Various trucking and freight transport groups urged U.S. regulators to prioritize cybersecurity as manufacturers and suppliers continue rolling out more automated and autonomous driving systems
The Federal Motor Carrier Safety Administration recently closed a public comment period focusing on regulations to facilitate the safe introduction of automated driving systems in commercial vehicles, reports Fleet Owner.
The National Motor Freight Traffic Association (NMFTA) called on these new vehicle systems to “undergo annual cyber security evaluations before being placed on public roads.” Tests should include design reviews, penetration tests, and other assessments, NMFTA wrote.
Likewise, the American Truck Dealers (ATD) said it supports requiring automated systems be “continuously and periodically inspected for proper software and hardware component operation and to verify that they utilize the most current software updates.”
MITRE Corp., which works with the government to tackle a variety of threats, said the system complexity with ADS technology has “greatly increased” in ways not previously seen.
“This increased complexity in ADS is a benefit to would-be attackers, given the potential of sending misleading data to (i.e. spoofing) sensors, anticipating and exploiting predictable automated responses of ADS software algorithms, and from discovering and maliciously exploiting new system flaws in the implementation, configuration, and algorithms of the software,” MITRE wrote.
The Commercial Vehicle Training Association (CVTA) expressed concern that ADS is subject to system crashes and performance glitches that can affect the vehicle while it is in motion.
“The only effective safeguard against these flaws is requiring the presence of human supervision by an operator in the cab and ensuring commercial motor vehicle equipment is designed to allow that operator to override all electronic systems and assume control of the vehicle in the event of malfunction or hacking event,” CVTA said.
American Trucking Associations (ATA) said fleets and service providers should train employees for “assuring cybersecurity in company systems and equipment, and what they should do in the event of a known or suspected cybersecurity breach.
It also said self-diagnostic systems should be sufficient to identify deficiencies or the presence of viruses.