For example, in the longer term, autonomous driving is arguably one of the biggest drivers, as it may well disrupt not only the aftermarket, but also transportation systems, consumers and others in significant ways.”

Insights Expose Opportunities
“The primary purpose of ETI’s white paper was to provide insights found nowhere else in a nice summary format,” Johnson shared. “With this valuable white paper, executives can decide how their companies are impacted and take appropriate steps to be ready for the inevitable future outlined in this document.” He then briefly reviewed each of the 13 component/system areas, and shared a number of insights and opportunities the members of workgroup identified. Here are a few of them/

Of all of the different systems/components explored in the white paper, the workgroup believes that software and telematics could have the greatest long-term impact on the automotive aftermarket. The total value of software and electronics in automotive applications is expected to reach 60 percent of the total vehicle value by 2020, which is up from 23 percent in 2000.

 Software, Electronics and Telematics — Automakers are closing the gap with aftermarket tech firms that had established an early lead in certain critical areas, such as centerstack infotainment software (e.g. Apple CarPlay and Google’s Android Auto) and cybersecurity (e.g. Argus Cybersecurity). “Just three years ago, GM had 60 engineers working on cybersecurity; today, more than 160 engineers are employed in this area alone,” shared Bob Stewart, manager of aftermarket service support for General Motors.


Expect ADAS to also continue advancing through 2025, transitioning into fully autonomous vehicles. To date however, the availability and completeness of OEM service information sometimes lags behind the rollout of ADAS technology.

Advanced Driver Assistance Systems (ADAS) — ADAS currently is being integrated by OEMs in premium vehicles, and is starting to be introduced into mid-level cars. The workgroup believes ADAS will be rolled out in phases, with full functionality still three to six years out. The National Highway Transportation Safety Administration (NHTSA) has incorporated the AEB system — comprised of Forward Collision Warning, Crash Imminent Braking and Dynamic Brake Support systems — into its 5-Star Safety Rating System. Automakers must include these crash avoidance technologies in order to receive the award for new vehicles.  Automakers and their suppliers need to rectify these concerns.

Market analysts expect 48Velectric architectures to grow rapidly across all vehicle segments over the next decade and beyond.

48Volt Electrical Systems — 48V architectures are enabling internal-combustion engines to become more efficient by providing more electrical power needed to run increased electrical content in vehicles. Examples include semi- or fully autonomous systems, electronic components, infotainment features and more. In addition OEM engineers expect the advent of 48-volt electrical systems to also enable new mild hybrids that achieve a 70 percent improvement in efficiency at only 30 percent of the cost of current hybrid technology.

“The most exciting component in the white paper, to me, is the emergence and proliferation of 48V systems and how they connect with most or all of the other advances,” Bielak stated. “Over the course of Martec’s secondary research, market analyst firm IHS Markit shared a couple of informative insights: (1) Expect 48V technology to make its way into one-fifth of all vehicles sold globally by 2025; and (2) More specifically, the global market for 48V mild hybrids is expected to increase ninefold between now and 2025, with a total of 14 million vehicles expected to enter the market.”

Until very recently, wiring diagrams and communication network topology schematics typically showed electronic control modules and connections. But the rapid proliferation of electronic sensors and actuators inherent to many of the technologies in the white paper is changing that. According to Bob Pattengale, Bosch’s national training manager, “Some OEMs are beginning to include the relevant sensors and actuators as well (e.g. the Cadillac Temperature Control System wiring diagram above, courtesy of Bosch and GM).” Extending this practice to other vehicle systems, such as ADAS, would help technicians make more accurate diagnoses and efficient repairs.”

It’s No Longer “Business as Usual”
“The challenges for ETI members continue to grow as vehicles become increasingly complex and harder to service,” concluded Potter. “Consequently, fostering the ongoing partnership between OEMs, tool/equipment/information providers and independent service/repair facilities is more important than ever. It is vitally important that all in the vehicle service/repair value chain understand these new and emerging technologies, as well as how they will impact the industry.”

“The overriding insight from the white paper that sticks in my mind after participating in developing this white paper is the effort needed to train technicians working in dealerships and aftermarket facilities to be able to efficiently and accurately service and repair next generation vehicles. From making sure we have appropriate diagnostic and hand tools to diagnose and service these new technologies to making sure repair information is available, this is a challenge that will continue to grow as even newer technology finds its way into vehicles.”

“The white paper will soon be available to ETI members wishing to view details about the findings and the components in full,” Korosec advised. “An email will be sent to ETI members with instructions on how to access it.”