On September 12, 2016, the House Energy and Commerce Committee sent a letter to the National Highway Traffic Safety Administration (“NHTSA”), the federal agency responsible for motor vehicle safety in the United States, asking the agency to convene an industry-wide effort to discuss and address cyber safety and security risks particularly associated with access to vehicle On Board Diagnostic (“OBD”) systems.
At issue is whether the vehicle OBD-II ports provide access to the underlying vehicle architecture – a controversy sparked by researchers Charlie Miller and Chris Valasek. OBD-II ports, while initially mandated by the Environmental Protection Agency in 1994 as a means through which vehicle emissions can be tested, also increasingly are used by the aftermarket device industry and others. According to the Committee letter, numerous stakeholders have expressed concern about whether the OBD-II ports can additionally be used to gain access to vehicle systems and controls.
The Committee is requesting that NHTSA “convene an industry-wide effort to develop a plan of action for addressing the risk posed by the existence of the OBD-II port in the modern vehicle ecosystem.” This request is set within the backdrop of NHTSA already considering how cyber risks should be handled within the current motor vehicle regulatory framework. NHTSA has in recent years, and in response to Congressional mandates, modified its research efforts to focus more attention on vehicle electronics, including relevant cyber security considerations. NHTSA has issued various reports specifically aimed at cyber security. The Committee, however, has expressed its concern that cyber safety and security risks require “immediate and more comprehensive attention from NHTSA and the automotive industry.”
The letter can be found here. The NHTSA Report can be found here.