The Equipment and Tool Institute Hires Julianne Sweet as Marketing and Events Manager

The Equipment and Tool Institute today announced that Julianne (Juli) Sweet has joined the organization as the Marketing and Events Manager.  Juli will be responsible for directing the Institute’s marketing programs, activities and events.  

Juli brings with her 15 years of experience coordinating, managing and delivering successful meetings and events. Juli has a proven track record of creating innovative and memorable experiences for attendees of all types.

In addition to events, she will also be responsible for ETI’s marketing efforts, overseeing ETI’s brand management across all platforms. She will handle marketing plans, strategies and implementation including ETI Social Media accounts e.g., Facebook, LinkedIn, and Twitter.

Juli worked at NGK Spark Plugs (U.S.A.), Inc. as their Corporate Events Planner responsible for highly-detailed development of events and promotions aimed at engaging sales staff and clients.  She has extensive knowledge in negotiating contracts, site and vendor selection, budget management as well as full execution of plans for all major corporate events, including North American sales and marketing meetings, international customer trips and other industry events for the Aftermarket and OEM departments.“Juli will bring us some hi-powered experience in creating and marketing memorable events. She is hitting the road in full stride in quickly grasping the wheel for our next Tool Tech event rapidly approaching April 30 through May 3 in Tucson, AZ!” stated Greg Potter, ETI’s Executive Manager.

Juli attended Central Michigan University and graduated with a Bachelor of Science in Education and Psychology.   

Founded in 1947, the Equipment and Tool Institute is a trade association of automotive tool and equipment manufacturers and technical information providers. ETI’s mission is to: Advance the vehicle service industry by providing technical data and open dialog between the manufacturers of transportation products, government regulators and the providers of tools, equipment and service information.

For more details about ETI programs and activities, contact Juli Sweet, Marketing and Events Manager, Equipment and Tool Institute, 37899 W. 12 Mile Road, Farmington Hills, MI  48331. Cell: 248-412-3460 / Office: 248-656-5085; Email:

Equipment and Tool Institute
37899 W. 12 Mile Road
Suite 220
Farmington Hills, MI  48331

Letter From ETI Executive Manager Greg Potter

As all of our businesses look to the future we all see many of our current dynamics changing.

Electrification, connectivity, shared mobility and the advancement of the autonomous vehicle are redefining our transportation ecosystem. With these technologies come concerns for cybersecurity.

Tool companies are worried how they will be able to communicate with new vehicles that now employ security mechanisms to prevent un-authorized access to the in-vehicle networks for cybersecurity reasons. While understandable for the un-authorized “Hacking” situation it brings along with it the unintended consequences that make many current scan tools obsolete and unable to perform many of the service routines necessary for a safe and proper repair. This in a marketplace where roughly two-thirds of vehicle service is completed outside of the manufacturers franchised network and aftermarket scan tools are the primary tool.

Auto manufacturers are looking at a future where there won’t be a “car in every garage”, where shared mobility will be advancing and vehicle numbers may drop but vehicle utilization will increase. Many young, especially urban youth do not want to own a car. The cost of vehicle ownership just does not justify their personal utilization. The vehicle cost and associated depreciation along with parking, insurance, maintenance etc. is reducing the desire for vehicle ownership for many. For these reasons and others, auto manufacturers are looking for new business models for revenue that leverage what todays cars have become, a computer on wheels.

Therefore, the new competition is all about data. Data access and data ownership are key issues we are all looking at.

To this point, ETI supports the inclusion of the vehicle data access and control amendment in the “American Vision for Safer Transportation through Advancement of Revolutionary Technologies” (AV START) Act (S 1885) by the Senate Commerce committee.

The amendment requires that the Department of Transportation convene a federal advisory committee comprised of stakeholders to provide recommendations to congress “With respect to the ownership of, control of, or access to, information or data that vehicles collect, generate, record or store in an electronic form…”

While ETI’s focus is centered on data necessary for vehicle repair and maintenance, our ability to just do that is being hindered in this bigger picture over data access and ownership. Therefore, we feel this issue needs to be addressed in a fair and reasonable inclusionary process. Our hope is that this amendment is a step in that direction.

2017 COMVEC Conference and 2017 OBD Symposium

Update from ETI Technical Manager Rick Matz

2017 COMVEC Conference

The 2017 Commercial Vehicle Conference was once again held in Rosemont IL.  This time, instead of being held at the Rosemont Conference Center, it was at the Crowne Plaza Hotel.

It was noticeably smaller, with fewer vendors and a smaller attendance. Still, a good program of presentations where given. I was surprised by the smaller conference as the heavy duty sector is receiving so much pressure from the EPA and CARB to eliminate emissions.

The main themes were Emissions and Big Data with regards to Autonomous Vehicles, Machine Learning and Simulations. There were again Cyber Security presentations, but these were the same people presenting basically the same information as previous years. The take away from this is that while cyber security is an important enabling technology, the panicked frenzy on the topic has somewhat subsided and progress is methodically being made.

I spent most of my time in the Big Data presentations.

Much of the content of the presentations on Machine Learning had to do with Autonomous Vehicles. While Machine Learning is a powerful tool, testing an ML program for any sort of certification is going to present a problem.

On the plus side, the “lessons learned” from thousands of vehicles on the road could potentially be uploaded every night and downloaded the next day to make the fleet as a whole more intelligent.

On the negative side, how do you present enough test cases to an ML program to get appropriate responses in the first place, before you turn them loose on the road?

Having said all of that, the industry is coming around in saying that there are some significant headwinds to the widespread introduction of autonomous vehicles.

The technology will certainly be solved first. That isn’t the immediate problem. The immediate problem is how to apportion liability.

If you buy an autonomous vehicle and there is an accident, are you liable? The software writer for the AI behind it? The sensor suppliers? It’s a huge question that the industry is grappling with now. Maybe whole new business models will need to be developed.

A second headwind is legislation. Before Level 5 autonomous driving (no steering wheel or pedals) is widely deployed, we can count on a long period of Level 4 driving (a human is present behind the steering wheel and can take over control) first. Presently there are restrictions on how long a driver can be on the road, behind the wheel. What will happen to these restrictions when the human is present, but not necessarily doing anything? Will licensing requirements change? These questions can open a whole new can of worms.

Autonomous vehicles are going to be expensive, which is why we will probably see them deployed in large numbers in the heavy duty sector first, where vehicles are already expensive and can most easily absorb the increase in cost, from a marketing perspective. Autonomous vehicles are already finding their way into agricultural and mining operations.

2017 OBD Symposium

As usual, there were excellent presentations given at the OBD Symposium, but it seemed to me that once again, there were fewer vendors. The room seemed smaller and attendance lighter than the last one which was held in Indianapolis.

What leapt out at me was China 6 emissions regulations in particular, and the number of countries in general that are all implementing their own regulations.

They all have two things in common: the regulations are based on existing OBD II or E-OBD regulations and the local regulators, certification agencies and technicians have little or no background, experience or expertise on anything to do with emissions. Where in both the US and Europe, OBD regulations have been implemented bit by bit over decades and a whole generation of engineers have grown up in this environment, these countries are going to try and swallow the whole program in one bite.

This strikes me as a great opportunity for our members for training, consulting, etc., if they have the contacts. The demand in China should be huge.

Other notable presentations included one by Nissan on a security gateway, which looked very much what ETI has been supporting for years now. An update was given on J3005; that it was going to go to ballot the week of 10/2/17.

For J1979, between the timing for the next round of both heavy duty and light vehicle rule making;  and the fact that the two byte DTCs are being consumed quickly, it looks like everyone is going to have to move to UDS. The timing is up in the air right now, and a final decision hasn’t’ been made, but that is the way the future seems headed.

ETI Technical Update

By Rick Matz
ETI Technical Manager

I attended the 2017 Telematics Update Detroit this year and from what I saw, I believe that this segment is finally getting beyond hype and achieving maturity.

The TU who managed the event said that they had record attendance this year. I have no doubt about that; the venue was pretty packed. What struck me was the exhibitors who showed up with their displays.

In the past, every year seemed to have an unofficial theme which was indicated by the exhibitors. In the early days, it was the semiconductor suppliers who were showing off their graphics display controllers. More recently, it seemed that every other booth was manned by a cyber security company. Other years were dominated by companies providing cellular connecitivty (MVNOs: Mobile Virtural Network Operators), insurance telematics service providers (TSPs), dongle manufacturers and so on.

They were all there this year, but for the first time that I can remember, it was a more balanced exhibition. That indicates to me that companies weren’t rushing to display the latest hype, but were thoughtfully choosing to participate based upon market demands.

Another indication of the growth of maturity in the telematics segment was the presentations.

We again had the Cyber Security presentations, which are certainly relevant as cyber security is the enabling technology for nearly everything telematics promises to deliver in the future.

The Auto ISAC (Information Sharing and Analysis Center) was again front and center presenting itself as the focal point of everything related to security in the automotive sector.

The Auto ISAC membership began with the OEMS, then started adding key Tier 1 suppliers. It is now reaching out to the Heavy Duty vehicle manufacturers and suppliers.

The Auto ISAC is not writing any standards, but has written some recommended practices based upon the work done by the other more established ISACS that were put in place by the Department of Homeland Security.

The purpose of the Auto ISAC is to provide a means of rapidly spreading information should any of the members find their security breached as well as rapidly disseminating the fix. So far, incidents have all had to do with attempts to get into back end servers at the OEMS and suppliers and nothing having to do with vehicles. Yet.

A new presentation at TU was a panel on the aftermarket. This was the first time that TU as addressed the aftermarket.

The panel was run by Donny Seyfer of the ASA. Our own Jim Fish was on the panel. It was well attended and I think that for many in the audience, considering how the aftermarket is affected by the advanced technologies was a new experience.

For years, the proposed business cases for autonomous vehicles painted a picture where basically everyone gives up their cars and we Uber all over the place. For the first time, the discussion of likely business cases began to sound realistic.

Vehicles with varying degrees of autonomy, first Level 4 (driver with a steering wheel in a vehicle that is “mostly” autonomous) will arrive sooner and Level 5 (full autonomy; no steering wheel) much later; coexisting with cars that have greater and greater driver assistance capabilities is the most likely business case.

Autonomous cars are going to be very expensive to build and to repair. There will be fewer cars sold, so it’s likely that some of the smaller automakers either get absorbed or go out of business.

Building and repairing will also take a lot longer than today’s cars due to the number of devices that need to be calibrated and aimed. The aiming and calibrating may one day become calibrated, but that will take some time to achieve. The most likely first applications would be for shared riding; like large vans or minibuses, rather than private cars, except for the wealthy.

It is more likely that shared riding will replace the family’s “second car.” In my case, I usually drive to work in the morning with my car parked all day, then drive home. I might take some sort of shared ride if the price point were low enough and accept the restriction on my ability to get up and go whenever I want.

For my wife though, it wouldn’t make sense. She makes many stops during the day, while accumulating goods that she’s been buying. She wouldn’t want to take a shared ride, unload all of her stuff, get a new ride and load her stuff, then go to the next stop. That doesn’t make sense.

The discussions followed this train of thought into how many stakeholders would be affected: sales dealerships, infrastructure, manufacturing and so on.

At the 2017 Telematics Update Detroit, I think that we saw a page turn from a segment of the automotive industry being fueled primarily by hype to one settling down into more realistic expectations.


Message from ETI Executive Manager Greg Potter

As we find ourselves in the summer vacation season ETI is coming off a very successful Summer Tech Week. This year we had highly informative meetings with Ford, GM, FCA and VW/Audi during the week and wrapped it up with a special OEM Appreciation Dinner at beautiful Meadowbrook Hall. The theme this year seemed to be ADAS (Advanced Driver Aid Systems) and vehicle security.

There is no doubt that the repair industry is in for some challenging times with the highly complex vehicles being produced today. Add to that the new focus on cyber security and we are in for a wild ride. Our OEM partners are doing their best to keep us as up to speed as they can but even they are in for the rough ride. Whether you are an independent or a dealership the repair strategies are getting quite difficult and the training will be a big task.

All of this put focus on the importance of good open communications between manufacturers and tool and equipment suppliers to be able to have the information, tools and training necessary to repair and maintain the current and future fleet of vehicles.

ETI continues to work diligently with vehicle manufacturers to find secure and safe ways to be able to diagnose and communicate with their purchaser’s cars and trucks to enable us to provide complete and safe repairs for our mutual customers. We applaud the manufacturers that work with us as they see the importance of a strong and educated aftermarket to complement their own support for the vehicles they have produced.

With Summer Tech Week in our wake we are now focusing on Winter Tech Week to be held this year in Newport Beach California. I am working on plans to meet with many of the OEM’s that participate in that event in the next months to be able to plan a successful follow up to the summer event. Mark your calendar for December 5-7! Looking forward to seeing you there!


Cornerstones of Technology

Cybersecurity is a team sport. Are you on board yet?
Contributed by Bob Chabot

Technology impacts everyone, from businesses through individuals. This includes members of the Equipment and Tool Institute (ETI). Not only are we getting more useful technologies, we’re adopting them at an increasing rate. But the burden and the challenge of safeguarding adopted technology are also growing at an exponential rate, as are the vulnerabilities to attack.

Recently, Hewlett-Packard released a study that conveyed the scope of the challenge security technologists face today. Of all the devices — including automobiles — with mobile applications connected to networks, the Cloud or the Internet of Things (IoT), the study noted:

  • 60% used interfaces were easily vulnerable to a wide range of cyberattacks.
  • 70% lacked security to prevent attackers accessing user accounts.
  • 80% relied on network, cloud or IoT services that were unencrypted.
  • 90% of devices collected personal information vulnerable to cyberattacks.

It’s clear that in our connected world, innovative and aggressive cyberattacks pose a serious threat. It has automakers and everyone downstream pushing toward developing security solutions, even though a complete set of common standards have yet to be established. Similar to that old English idiom, this can seem like “closing the barn door after the horses have bolted.”

But cyberthreats cannot be dismissed or ignored. We should all be thankful that ETI, the SAE, other industry associations and security technologists have teamed-up to develop effective standards and solutions.



Connected cars and the advanced technologies are like an iceberg. While users tend to be focused on what’s above the waterline, security technologists must also consider on what’s immersed, a mass that is much larger, as is its impacts. (Image — Praveen Narayanan/Frost and Sullivan)



Building a Cybersecurity Ecosystem

Over the course of the last decade, there have been multiple successful cyberattacks on vehicles. Automakers and their suppliers were initially slow to respond to, even denying such attacks were even possible, but are now learning how to better, and more quickly, address security holes.

“One of the most important actions automakers have undertaken recently is creating ‘virtualized layers’ by which they secure and stonewall mission critical vehicle systems, software and more,” noted Praveen Narayanan, Research Manager for Connected Cars Automotive and Transportation at Frost and Sullivan.  “Examples include the Extended Vehicle concept that the International Organization for Standardization (ISO) is considering or the Service Vehicle Interface being discussed by the Society of Automotive Engineers (SAE). Both are vast improvements compared to the current porous automobile interfaces that are a quarter century behind the today’s hacking technologies and competencies.”

Did you know that owners of aftermarket service and repair facilities, led by the Automotive Service Association, are actively moving toward learning how to “lock down” their shops from potential cyberattacks? Whether originating from digital resources the shop connects to (e.g. online services provided by firms like yours), employee smartphones, customer vehicles via connected shop diagnostic tools, customers using Wi-Fi networks in waiting rooms, or others, the aim is clear: Shops cannot afford to be the weakest link in the automotive cybersecurity value chain.

 According to Frost and Sullivan, more than 50 vulnerable attack points exist in connected cars. These include back-end security, in-car hacking and remote attacks. The market researcher notes that cybersecurity can range between 3 to 5 percent of total manufacturing costs. These would be difficult to pass on to customers, explaining the slowness of manufacturers to respond with complete solutions. (Image — Praveen Narayanan/Frost and Sullivan)

Preparing for the Cyberthreats of Tomorrow
For ETI, which serves both automakers and service/repair facilities, cybersecurity has also been an area of focus for several years. At ToolTech 2017, for example, Executive manager Greg Potter moderated a panel titled Cybersecurity and the Connected Car, which provided attendees an in-depth technical look at cybersecurity tools and procedures.

To compliment that “down in the weeds” discussion, this article provides an overview of insights gathered from a broad spectrum of cybersecurity experts. The intent: To pass on to you their experience-based insights for your consideration. The technologists included:

  • Bruce Schneier, Chief Technology Officer at IBM Resilient and Special Advisor to IBM Security.
  • Eric Chan, Global Technical Expert for Ricardo Ltd.
  • Andy Rhodes, Vice President of IoT Commercial Solutions, Dell Inc.
  • Craig Smith, Rapid7’s Research Director of Transportation Security
  • Christopher Young, who leads the Intel’s Security Group.
  • Dan Cornell, Chief Technology Officer at the Denim Group.

Schneier: Larger Successful Cyberattacks are Going to Happen
“Security is both a feeling and a reality,” explained Schneier. “You can feel secure even if you’re not, and you can be secure even if you don’t feel it. Unfortunately, as consumers, we respond more readily to the feeling of security created by marketing, quite possible an illusion, rather than the reality of security ensured by pre-launch testing and immediate adequate defenses should successful attack occurs. Until we’re burned.”

“As vehicles and other connected devices come under increasingly software control, they’re becoming more vulnerable to all the attacks we’ve seen before against computers, along with new ones emerging today with the advent of Cloud computing and the IoT. In addition, vulnerabilities on one system can cascade into other systems. Software that might seem benign to software developers of a particular system can become harmful in unforeseen ways when combined with some other system. This can result in a new vulnerability that no one saw coming and no one wants to bear responsibility for fixing.”

“As the IoT grows, exploitable vulnerabilities will increase and associated cyberattacks become more common. If 100 systems are all interacting with each other [think automobile], then 5,000 potential vulnerabilities need to be secured. If 300 systems involved [think connected cars], then 45,000 potential vulnerabilities need to be secured. Scaled up to 1,000 systems [think intelligent transportation system], 12.5 million interactions would need to be secured. Most of them will be benign or uninteresting, but some of them could be very damaging. Now factor in that up to 80 percent of connected devices, including automobiles, on the IoT today do not have the security measures they need to protect us. That’s a lot of security prevention, defending and patching to do to catch up. And, it’s a never-ending quest.”

Smith: With the Cyber Landscape Wide Open, There’s a Lot to Defend
“Attackers only have to be right once, whereas defenders have to be right all the time,” noted Smith. “That doesn’t mean hacking is easy, but it does show how enormous the task of defending is for the automotive industry. For instance, electronic diagnostic tools trust that a car is a car, but are a soft target.

“Expect complex encryption protocols to become a primary defense mechanism, as vehicles become more software-defined with the advent of telematics, advanced safety systems, connected transportation and ultimately, autonomous driving. Connected cars today typically have around 100 million lines of software code embedded. Connected, self-driving cars in the next decade will have more than 500 million lines of code. There a lot of exposure to defend, much of it with a legacy of little or no security in the past.”

“One of the biggest worries facing cybersecurity companies is the security and privacy issue associated with IoT connected devices. Every wave of connected devices — whether you’re talking about cars, tools or smartphones — blurs the line between hardware and software. This bridge lets you exit the Matrix and directly affect real, physical things. Rapid7 helps provide security professionals with the resources they need to test and ensure the safety of their products, no matter what side of the virtual divide they are on. For example, Rapid7’s Metasploit Security Kit enables cybersecurity professionals and researchers to conduct penetration testing of both hardware and software for IoT devices — hardware as well as software. Until now, multiple tools needed to be built to do this, but Metasploit condensed a slew of independent software exploits and tools into one framework that allows professionals to find vulnerabilities using just a single tool in far less time.”

 Rhodes: Cloud Security and IoT Security Differ
“Security for cloud computing has been around for a long time and there are lots of good security tools, permission protocols and other strong practices to manage both users and cloud applications,” advised Rhodes. “Typically human users are involved with Cloud security measures, being asked to click ‘OK’ for an update. One might think that as long as a Cloud system utilized by the IoT device is secure, then all is well, but that just isn’t the case.”

“The IoT is more complex than Cloud computing; hence cybersecurity is also more complex. The IoT connects many more diverse devices, operating systems and protocols, which makes it harder to consolidate and standardize as companies grow and products change. Another difference is human interaction is more limited. In fact, users may not be involved at all when updates are made. That leads to the need for increasing device-to-device cybersecurity.”

“Just because the IT crew has the ecosystem covered on the cloud doesn’t mean the devices and sensors connected on the IoT are secure. To make the IoT ecosystem more secure, engineers and IT professionals need to demolish their silos, learn from and collaborate with one another. Security must be in place across the whole spectrum — on the device, on the cloud and on the IoT network — because data can flow many ways. For instance, unsecured vehicle sensors connected to the IoT are an exploitable attack vector.”

 Chan: Cybersecurity Doesn’t End at Prevention
“The need to provide cybersecurity for the vehicles we own and operate is a crucial and growing imperative,” asserted Chan. “Connecting everything together risks a compromised system being used as a gateway to others, placing confidential personal information and potentially valuable data at risk of being accessed by any other device connected to the same network, whether full-time or occasionally.”

“Cybersecurity is an ongoing war of attrition against constantly innovating criminals who will have access to new data and tools over the life of any vehicle. Examples include, but aren’t limited to, radio amplification attacks to spoof keyless entry systems, taking control of key encryption (including remotely), using pirated software and exploiting vulnerabilities in security software systems (like a human-written software code that has a typo). Besides vehicle theft, other criminal motivations for hacking include lifting personal information from payment systems, accessing data from onboard sensors, taking control over vehicle functions, and using the vehicle as a compromised gateway into other connected systems for ransomware attacks.”

“That’s why cybersecurity in my view must be resilient, ongoing and dynamic — we can’t stand still when lives and property are at risk. Besides initial preventive mechanisms during the design phase, cybersecurity must include immediate detection and defensive measures, followed by development of longer term technical responses learned from penetration testing and real world experiences, which can then be integrated into prevention. This represents a major challenge for automotive OEMs to transition from their legacy, often proprietary, vehicle architectures and development processes toward taking into account these new requirements and realities.”

Young: Cybersecurity is a High-Stakes “Cat and Mouse” Game
“Despite technology taking ever-progressive steps into the future, cybercrime has rapidly evolved,” stated Young. “With the rise in connected devices, a new landscape of attack vectors has opened up for hackers. For example, ransomware has transitioned from being just a variant of malware to being an entire category of profitable attacks in itself. The Cloud has opened the door for ransomware attacks to many more lucrative targets, but the IoT has grown those opportunities exponentially.”

“In May and June alone, the WannaCry ransomware attack — a software exploit ironically developed by the National Security Agency that can be used against many versions of Microsoft Windows operating system — stuck many businesses, including automakers. For example, Honda, Renault and Nissan had to temporarily shut down vehicle production lines at plants in Japan, Britain, France, Romania and India. But ransomware and other attacks can be aimed at individuals too. Just imagine you, or your customer, driving your connected computer-on-wheels and getting a pop-up that says ‘If you pay me $300, I’ll let you drive to work today.” And it could be worse. Much worse.”

“With the average cyberattack costing larger enterprises over $600,000 each, developing an adequate ‘hack response’ in the U.S. and nations across the world is essential. But we have a notable skills shortage in cybersecurity. Government, educators and the industry need to get involved in helping to attract and train cybersecurity talent so that we can attract the men and women needed to deal with the growing issues over the long term.”

Cornell: Cyberattacks Have Exposed Deficits in Computer Science Education
“When it comes to confidentiality, integrity and availability, end users have reasonable expectations about how data is going to be treated. Software developers (aka coders) and other security technologists need to address these expectations, which include: Do I have access to my data? Who else has access to my data? Who can modify my data? If you think about applications that manage, manipulate and move data, it’s software. If you want to provide or access automobile service information, if you want to order or supply parts online, if you want to utilize or offer remote diagnostic services — it’s all software.”

“But real world cybersecurity issues have exposed hidden gaps in computer science education: (1) University programs and coding academies treat security as a separate or special concern, rather than a fundamental responsibility all coders building new technologies should have; and (2) Neither professors nor their students adequately understand the context and needs of any specific industry needs them to have. Combined, they make developing automotive industry-ready cybersecurity solutions problematic.”

“We need to change the way we build coders. Traditionally, coders have been taught to ask themselves, ‘What should my software do?’ We need to flip the education landscape by installing an adversarial mindset and injecting responsibility into those who teach, as well as those who write software, by requiring them to ask instead, ‘What shouldn’t my code be doing?’

The industry and its consumers have a right to expect a reasonable answer to ‘What have you done to ensure the coding for this technology only does what it’s supposed to do?” That has to be baked in from the start; it’s not as effective when bolted on afterwards. In addition, we must teach coders how to design resilient systems that prevent end user mistakes seamlessly. If we can do all that, we can start building a more secure future.”

I see cybersecurity evolving “cyber resiliency,” a continual dynamic process or loop intended to keep pace with hackers find new ways and new technologies to attack over time. Beyond prevention built in at initial design, breaches must be capable of in-the-moment detection and reaction (such as an over-the air software patch that immediately places vehicles in a “safe operating mode.” Once the immediate danger has been handled, the attacked entity can develop a longer-term in-depth response (enhanced prevention measures), which after thorough testing can be integrated into the prevention suite. (Image — ManicMedia LLC)

Takeaways That Impact Matter
At the dawn of my interest in cybersecurity, one of the first security experts I listened to was Amy Zegart, at that time the Co-director of Stanford University’s Center for International Security and Cooperation. One statement she made back then lingered: “The cyber threats of tomorrow won’t just make our information and data unsafe, they could make our physical world unsafe by disabling the cars we drive, knocking out power to our networks, shutting down traffic infrastructure, disrupting production and much more.”

That statement sparked my interest in cybersecurity and spurred me attend both mainstream gatherings, such as TEDx Talks, the International Consumer Electronics Show, as well as more unconventional events, such as various Defcon Hacking Conferences. My hope is that what the experts shared above does the same for you. Moreso, I hope it stokes you with takeaways and the motivation to take action now.

In closing, let me share two takeaways I garnered and am carrying forward:

  • It’s no longer just about cybersecurity to me anymore. It’s broader and more holistic than that. It’s about building “Cyber Resiliency,” a dynamic, continual loop, as illustrated in the circular image above.
  • Cyber Resiliency is a team sport. We must rely on and trust experts like those above to build cyber resilient solutions. Those experts may well include some ETI members.

But at the end of the day, the real challenge boils down to the experts and the industry making cyber resiliency work seamlessly for end users, who shouldn’t have to be experts to make security technology work. Can you help make that happen?

Paradoxes and Paradigms

Contributed by Bob Chabot

What are your takeaways from ToolTech 2017?
“Business as usual for aftermarket scan tool manufacturers is changing rapidly,” stated Greg Potter, ETI Executive Manager, at the opening session of ToolTech 2017. In the last session, Potter noted, ““The automobile is the ultimate electronic today. Keeping pace with the game changers will be an ongoing focus for ETI.”

In between these two bookend remarks, attendees were presented with a number of inbound technologies and collaborations — some paradoxes about to disrupt our business world; others paradigm shifts already in the process of doing just that. On my way home from New Orleans, I found myself trying to percolate, from all I’d heard, the key takeaways I need to act on. No doubt, you have your own, but these are my top four.

The 30+ year old OBD-II port has moved beyond its originally designed intent as a port to check emissions and is now a potential gateway for vehicle security breaches. Standards organizations are considering ways to harden or replace it. (Image — SAE International)

Global Standards: It’s All About the Pace … About the Pace … About the Pace
“Diagnosing the electrical computer systems on today’s vehicles is essential for nearly every service and repair,” Potter noted. “Providing aftermarket companies the ability to create their own diagnostic software is important part of our industry, because the aftermarket has created some of best diagnostic software available in the industry. But due to security concerns, the ability to reverse engineer will become more and more difficult, if not impossible, using current methods.”

The is SAE and the ISO were working closely together toward harmonizing standards. Given the rapid and accelerating changes in today’s interconnected world, I was most pleased to learn more about that. After all, globalization of the automobile industry is meaningless if you don’t have international standards.

We’ve lived in an era of business models in which “Made in China” or “Made in the U.S.A.” mattered. But today, an automobile sold in America could have been designed in France, from parts and components manufactured in Mexico and Austria, and assembled in Japan. “Made in the World” is the new mantra, powered by global standards.

As we have become interdependent, global value chains have emerged. Production has become more fragmented and dispersed. Bits and pieces of products are produced in several countries, across several firms, before they come together as a final product for the consumers. The ability to show compliance with global standards, regu­lations and other requirements may well become the most significant hurdle for companies, including ETI members, wanting to participate in those value chains.

Keep in mind that whatever standardized and unified process for secure authorized access to vehicle data by legitimate stakeholders prevails, it’s going to change the way we do business. Examples include work on a new Data Link Connector to replace the 30-year old underdash OBD port, as well as new vehicle interfaces, such as the Extended Vehicle concept or Secure Vehicle Interface

Until now, education institutions have not made cybersecurity an integral part of computing education for software developers. That is a gap that needs to be addressed.  (Image — Ericsson)

Cybersecurity Adapts to Shifting Tectonics
Speaking of keeping pace, we heard much about cybersecurity. No doubt, we will hear much more downstream from here. It’s like all of us are beginning to accept the need to get in step with prevention, detection, timely reaction, longer-term responses, and the integration of effective counter measures garnered from experiences.

As an aside, we automotive folks aren’t the only ones becoming more security-conscious. During ToolTech 2017, my business associate was at the Department of Homeland Security’s National Emergency Management Institute, run by FEMA, in Emmitsburg MD. The first case study was a massive cyberattack on a city — a new focus in FEMA’s training. The discussion included potential impacts on emergency vehicles, traffic, communications and cybersecurity. Of note, FEMA detailed the role that improved security will play in connected cars, automated driving and intelligent transportation systems will play. Sound familiar?

It is no surprise that our automotive industry is becoming increasingly software dependent, and ever more vulnerable each passing day as the Cloud and Internet of Things expose us to more benefits and threats. Just as our physical landscape changes as the tectonic plates beneath us move, the cybersecurity landscape is constantly shifting. It was refreshing to learn how aftermarket companies Bosch and Argus Security resolved simultaneous cyberattacks of Bosch’s underdash dongle and associated phone app — both products that have already been purchased by consumers. The aftermarket companies’ immediate, real time and effective response was a stark contrast to how slowly automakers have reacted to past security breaches of their vehicles.

But several concerns about the foundation underlying cybersecurity bother me — two pertaining to education, another regarding our own behavior:

  • I wasn’t aware that the general university education of software developers rarely, if ever, involves cybersecurity. Were you?
  • Learning that professors and instructors, not just their charges, have little understanding about our specific industry needs bothered me.
  • Finally, blind trust alarms me. In talking with many attendees, I sensed some of us have: (1) The impression cybersecuirty measures will eliminate future cyberthreats; and (2) A naivety that we can trust our software vendors to “get security right” for us.

If software is our lifeblood, as many of speakers at ToolTech 2017 alluded to, then “active” cybersecurity education and implementation are essential to its operation and safety. Coders need a solid grounding in cybersecurity integrated into their education. Security cannot continue to be an afterthought.

Nor can educators be allowed to continue taking the easy way out. Just as the service/repair segment needs industry-ready technicians, our industry needs industry-ready coders — skilled in being both software developers and cyber warriors. Instructors and their institutions need to deliver graduates familiar with our concerns. Case studies specific to the auto industry would be one way to facilitate this. But if we don’t push for the changes we need, who will?

Finally, trust needs to be earned. Cybersecurity — whatever the measures — is not infallible. And the successful attacks that seem to be reported in the media day after day show the security our software providers implement isn’t either. Hacking is a fast evolving art, and those in that community have a relentless passion to succeed that, frankly, has outpaced most of us.

So I admire the work of aftermarket companies, such as Rapid7 and others we heard from during ToolTech 2017. They have the competitive passion and track records of success on par with hackers. Consider this example.  Until now, multiple tools needed to be built to hack different devices and software. Rapid7’s Metasploit Security Kit condensed a slew of these independent software exploits and tools into one framework that allows security professionals in firms like our’s to find vulnerabilities in different IoT devices and software using just a single hacking tool in far less time. It’s akin to empowering us to hack the hackers.

We’re fortunate that ETI not only takes cybersecurity seriously, but that it also puts the firms and the expertise of security technologists in front us. That allows us to be more proactive, by being actively addressing security within our own companies, before a cyberattack smacks us.

Data, software and connectivity have driven the evolution of vehicle diagnostics — from being solely an in-shop activity, to utilizing mobile diagnostic experts for troublesome vehicles, to relying of remote diagnostic services that provide an “instant’ all-makes, all-models service model. What’s next?  (Image — Blockchain Technologies)

Culture Shock: Remote Diagnostic Services
Do you remember the “Six Degrees of Separation” paradigm? It’s the idea that everything in the world is a six or fewer step away from each other. May I suggest that for all of us, hackers are closer than that? So is it any wonder automakers are circling their (security) wagons, and trying to limit access to vehicle data by anybody to only those certified to be more trustable?

Consider “remote diagnostics,” a recent emerging trend for enhanced diagnostics and reprogramming. The growing volume of vehicle data can be overwhelming for many aftermarket service/repair facilities — a prime customer group for many ETI members. In the early days of the data explosion, shop owners who found themselves overwhelmed, but still wanting to service most, if not all makes, began relying on third party information providers and mobile expert diagnosticians, who brought OE scan tools and expertise to the shop.

But as data and technology becomes more complex and pervasive, there comes a point that even a single expert mobile tech struggle to keep pace. That has opened the door for remote diagnostic services — which include Farsight, and other ETI members. What sets remote diagnostics providers apart from mobile diagnosticians is this: They’ve built more trusted relationships with automakers by licensing the use of data, hiring expert technicians, and providing continuing education and training — all of which is OE-specific, not generic, in nature.

Aftermarket training today can be an expensive, albeit haphazard exercise, but it needs a reasonable return on investment. It’s a challenge to determine what training to take at a venue that is based typically on just a one paragraph description. In addition, attending an aftermarket training event and walking away with only a few ah-has is not cost-effective.

In the face of accelerating technology, that’s not closing the service gap. Fortunately, remote diagnostic services now provide aftermarket shops with a viable alternative. A shop can efficiently focus its training investment on the brands it regularly services, while relying on remote diagnostic services for the brands it doesn’t.

‘Remote diagnostic services are a culture shock to the industry, and especially the aftermarket,” explained Kevin Fitzpatrick, Farsight’s CEO. “Our business proposition is quite simple: Our goal is to bring a higher level of support for every make and model sold in the U.S. We believe every shop should be able to fix every vehicle. To do that, we help bring shops up to speed and keep them service–ready to manage emerging technologies and confidently service all vehicle brands.”

“Essentially, we take their apprehension away and help technicians improve their productivity. Compared to mobile diagnostic technicians who, once they leave a shop, may take a day or more to return if their suggested fix didn’t work, our unlimited support is just a phone button push away. In addition, we can work directly with a technician diagnosing one vehicle, while remotely reprogramming another vehicle for him.”

General Motors is an example of an OEM that does make “as-built” data available in written form (left). The automaker offers more than 3,300 distinct Regular Production Options, each requiring its own decoding protocol. RPOs can typically be found on a sticker in a vehicle’s trunk. Unlike some automakers, GM ‘as built’ data is available and accessible via a scan tool, making diagnosis and service vehicle-specific. (Images — General Motors)

Force for Good: Technology Can Empower Better Vehicle Service
“In the midst of accelerating technology explosion, technicians are not only under extreme pressure, they also face intense customer expectations,” advised Mohan Sethi, Business Development Manager for MAHLE Service Solutions. “New emerging technologies are coming, which automakers, as well as the equipment and tool segment, are going to have to work with. In particular, through organizations such as ETI, MAHLE is focused on ‘How do we help get technicians service-ready with the competencies necessary to work on them?’ ”

“We’ve adopted an approach that automates some of the basic tests technicians perform on vehicles repeatedly,” Sethi continued. “Examples include our scan tool that can read all modules for nearly all vehicles in under 30 seconds, and our R-1234yf machines that can perform 45-minute leak tests remotely. Both free up a technician’s time up to do other things, making them more productive, which is a win for the tech and the shop.”

MAHLE has also created the technology that literally creates wiring diagrams ‘on the fly,’ and is actively developing it. Rather than provide technicians with a generic model wiring diagram that may be close, but not exact, why not provide them with a more accurate VIN-specific ‘as built’ wiring map? Both of these innovations eliminate needless errors, which shows that technology can be our friend if we leverage it properly.”

“Details matter when it comes to diagnosing and service a customer’s vehicle. With technology today, service information can now be vehicle- rather than model-specific. For instance, today almost every vehicle’s VIN represents a unique build — a set of data distinct from other variants in that model line or built on crossbrand multivehicle platforms. It’s close, but it’s the vehicle-specific ‘broadcast’ file (also known as ‘as built’ data) that provides the exact and complete information for each vehicle a technician needs.”

‘As built’ data details trim levels, engine specs, infotainment packages, brake system type, and other parameters via a scan tool facilitates, which can be key to resolving driveability and other difficult issues. In addition, an automaker may change the model year for the VIN, but not actually change the vehicle until midyear. Consequently, the VIN will not necessarily reflect the exact vehicle content, but the ‘as built’ file will.

Traditionally, automakers typically encode ‘as built’ data, so it’s not easily readable. In addition, each automaker also employs its own decode strategy to read and interpret the compact build information. These proprietary practices have challenged aftermarket tool and equipment manufacturers, and limited vehicle serviceability for everyone downstream from the assembly line — facilities, technicians and vehicle owners.

“Fortunately, automakers have been trending toward making ‘as built’ data more usable,” Sethi noted. “It’s now possible for scan tools to access ‘as built’ data, so that technicians get information specific to the actual vehicle being serviced, not some close approximation. That makes diagnosing and servicing customers’ vehicles more efficient.”

“The times, they are a changin’.” Bob Dylan’s words were correct back then. They’re just as true today, when Potter suggested likewise. So let me ask you: What takeaways did you harvest from ToolTech 2017?

Cybersecurity Starts With You

It’s your choice: Take cybersecurity seriously or be the weakest link
Contributed by Bob Chabot

The automotive landscape is constantly changing. So when I first heard the word “cybersecurity,” I got this sense of “dejà vu.” It felt like yet another inbound wave of technological change. Possible a tsunami.

It harkened me back to an earlier time this automotive industry. Think of it as Automotive Industry Version 1.0, where technology was more nuts and bolts than bits and bytes. Greasier, yes, but much simpler, although that doesn’t mean better.  (Image — Intel)

There were no computers to deal with in Version 1.0 back then. No Web. No mobile. No telematics. No connectivity. No Cloud. No remote diagnostics. No augmented reality. No ADAS. No over-the-air (OTA) vehicle software updates. No Internet of Things (IoT). No such concept as Intelligent Transportation Systems. No cybersecurity, nor hacking, its evil brother.  My oh my, how times — and technology — have changed.

Connected vehicles alone have multiple entry points prone to a cyberattack. (Image — Frost and Sullivan)

When Paradigms Shift, We Must Transcend Ignorance and Fears
Sometimes, it’s the realization of what we don’t know that spurs us to grow. For example, I am reminded of my very first meeting with the Equipment and Tool Institute, which longtime friend Charlie Gorman invited me to years ago. Let me share how my ignorance was confronted by y’all — members of the Equipment and Tool Institute.

Coming from the aftermarket service and repair segment of the industry, I was quite certain I was conversant with scan tools. And I was — until Day 1 of that first Summer Tech Week gathering — when I sat in on the Scan Tool Group meeting. In just minutes, I was gob-smacked by: (1) How much I didn’t understood; (2) How little I actually knew about scan tools technology; and (2) How false the beliefs and biases that comprised my gospel really were.

Granted, all I really need to know as a scan tool user was how to operate them, because ETI members took care of the rest. But I resolved then and there to learn and grow with the emerging technologies, especially through the opportunities ETI meetings provided attendees.

There are many ways to better buttress a vehicle against cyberattacks,” shared Frost and Sullivan Research manager Praveen Narayanan. “One of the most important action item for OEMs currently is to create “virtualized layers” by which they can secure and stonewall mission critical vehicle systems. (Image — Frost and Sullivan)

Cybersecurity has a Dejà Vu Aura
Neither you nor I know what we don’t know. Yet cybersecurity is just the latest iteration of technology — like scan tools, J2534, connectivity, the Cloud, Internet of Thins (IoT) and others before it — that ETI members have to understand, assimilate and deal with. After all, it is our responsibility is to adapt, manage and harness technological change on behalf of the automakers and aftermarket customers we serve.

In our increasingly connected world, cybersecurity has become a huge concern … dwarfed only by the lack of cybersecurity. Consider this:

  • Frost and Sullivan (F&S) recently projected a ramping up of automotive cyberattacks. “We can expect the number of hackers to grow to more than 150,000 globally by 2018, and geometrically thereafter,” stated Praveen Narayanan, a F&S Research Manager. “In addition, the number of connected vehicles in operation will increase to more than 220 million over the same timeframe. This creates an increased threat of significant automotive cyberattacks.”
  • The recent Automotive Cybersecurity Study,conducted by the Ponemon Institute concluded: “Only 54 percent of automakers and suppliers surveyed agreed that security is a priority for their company. Not only is the automotive industry struggling for security solutions, nearly half of it is blissfully stagnant.”

Juxtapose the two and it looks like the industry is between a rock and a hard place. It is not the time to “go ostrich.”

The Cybersecurity and the Connected Car Panel at ToolTech 2017 in New Orleans, hosted by Executive Manager Greg Potter, introduced attendees to many of the technical considerations cybersecurity entails. The complete presentations by the guest experts can be viewed on the ETI website. (Image — ETI)

ETI Puts Cybersecurity Front and Center at ToolTech 2017 and Beyond
As ETI members, we’re more attuned to the innards of technology than most folks. In general, we readily recognize the need for, and benefits of, technological evolution. But I have to ask: Are there any amongst us (or our customers) who doesn’t know what a pain-in-the-ass cybersecurity can be? It can be confusing. Daunting. Even overwhelming. Been there and done that?

That’s why ETI events are so valuable — they open our eyes and show us the way forward. At ToolTech 2017, ETI Executive Manager Greg Potter moderated a panel titled Cybersecurity and the Connected Car, which provided attendees with in-depth technical knowledge pertaining to cybersecurity safeguards and protocols.

“The automobile is the ultimate electronic today,” he noted. “Business as usual is going to go away. We need to be more than just aware of cybersecurity, we must prepare on behalf of our customers who build and fix vehicles. And we must also keep pace, so cybersecurity will be an ongoing focus for ETI.”

The security technologists serving on the panel included:

  • Panelist Bill Leisenring, Founder of Control-Tec, a Delphi Automotive company.
  • Panelist Dr. William Whyte, Chief Scientist, Onboard Security Inc.
  • Panelist Tim Weisenberger, Project Manager, Technical Programs, Ground Vehicle Standards, The Society of Automotive Engineers (SAE).
  • Panelist Bob Stewart, GM – Customer Care and Aftersales, GM’s connected car overview

A brief summary of what each expert shared follows below. Together, they provided the beginning of a toolbox that attendees can leverage to move toward improved cybersecurity.

In addition to other benefits, Control-Tec’s edge computing solution integrates with Delphi’s Connected Vehicle Platform and other business units (Movimento and otonomo_ to help OEMs monetize and maximize the value of information from connected vehicles for the 3rd party data market. (Image — Delphi Automotive)

 How do we Decongest Huge Volumes of Data?
“Today’s complex transportation systems require high speed, real-time data analysis to deliver meaningful and timely insights,” advised Leisenring. “But the Cloud, IoT, connected vehicles, ADAS, automated driving and other technologies all create enormous volumes of data, which can create congestion, or worse, data paralysis.”

“As a global provider of telematics and analytics solutions to the transportation industry, together with other Delphi partners, our solutions combines comprehensive data acquisition methods with a powerful edge and cloud computing architecture for fleet management, product development, connected vehicle and data exchange applications. Specifically, it allows us to reduce what could otherwise be overwhelming and slowing data payloads, by parsing out superfluous data and only sending what’s relevant when it’s needed.

“By delivering needles, instead of the entire data haystack, we avoid data paralysis. This enables us to provide automakers with the speed, flexibility, reliability, cost savings and collaboration needed to successfully develop today’s software centric systems and machines. For example, the robust data solutions we’ve developed for powertrain, vehicle, and electrical system domains afford our clients the ability to avoid warranty cost, improve product quality, enhance customer experience and optimize an increasingly connected portfolio.”

Public Key Infrastructure (PKI) digital certificates facilitate the verified and authorized secure transfer of data between networked devices and/or individuals. Think of them as an electronic license with properties similar to your driver’s license. (Image —Security Innovation)

Trusted Computing Creates a “Harder-to-Hack” Automobile  “The Cloud and the IoT are transforming transportation,” noted Whyte. “As the volume of data and the number of connected vehicle and other devices grows, so does the number of opportunities to hack those devices, and subsequently alter the data. With a growing number of both targets and attacks, we must put multifaceted protective cyber-security solutions in place. To prepare for this, the security industry recently moved to a set of technologies and services for managing the encryption and authentication of connected systems, known as Public Key Infrastructure (PKI).”

“Security Innovation is a leading provider to the Vehicle-to-Vehicle (V2V) security, trusted computing and advanced cryptography markets,” Whyte shared.  During his presentation, he provided a technical description PKI and its protocols, mechanisms and other measures used to build trusted computing architectures. Like people use personal ID cards, such as a driver’s license or passport, to prove their legitimate identity, PKIs use digital certificates [think virtual ID card] to authorize trust and legitimacy in the electronic connected world. “These digital certificates provide a well-understood and harder-to-hack solution for distributed identity management in a connected world.”

“Digital certificates can be issued to people as well as computers, software packages, devices or anything else needing proof of identity. Certificates are issued by a trusted authority and contain appropriate permissions. They allow holders to prove they have rights to access data or particular resource, request a particular activity, or send particular information. They can also be issued in advance, be used off-line, and can also include expiration timeframes and protocols that enable the removal of bad actors or denial of access by entities whose authorizations have expired.”

Certificates represent the state-of-the-art and of the most secure means to electronically transfer data. Issued by a certificate authority (CA), a common trusted entity, they contain permissions (electronic keys), attributes and identifiers. The holder of the certificate uses the public key to request access, which after verification, can be granted only by the entity holding the associated private key. (Image — ETI)

SAE is Doing Far More Than Just Developing Cybersecurity Standards
“The SAE Vehicle Cybersecurity Systems Engineering Committee was tasked to build the J3061 standard that would serve as the foundation for automotive cybersecurity,” explained Weisenberger. “Recently, SAE published the world’s first automotive security standard. The J3061 Cybersecurity Guidebook for Cyber-Physical Automotive Systems, which describes a risk-based, process-driven approach to address the cybersecurity threats the automotive environment, is experiencing.”

“J3061 has quickly become a ‘go-to’ resource for many other SAE Committees in different discipline areas. Examples include the On-Road Automated Driving Committee (which is conducting a security gap analysis; the Vehicle Electrical and Electronics Diagnostics Committee (which is looking at OBD security and dongle security); the Dedicated Short Range Communications Committee (which is tackling security issues in DSRC communications); the Truck and Bus Controls and Communications Network Committee (tasked with developing and maintaining the J1939 family of standards that ensure CAN device interoperability for this vehicle segment); and New Data Link Connector Vehicle Security Committee (which is tasked with securing communications with any off-board device for vehicles).”

“J3061 provides guidance on how to integrate best practices for building security into the product development lifecycle, establishes desired relationships between cyber security and safety, and establishes a foundation for further security standards development. The standard features three subdocuments that are ongoing works-in-progress: J3061-1 Automotive Cyber security Integrity Levels addresses the development of an objective cyber security classification scheme; J3061-2 Security Testing Methods document provides a detailed breakdown of currently available software and hardware security testing methods; and J3061-3 Security Testing Tools serves as an agnostic list of manufacturers of security related tools and their capabilities. Working in conjunction with J3061 is another SAE Standard, J3101 Requirements for Hardware-Protected Security for Ground Vehicle Applications. It defines a common set of requirements for security to be implemented in hardware for ground vehicles to facilitate security enhanced applications and hardware protection for ground vehicle applications.”

“SAE is also involved in a number of active collaborations with other organization that are already showing good results. For instance:

  • SAE is working with industry participants through its New Data Link Connector Vehicle Security Committee to develop J3138 Guidance for Securing the Data Link Connector (DLC). Aimed at securing the vehicle interface (both hardware and software), the Committee is preparing an overview of activities and initiatives elsewhere that could be incorporated into future SAE Standards, and potentially joint standards with ISO, which secure vehicle interfaces from current and future cyber security risks. Examples include the ISO Extended Vehicle methodology (Eve), ISO Vehicle Station Gateway (VSG) and ISO Secure Vehicle Interface (SVI).
  • SAE has convened and hosted industry workshops — attended by automakers, suppliers, other OEMs, industry associations, and government regulators and agencies — to identify issues, industry needs, and develop a modern approach to OBD-II security, which may be a whole new standard.
  • SAE and the International Organization for Standardization (ISO) recently approved Partner Standards Development Organization (PSDO) agreement that created a Joint Working Group to house experts from both organizations to work together and drive cooperation toward developing harmonized, international, joint SAE-ISO standards. The group has already developed processes, procedures and rules to as the template for all future joint work items, and is now poised to begin the technical work of developing joint standards.
  • SAE is also engaged with the National Institute of Standards and Technology (NIST) on a limited pilot project. Its aim is to test the effectiveness of security methods and tools applied (at an automotive supplier or OEM) using NIST’s Cyber-Physical System Framework and Federated Test Bed Software testing suite.”

The SAE and ISO have formed a joint working group intended to house experts from both organizations to work together to develop an international, joint SAE-ISO standards. Already, the collaboration has identified four candidates for harmonized standards. These include Wireless Power Transfer, Vehicle-to-Grid Interoperability, Vehicle Automation Levels and Cyber security. (Image — SAE)

GM Puts Cybersecurity to Work in a Real World Application

“From a connected car perspective, General Motors is transitioning from OnStar, its past focus for the past 20 years, to a broader and more secure concept called the Global Connected Customer Experience (GCCX). There are four pillars to GCCX: (1) The traditional OnStar legacy of easily connected customers to GM; (2) Bringing your digital life to your vehicle; (3) Expanding urban mobility, in particular the vehicle maintenance process; and (4) Enhancing the customer experience, from transactions to relationships.”

“GCCX will provide its 12 million customers worldwide with an expanded range of amenities and benefits, thru its familiar 3-button interface, through which more and 1,5 billion transactions have been logged. These include driving tips and assistance, potential insurance discounts, and ‘At You Service,’ an IBM-enabled cognitive service. For instance, if you’re running low on fuel and there’s heavy traffic ahead, this service will help reroute you more efficiently to reach a gas station; it will even allow you to pay for fuel via your dashboard.”

“In addition, GCCX will continue the vehicle maintenance notifications and diagnostic emails provided by OnStar in the past, but also begin providing proactive vehicle notices (e.g. diagnostic trouble codes and what they mean) and prognostic health checks (initially, remaining oil service life, as well as battery and starter health). These will help customers stay one step ahead of maintenance issues. In addition, it will allow them to schedule required maintenance more conveniently and with less intrusion into their time.”

Follow ETI’s Lead: Be Proactive
ETI members are the common link between automakers and the service/repair facilities that vehicle owners use. Inadequate — sometimes no — cybersecurity has exposed vulnerabilities in many automotive businesses that have, or can be exploited via cyberattacks — whether the business realizes it or not, or when they occur.

So engage in ETI’s ongoing efforts to educate and provide cybersecurity resources that matter. Don’t wait for a devastating electronic tsunami to be your reason for action.

R2R Finds Common Ground

Right-to-repair perspectives are closer than ever before
Contributed by Bob Chabot, ManicMedia LLC

In the earliest days of right-to-repair, cooperation was nearly nonexistent with several vehicle manufacturers when it came ensuring there was parity between dealership and independent facilities pertaining to the serviceability of vehicles. Well before the recent National Memorandum of Understanding (MOU) …  Heck, way, way back, even before the advent of the National Automotive Service Task Force, the involvement of standards entities, regulators and lawmakers, awareness by consumer advocates, let alone vehicle owners even knowing the potential serviceability of their vehicles might be compromised from the get-go by their choice or repairer …  There was a voice of reason calling for meaningful collaboration — the Equipment and Tool Institute (ETI).

From then until now, ETI has used its close relationship with both automakers and the aftermarket to encourage and foster the respectful exchange of service information, diagnostic data and other resources between OEMs and the independent aftermarket. ETI began hosting Tech Weeks 4 decades ago with a dialogue focused on bridging gaps to ensure that consumers —the automobile industry’s customers — could be assured of equal, competent and complete service/repair, whether they chose an aftermarket shop or dealership for it to be done.

In the years since, that dialogue has endured. ETI has continued its quest of working cooperatively with automakers, the aftermarket and others. As vehicle technology evolved and became more sophisticated, R2R issues transitioned to more complex considerations — namely “Who Owns the Data?” to “Who Owns the Software?” to “Who Owns Access to Vehicles?”

ETI has fostered collaborative solutions throughout. At ToolTech 2017, the success of those efforts were on display, as a succession of panels, comprised of automakers, aftermarket, heavy-duty and national account representatives, each shared their perspectives on R2R. Of note, differences like those of the past were dwarfed by the common ground the industry has collectively built.

Let’s take a look at the ToolTech 2017 R2R panels.

The National Memorandum of Understanding (MOU), according to ETI President Brian Herron, requires manufacturers of model year 2018 vehicles to meet the following requirements:

  • OEM diagnostic systems be made available to anyone for a reasonable price, at the same ‘content level’ dealerships have, using a “Pass-Thru” interface such as J2534, RP1210, or ISO22900.
  • Scan tool data be made available via a license.
  • Pass-through reprogramming must also be made available through a standardized interface,
  • Vehicle immobilizer programming must also be made available. Herron noted this security-sensitive information might be made available through a third party, such as the National Automotive Service Task Force (NASTF).

Aftermarket Association Recognizes Progress and Shares Concerns
First up was an Aftermarket speaker session hosted by ETI Past President Ben Johnson and featuring Aaron Lowe, Senior Vice President of Regulatory and Government Affairs, Auto Care Association.

“ETI has worked very closely with the Auto Care Association and other automotive associations (ASA, AASA) on telematics and other key issues in the past,” explained Lowe. “We are at a critical stage in the implementation for R2R this year. Beginning with MY2018, vehicle manufacturers will need to meet a number of requirements in order to comply with the National Memorandum of Understanding (MoU).”

“In February, the Auto Care Association sent a letter to all of the OEMs that had signed the MOU asking what their present level of compliance was and would they be fully compliant with legislation.  Many of the light-duty OEMs that responded have fully complied with the MOU, but we are concerned about the status of the others who have not. It also appears that heavy-duty OEMs are beginning to understand they have to as well, although most are still behind in complying.”

“Currently, there are several issues of concern to the aftermarket on the light-duty side,” he continued. “One is the lack of VIN-specific ‘as built’ data and adequate service and programming information for advanced driver-assistance systems (ADAS) in vehicles already being sold. Both are critical to providing a complete and efficient service/repair.”

“Cybersecurity is the other issue. It’s now everybody’s business, so automakers and the aftermarket must work together if customers are going to be as fully protected as possible. Automakers will begin keeping their software for MY2018 vehicles on cloud-based servers, which will be available for the aftermarket to download on a subscription basis to standardized and securitized vehicle communication interfaces, a contentious issue in itself that global standards organizations have yet to harmonize.”

“We are also concerned that the new way of performing diagnostics via the cloud may or may not be backwards compatible with earlier model years, so we are trying find out from manufacturers where they stand on that issue. To date, not all OEMs have replied. Some of those that did said they will include access to several earlier model years via the cloud, but by no means is that the rule for all manufacturers.”

During the National Accounts Panel discussion, several of the participants suggested vocational education and aftermarket training needed to be addressed to provide the industry with industry-ready personnel across a variety of roles. (Image — NASTF)

National Account Reps Focus on Propelling Education and Training Forward
Following the aftermarket association perspective, Kevin FitzPatrick, Farsight CEO, hosted the National Accounts Panel, during which other aftermarket representatives provided a number of comments and insights regarding R2R, training, resources and foci needed to keep pace with the service and repair new emerging technologies. The participants included:

  • Bob Augustine, Technical Training Manager, Christian Brothers Automotive.
  • Chris Chesney, Senior Director Customer Training, CARQUEST.
  • George Hoffman, Manager, Automotive Assets, Sears Automotive.
  • Rob Morrell, Director, Training, WORLDPAC.
  • Bill Nuckols, Service Operations, CarMax Auto Superstores.

“Exploding technology is creating service gaps that training at all levels — be it for aspiring technicians learning at vocational schools or aftermarket training for working technicians — isn’t keeping pace with,” explained Morrell. “Simply put, the complexity, diversity, service procedures and other information flooding the industry aren’t being adequately conveyed. Training isn’t just for technicians, either. They are so many industry roles, each of which needs a pathway of initial and continued education. This is an initiative the National Automotive Service Task Force (NASTF) is currently pursuing.”

“Education and training begins with OEMs, but aftermarket trainers also have a responsibility to step up.” he added. “Many OEMs help by keeping training current in school programs and aftermarket events. They’re the same ones whose cars are being fixed in the aftermarket. But the OEMs that don’t are not helping technicians, shops or, for that matter, maximizing the consumers’ brand experience.”

“R2R originally was about hardware,” shared Augustine. “Now it’s more about software, data and access. In these days automobiles having 80+ modules, there’s so much functionality out there, you need factory or fully functional scan tools to diagnose and perform complete repairs. Just imagine if the MoU hadn’t been reached.”

“There’s a training disconnect in the aftermarket,” he continued. “Too often at industry events, the brief description of a seminar doesn’t match what’s delivered or what the attendee was expecting. I also know that as an aftermarket trainer myself, that even with an accurate description, what I intended to deliver sometimes isn’t what the learners were looking for. That’s problematic.”

“We have a training maze we have to solve. We’re long past the days where getting two or three ‘ah-has’ in a training session justifies the expense and the time, let alone the needs, in attending. We must stay current in what we deliver and deliver more value. The trend from short seminars toward longer sessions that are brand- or system-specific training sessions is an indicator that service/repair facilities are beginning to focus their training investment on the major brands or systems they service, while outsourcing expertise for the rest.”

“Right-to-repair, in and of itself, doesn’t empower a technician to fix a car,” Chesney suggested. “Technology, information and required skills are propagating so quickly technicians simply can’t keep up they way we’ve been doing things. Even mobile diagnostic specialists are struggling to be fully capable for all cases. It’s led to the emergence of remote cloud-connected diagnostic firms, with brand-specific experts who are available to help shop technicians when they are dealing with a make and model outside their normal wheelhouse.”

“We need to stop dog-piling on technicians; it just isn’t working. We have to better assimilate incoming new technology and know-how, which can be overwhelmingly in volume and complex to absorb. We need to shift from what we’ve being doing to focusing on how do we get and keep technicians ready and capable to work on any vehicle anywhere, now and into the future.”

“Rather than chasing new technology, we must leverage it in education and aftermarket training,” he added. “One way to do that is for both vocational education and aftermarket training to begin moving toward being system-specific, rather than vehicle-specific. If we teach a technician how a system works in training, then they have the basis to apply the knowledge to specific vehicle applications, with the help of other now readily available resources. This is a strategy we are currently implementing at CARQUEST.”

The heavy duty vehicle industry has a separate MOU than the light duty vehicle industry. Of note, the heavy duty MOU applies to both vehicle manufacturers and component manufacturers, as shown in the image above. (Image — Auto Care Association)

Heavy Duty Right-to-Repair Compliance is Slow, but Coming
In 2015, on behalf of the heavy duty (HD) industry, the Engine Manufacturers Association signed a MOU separate from the light duty industry’s. Unlike the light duty agreement, the heavy duty MOU included both manufacturers of HD vehicles over 14,000 GVW, as well those who made HD components for them. The HD MOU requirements included:

  • Access to diagnostic and repair information for 2010 and newer commercial vehicles.
  • Related information, such as the locations of sensors and computer modules must be available to owners and independent repair facilities on a monthly and yearly subscription basis.
  • Tools available that incorporate same diagnostic, repair and wireless capabilities that manufacturer makes available to dealer must also be available to the aftermarket.
  • Data stream information to be provided to aftermarket scan tool companies, subject to appropriate licensing, contractual or confidentiality agreements.
  • As-built parts information, such that correct replacement parts can be used for repair.
  • There were also some exclusions noted, such as information not related to diagnostics or repair, trade secrets, and certain immobilizer systems and reprogramming only available from manufacturers through a separate secure system

At ToolTech 2017, Kenneth DeGrant, Heavy Duty Products Manager at Drew Technologies, provided attendees with and update on the HD vehicle and component manufacturers efforts to meet compliance stipulations. “Currently, NASTF maintains the formalized HD weblinks. Those seeking this information can click on HD Diagnostic and Reprogramming Information or HD Service Information respectively to source that data.”

“Prior to ToolTech 2017, I contacted all 13 of the major OEMs and component suppliers (engines, transmissions, and ABS) and asked them to respond to a survey. The survey questions fell into two categories:

  • Licensing for Diagnostics/Reprogramming — What is the status of RP1210 or J2534 compliance for diagnostics software and protocols? When and how will it be made available to the aftermarket? What is the licensing period for diagnostic/reprogramming information?
  • Licensing for their Service Information System — What is the status of their service information system? When and how will it be made available to the aftermarket? What is the licensing period for service information?”

“So far, seven HD OEMs have responded. These include Caterpillar and Cummins, both engine manufacturers; Allison and Eaton, both transmission manufacturers; as well as Bendix, Haldex, and Meritor-WABCO, manufacturers of brake systems.” For the balance of his HD Right-to-Repair Update, DeGrant reviewed the responses, highlighting the anomalies for attendees.

“To date, while not everyone has responded yet, of those who did, most are making great headway,” DeGrant noted. “Following ToolTech, I will continue to reach out to those who have yet to respond, as well as try to work with the HD OEMs to address any compliance shortfalls. which I will keep ETI apprised of.”

To prepare for the OEM Panel at ToolTech 2017, automakers were asked to fill out a standardized table showing their compliance status for each of the R2R requirements stipulated in Section 2 of the Light Duty Vehicle MOU. A weblink to view each automaker’s compliance status is provided below. (Image — ETI)


Light Duty OEM Vehicles Complying with the MOU
Brian Herron, the new ETI President and Vice-President of Drew Technologies moderated the Light Duty OEM panel, which was comprised of representatives from seven automakers. The participants included:

  • Kurt Immekus, Service Compliance Specialist, Volkswagen Group of America.
  • Craig Jeffries, Service Operations Manager, Subaru of America.
  • Bob Stewart, Customer Care and Aftersales, General Motors.
  • David Stovall, Manager, Service Technology Diagnostics & Telematics, Toyota.
  • Tu Tran, Regulatory Affairs Specialist, Porsche Cars North America.
  • Danny Uhls, Manager, Technical Information and Serviceability Aftersales, Nissan North America Inc.
  • Terence Vance, Asst. Manager, Electronic Service Systems, American Honda Motor Co. Inc.

Herron began by recapping the MY2018 compliance requirements of the National Memorandum of Understanding (MoU). “As of MY2018, all vehicles and resources — with the exception of ‘recall’ tools — must be compliant with the MOU. For service and repair professionals this means OEM diagnostic systems must be made available to anyone for a reasonable price, at the same ‘content level’ dealerships have, using a “Pass-Thru” interface such as J2534, RP1210, or ISO22900. In simple terms, if you can program at dealer, you must also be able to do likewise at any aftermarket shop.”

The MY2018 compliance requirements are listed in Section 2 of the MOU, which Herron made available in a summary of the OEM Panel here. During the panel, each automaker representative displayed their table showing MY2018 compliance with the MOU, then provided descriptions and details of supporting resources available, after which questions from attendees were taken. The answers even included a few unexpected surprises that demonstrated how voluntary collaboration can often yield more than the bare minimum that litigation could:

  • When the OEMs were asked what inbound challenges they see coming, several mentioned that the CAN network protocol is going to be replaced by a faster network protocols, such as CAN FD Ethernet and others.
  • Honda’s Vance addressed a question about the completeness of instructions for using tools. “Tools are made to be used, but are technicians actually reading the tool manual or ‘winging it’? We know that missing a clearly written step is common on the dealer side, so why not the aftermarket side?”
  • Toyota’s Stovall addressed a question about ADAS tools by agreeing that to calibrate ADAS components, technicians need the right factory tool available. “And yes,” he added, “There’s always been a disconnect between technicians and engineers: One can’t build vehicle, the other can’t fix them. So it sometimes takes time to get the resources to fix new technologies to market. But everything available to our dealers is also available to the aftermarket. So if the aftermarket is struggling, so are our dealers.”
  • Nissan’s Uhls announced that its J2534 reprogramming tool was now operating on Version 05.05, the first automaker to switch fully to the newest and much improved standard, introduced to the industry by ETI approximately 18 months ago.
  • Finally, VW/Audi’s Immekus, Honda’s Vance, and Toyota’s Stovall each announced that VIN-specific ‘As Built’ information for their vehicles is now available on their websites, unexpectedly addressing one of the aftermarket concerns raised earlier by Lowe.

Is it coincidence that a respectful and cooperative dialogue between automakers and the aftermarket can achieve this? Does it augur well for inbound technologies, such as ADAS, vehicle communication interfaces, cybersecurity and others? Think about that for a moment.

Now let me ask you:  Hasn’t history shown us repeatedly that this is the ETI way?

ADAS: Truths and Consequences

ETI panel shares Advanced Driver Assistance Systems insights, issues and trends
Contributed by Bob Chabot

The continued evolution of electronic integration into what was once purely mechanical components and/or systems is relevant to equipment and tool manufacturers, service/repair facilities, owners and technicians. In particular, Advanced Driver Assistance Systems (ADAS) are important gateways to improved safety, connected driving and autonomous vehicle development that is propelling the industry forward.

Awareness of how inspection, communication, service, diagnostics and repair procedures are executed is critical, and it’s getting more so with each new model year. In addition, proper ADAS tooling and OEM service information is crucial to performing complete ADAS-related service and repair. ToolTech 2017 featured an ADAS Panel, which keyed on these issues, moderated by ETI Member Robert Vogt, CEO of IOSiX. The esteemed group of panelists included:

  • Ted Ginnity, North East Sales Manager, Hella Gutmann Solutions
  • Kaleb Silver, Senior Product Manager, Product Management, Hunter Engineering Company
  • Craig Smith, Research Director of Transportation Security, Rapid7. Smith is also the founder of Open Garages, a distributed collective of performance tuners, mechanics, security researchers and artists.
  • Joshua Stone, Manager, Special Tools, American Honda Motor Company

The spiraling proliferation of ADAS functionality is increasing software on vehicles at an exponential rate, which is sparking significant changes in how data has been managed, processed, communicated and secured. (Image — Hella Gutmann)

ADAS Presents Technical, Operational and Business Challenges
The session began with each of the panelists making a brief presentation describing how ADAS was impacting their company and its customers. To help guide and focus discussion, Vogt asked a series of questions designed to garner comment and insight from the speakers. The session ended with a brief Q&A period for attendees. Here’ a brief synopsis of the topics covered.

Stone, Silver and Ginnity all agreed that nearly all 2017 and newer models will feature ADAS technologies. “Overall, nearly 95 percent of new vehicles today in the U.S. feature ADAS technologies,” Silver noted. “How much ADAS is onboard does vary though,” Ginnity noted. “The presence of ADAS content in European vehicles is about double that of U.S. made automobiles, but that gap is closing quickly.” One of the forces driving this is a change in safety rating criteria. For instance, the Insurance Institute for Highway Safety (IIHS) now requires certain ADAS features to be onboard for a vehicle to receive its highest safety rating.”

“While having the latest software patches is important for computers and cell phones, it is absolutely critical when it comes to safety within a vehicle,” Smith advised.  The typical high-end car has roughly 200 million lines of code, he noted. Industry-wide, software has an average of 15 to 50 errors per 1,000 lines, which means your average car has between 3 million and 10 million bugs buried somewhere within its code. “Hence, patching software to (1) debug and (2) keep it fully functional is a major ongoing challenge ADAS developers face.”

“The total time that a car is supported by the manufacturer from design through end-of-life is a related challenge,” he added. “The average car takes five years to go from initial development to production, after which they have an average lifespan of 11.5 years, which results in an average total of 16.5 years. That’s a very long time for software to go, with or without being patched, let alone changes in technology over that timeframe. In addition, history has shown us that many rental car companies and consumers won’t do patches, even when advised. But that doesn’t relieve OEMs and service professionals of their responsibility to advise vehicle owners.”

How software patches and updates are delivered is shifting in response to the proliferation of software in ADAS and other systems. As vehicle increasingly become part of the Internet of Things (IoT), connecting and interfacing with an ever-expanding spectrum of vehicle manufacturer, commercial and other services will follow. Consequently, the software in modern vehicles will continue to grow to millions of lines of ever-evolving code. Keeping this highly complex system of software, mechatronics and electronics up-to-date, let alone installing new software functions post sale, in a word, has become problematic.

Continental, in conjunction with satellite broadcast provider Inmarsat are now able to offer automakers the ability to provide over-the-air updates around the globe for the entire vehicle electronics suite with the simple push of a button. (Image — Inmarsat)

The traditional norm of having vehicle software updated done during a trip to the auto repair shop is being disrupted, with the effects about to impact service facilities, equipment and tool manufacturer, information providers and consumers. Many Tier 1 suppliers — such as Bosch, Continental, Delphi and ZF — are now developing technologies that enable over-the-air (OTA) software updates of electronic control units across the entire vehicle from powertrain to infotainment systems, without the necessity of a shop visit.

“Until recently the number of electronic control units in the vehicle connected directly or indirectly to the cloud has been extremely limited and the demand for OTA updates was low,” explained Helmut Matschi, head of Continental’s Interior Division. “But as vehicles have become more connected, uploading new functions, greater system complexity as well as the high need for security and safety has created a strong need for over-the-air updates. We can now offer automakers the most efficient and secure means to deliver common content OTA to millions of vehicles — from vehicle software and cybersecurity updates to precise positioning data — enabling vehicle owners to bypass the complexity of dealing with multiple mobile network operators and inconvenient service facility visits.”

While not all automakers have adopted the practice of diagnostic pre- and post-scans, the industry trend is headed that way. Several have position statements on the subject, such as Honda (above), General Motors, Toyota, Fiat Chrysler and others. (Image — American Honda)

Diagnostic Pre- and Post-Scans Address Risk and Liability Concerns
Jason Bartanen, the Director of Industry Technical Relations, noted that automakers are trending toward including diagnostic pre- and post-scans of vehicles as bookends to a collision repair. “While not all automakers have adopted the practice of diagnostic pre- and post-scans, the industry trend is headed that way. Many OEMs now either recommend or require the scans in their service information and/or written position statements. Several industry associations, including ETI, also have position statements supporting pre- and post-scans. For instance, click here to view the ETI statement.

“Technicians who follow proper pre- and post-repair diagnostic scanning procedures have the edge when it comes to customer satisfaction, because dashboard lights can’t tell you everything that’s going on with a vehicle’s electronics,” John Eck, Collision Manager for GM Customer Care and Aftersales. “With pre- and post-scans, technicians will start with the right diagnosis and right parts out of the gate, they’ll reduce repair cycle times and they should see fewer follow-up visits. More importantly, the scans will help ensure that the vehicle and its safety systems are returned to their pre-crash conditions.”

“In addition to Honda having a position statement on diagnostic pre- and post-scanning, service professionals need to be aware there are very OEM-specific tools and procedures to service ADAS technologies,” acknowledged Stone. “It causes us — and likely every automaker — great concern when ADAS repairs aren’t properly effected. At Honda, for example, we’ve noticed that some technicians — at both dealerships and aftermarket collision shops — take shortcuts.” To demonstrate this, he played a Honda “what not to do” video that showed many examples of how easily shortcuts can compromise ADAS service. “When all the necessary steps in critical safety systems are not properly made, it put lives are at stake. We as an industry must make sure service/repair technician not only knows what to do, but actually follows the proper procedures and steps to effect a complete repair.”

Fair enough, when the service information and other resources are readily available. But that isn’t always the case, for all makes and models, pointed out Aaron Lowe, Senior Vice President of Regulatory and Government Affairs, Auto Care Association. “VIN-specific ‘as built’ data and adequate service and programming information for advanced driver-assistance systems for some vehicles already being sold in the marketplace is not always available to service professionals. Yet both are critical to providing a complete, efficient and liability-free ADAS service/repair. Make no mistake: When the procedures are in service information, and a shop/technician takes on the responsibility for service/repair, they also take on the liability if substandard service is performed.”

“In the eyes of the courts, automakers and service professionals may take on liability to provide proper and complete repairs even without adequate information and procedures being available,’ Silver cautioned. “There have already been a number of incidents in litigation and reported in the press,” He cited a recent case involving Toyota lane change detection, an ADAS technology located in vehicle side mirrors. During the collision repair, the driver side mirror was not calibrated properly (sensor alignment was off of true by five degrees). The vehicle left the shop this way, and was involved in a subsequent accident, not because the lane departure system didn’t function, but rather because it wasn’t calibrated to do so accurately. As ETI President Brian Herron pointed out, “Pre and post-scanning is just the tip of iceberg.  You just can’t put the parts in and let the car roll away without knowing ADAS and other systems are working properly.”

For purposes of fully informing all vehicle owners in all cases (not just collision repairs), let alone the liability risks involved, this author wonders if the industry has gone far enough. Would it not be a prudent practice for all automakers to require diagnostic pre- and post-scans for all service/repair visits — whether collision or mechanical in nature? In particular, for any facility servicing ADAS-equipped vehicles, as the last shop visited, not checking and advising consumers could potentially be problematic for the shop, automaker, insurers and others in the line of fire.

The tool and calibration equipment investment required to fully service/repair ADAS, especially for European models such as the Audi Q7 above, can be expensive. In addition, calibrating ADAS systems often requires more clear shop floor space — wider and longer — than usual for a service bay to calibrate, align and program camera, radar and other ADAS sensors (Image — Hunter Engineering Co.)

Calibration is the Elephant in the Room
“ADAS is a game changer,” Silver explained. “It takes additional time, tools and equipment, as well as shop floor space to effect ADAS service and repairs. For example, it takes a significant investment by a shop to buy all the tools and calibration necessary to provide ADAS services, especially in the case of European brands. In addition, that investment can be significant for each brand, as tools and equipment are brand- and sometimes model-specific.”

“Hunter customers are seeing ADAS impact wheel alignment and other services they provide,” he continued. “For example, once a wheel alignment has been completed, many automakers now require checks and calibrations for lane departure, adaptive cruise control and other ADAS technologies. These include steering angle sensor resets, verifying that camera, radar and Lidar equipment is properly positioned and aligned (with respect to the vehicle’s direction of travel), and even replacing windshields equipped with sensors.” He then shared Audi, Fiat Chrysler, Ford, and Nissan videos to demonstrate this.

“Anytime we launch a new vehicle model, we ship the necessary tools and calibration equipment to our dealers,” Stone added. “They don’t get a choice, and they are charged for it. Aftermarket shops are able to purchase it at the same cost as dealers.”

“In my experience, that’s a fairly standard practice across automakers,” continued Ginnity, who leads Hella’s Diagnostic Project, which is trying to facilitate the service/repair of ADAS technologies by aftermarket shops that work on multiple makes and models. “But there’s no question in my mind that the industry needs to take a systems approach. For example, standardization of the tools, equipment, procedures and other requirements to service and repair ADAS would greatly ease the burden faced by service and repair facilities. It’s clear that while we all recognize this, but getting there is still a long way off.”

Calibrating sensitive ADAS technologies in vehicles requires expensive and often bulky equipment. Automakers typically specify the equipment required for its makes and models, making the investment by a multi-brand aftermarket shop expensive. But similar to the evolution of scan tools, some aftermarket companies have developed more generic and affordable calibration equipment, such as Hella Gutmann’s CSC tool pictured. (Image — Hella Gutmann)

“The advent of ADAS, telematics and other software-intensive technologies has, and will continue to change the industry,” Smith shared. “In the past, our focus was more on making repairs that were more mechanical than digital in nature. Connected and integrated systems like ADAS have forced a paradigm shift. ADAS systems provide customers with information, largely software-derived, to help them make better decisions. We must align our services and performance to meet customer expectations.”

“Our role in ADAS service and repair technologies is to bring vehicles back to their original design intent,” he continued. “With ADAS, we aren’t making traditional modifications. Right now, for the millions or cars on road or coming down the pipeline, our checks and calibration procedures are more rudimentary and physical in nature. In time, however, we can expect to have tools, equipment and other resources with built-in intelligent learning and to help perform these service more thoroughly, automatically and efficiently.”

Summing Up
Following the ADAS session at ToolTech 2017, I asked Moderator Vogt to summarize the takeaways he saw for ETI members. “In general, I think it’s very interesting to see how fragmented the calibrations space is for these very similar systems.”

“This will create both waste and opportunities for ETI, its members and the aftermarket in general. All of the purchasing of thousands of expensive specialty calibration targets, tools and other resources for each make-model-year makes for an unnecessary waste. Ways that improve the fragmented calibration space or monetize the rental or sharing of the calibration targets are two examples of opportunities.”

“It’s also important for OEMs to understand the impact of inconsistent testing procedures as well as the measures users may take to get around them, which could easily compromise safety. And as ‘smart’ vehicle and transportation systems evolve, security will be a huge part of ADAS going forward.”