A Government’s Struggle: How Hands-Off To Regulate Handsfree Vehicles

Monday, November 8, 2021

#Cybersecurity    #Functional Safety    #Automotive


Per Charles Dickens’ 1859 classic A Tale of Two Cities, our best-of-time-worst-of-times society seems to fit the second, less-famous ironic statement: “… it was the age of wisdom, it was the age of foolishness ….” And maybe in no better arena is that dichotomy obvious than with the technological wizards creating the next generation of transportation and <insert adjective here> politicians attempting to protect both the people and special interests.

During an interview on Wednesday, Joann Muller of Axios asked Representative (R) Cathy McMorris Rodgers of Washington’s 5th Congressional District, “[Autonomous] technology is almost ready, and my question is: Are the regulators ready? Is government ready?” And, in a great moment of political honesty, Rep. McMorris Rodgers flatly said, “Not yet, and I believe it’s a missed opportunity right now.”

Where should autonomous vehicles be allowed? Should drivers be required to be in the front seat and ‘checking-in’ occasionally to avoid napping? Who is liable in the event of a crash with a driverless car? How will cybersecurity be regulated to protect the greater good? Some of these questions have been answered around the globe and most governments recognize the need to regulate safety and security, but many seem caught in analysis paralysis on how handsfree to go with handsfree and cybersecurity.

“Many of these things aren’t new problems,” states Adam Boulton, Chief Technology Officer, BlackBerry Technology Solutions, the famous connectivity company that now also provides the operating software for many automotive vehicles, “but of course with all of the media around recent attacks like SolarWindsSWI, there is the ongoing question of “What is in the software package you are giving me?”

And so maybe in the midst of the foolishness and governmental-tower-of-babel, maybe the technological wizards can suggest two commonalities to make life easier for the governments: standardized cyber transparency and baseline safety assessments.


Standardized Cyber Transparency

On May 12th, President Biden issued an Executive Order on improving the nation’s cybersecurity where he stated “The Federal Government must improve its efforts to identify, deter, protect against, detect and respond to [malicious] actions and actors.” Most of the Order called for greater sharing and included the supply base of critical systems. “The development of commercial software often lacks transparency, sufficient focus on the ability of the software to resist attack, and adequate controls to prevent tampering by malicious actors.” With this transparency, though, creates the fear for some regulators of exposing a blueprint to hackers, which is part of the reason why NHTSA has traditionally just published Best Practices instead of a regulatory requirement.

Boulton generally feels concerns about transparency are unfounded. “Certainly, depending upon the exposure of a Software Bill of Material, it might be a blueprint for a hacker, but most of that could be reverse-engineered anyway. If you’ve taken the process seriously and you’re addressing cybersecurity from Day 1, you would have recognized threats and vulnerabilities early and addressed them before shipment. The blueprint would only be useful to the hacker if there was something that wasn’t addressed by the design team. The history of automotive, medical and aerospace products was that there wasn’t transparency about the Software Bill of Materials or ‘ingredients’ included in the black box. That’s not good enough anymore because of the connectivity.”

That transparency, though, must be regulated in a common manner since the enormous price tags of these daunting activities (e.g., demonstrating cybersecurity capability, instituting engineering rigors, managing the legacy contracts of the supply chain, updating decades-old software) were never considered when the market prices were established. Therein, if manufacturers have a chance of both meeting regulations, protecting the public (and brand) and making profits, there needs to be a common solution akin to the United Nations Economic Commission for Europe’s recent standard. “That standard forces companies to follow certain practices to assure the Software Bill of Material is clearly understood,” says Bouton.


Unlocking the code of regulating the code is possibly the secret to making these transformative technologies available to the masses.

Baseline Safety Assessments

When discussing the hiccups in getting autonomous legislation passed, Representative McMorris Rodgers pointed out in the same Axios interview, “I think you highlighted an important bill that passed the House [of Representatives] in 2017 creating that national framework … but unfortunately it was really the Trial Bar that got involved and, from my perspective, kept changing the goal posts as far as the opportunity to sue and what they’re demanding be part of this legislation.” And, in fact, there have been a few times where Congress has heard from advocates and/or special interest groups for imposing stricter safeguards on autonomous vehicles due to high profile crashes and concerns about due diligence. Daniel Hinkle, the Senior State Affairs Counsel for the American Association for Justice in 2020, argued that manufacturers must be held accountable since there’s an implied “… promise from the manufacturer of the automated driving system that their system can perform the entire dynamic driving task without in-vehicle supervision.”

And so, legislators are grappling with whether that’s truly the promise. Traditionally, product liability law and precedents have established the burden of providing functionally safe designs that include “state-of-the-art” technology that is economically practical. Should, in fact, that state of the art be a computer that will make better decisions given that even NHTSA’s website cites 94% of serious crashes are due to human error? Is the true manufacturer’s promise akin to Boulton’s chinning bar: being so confident in the software’s design as to share the design’s architecture, organization’s rigor and safety’s validation? Would having to demonstrate that repeatedly in court create undo financial burdens on the automotive industry and, in essence, drive autonomy to China? “Because of the [industry] maturity, because of the regulatory requirements, because of the investments that the Tier 1 [suppliers] need to make, I think we will see a change in the landscape of businesses that can weather the storm,” states Boulton.

And with that financial storm in mind, a solution that has been discussed: governments could certify manufacturers around an international standard (e.g., ISO 26262) via an assessment to demonstrate once that rigor has been utilized for a given vehicle line. NHTSA even states that “As automated technologies advance, so will the department’s guidance [and is intended] to evolve as the technology does.” Will that include certification akin to UNECE’s regulations? “I think NHTSA needs to be doing more in this [regulatory] space,” states McMorris Rodgers, “and every day that goes by is a missed opportunity. There needs to be more rules around how we continue to take these steps [towards autonomous] and keep our roads safe.”

Author’s Note

In another of Dickens’s tales, Doctor Marigold (1865), the novella’s namesake realizes that altruistic efforts without selfish influences leads to a happy ending for everyone. The most famous quote from the book is, “No one is useless in this world who lightens the burdens of another.”

I hope there are a lot of politicians around the world that are fans of Dickens.

This article was originally published by Steve Tengler (steve.tengler@kuglermaag.com) on Forbes.com on October 12, 2021


Do you need to improve your automotive product development, to increase efficiency, or to comply with ASPICE and Functional Safety? You are at the right place.